Hi,
I am Nikhil. R, a student from India. You can know more about me from here[1] and here[2]. I have been running a Tor relay for sometime and now I am interested in contributing to the Tor Project. Specifically, I would like to work on IP Hijacking detection for Tor relays. I understand this does not involve directly with the Tor core hence I think this project is ideal in getting my feet wet with the Tor Community and get me started for further contributions to the Tor Project.
BGP hijacking is difficult without inside help from ISP's(I think ?) but state run adversaries don't necessarily have this problem. This has a great risk of exposing all Tor clients or even mess around with the name resolution in exit relays. I have also read about incidents where an attacker using BGP hijacking, hijacked a portion of a Bitcoin mining pool traffic to pay himself instead of the people contributing the processing power. I feel BGP has major security implications in this aspect and a monitoring service is necessary. There are many monitoring services and we can possibly leverage one of them for the routing data.
The main motive of the service would be to find anomalies/ malicious changes in the routing information compared to previous snapshots of the same. How do we actually do this comparison ? Any pointers for that ? The project also mentions that the service should be Tor-aware. What exactly does this mean ? Does it mean that, it should monitor all tor relays ip addresses ? It would be wonderful if you could elaborate on the project in a little more detail.
I am a beginner in this area and please excuse me if any of the above questions are too stupid.
Regards, Nikhil. R