-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
What's to stop a sybil attack where the malicious relays try to occupy likely site(s) for the next Quorum?
Is the consensus unpredictable enough to thwart this attack? Even during quiet times? (Does Tor have quiet times?)
As you can see from the ACM paper, I estimated 16Kb - 28Kb from routers leaving/joining the consensus, and my Markov Model analysis shows ~9000 bits from routers changing in some degree or another. Certainly the size and dynamics of the Tor network are enough to put the entropy above 256 bits, so I'm confident that any sort of malicious maneuvers (such as changing router descriptors so that the SHA-384 hash results in an attacker-pleasing Quorum) is hard because of the cryptographic defenses of SHA-384 and because the consensus has a large degree of entropy. I believe (but cannot prove) that those numbers are a lower-bound, though formally it's just an estimation.
Sybil attacks are possible but expensive. They would have to gain the Fast and Stable flags and be subtle enough to not be detected by the Tor community (the Lizard Squad learned that the hard way). Sybil attacks would also likely compromise Tor and hidden services, which is outside my security assumptions.
Can we ensure the Quorum servers have to be long-lived and high-capacity (for example, guards) to make it harder to spin up servers and immediately be added to the Quorum? I'm not convinced the Stable flag is hard enough to get. Of course, there's a trade-off where making the set of Quorum Candidates too small makes the Quorum easier to predict, too.
One possible counter-measure is the Sybil attack detector that was posted here the other day. It might be a good idea, I'll think more about that.
By the way, in your ACM paper 5.4.2 you switch from Charlie to Alice, but I think they're meant to be the same Quorum Candidate.
Thanks, I'll take another look. Alice is always a Tor client.
The HS is down, and has been for some days.
Yes. I'm currently hosting it myself and I'm currently but temporarily in a remote location where the Internet is spotty at best. By the time I deploy OnioNS into beta or into production I'll have a stable host for the HS. I'll have it up soon. In the meantime, you can always clone and browse the Github repo that powers it, OnioNS-www.
I have two questions about the Stem-based approach:
- Applications which use Tor via SOCKS won't be able to use .tor domains without using Stem. This adds another dependency to apps which want to use .tor addresses, and confuses users by making .tor addresses work with some torified apps, and not others. Is your final goal to have .tor lookups contained within the Tor client? I'm sure someone could help with the C coding if that's the issue, particularly given a working implementation in Python/Stem.
If a user wants to use a .tor address with something other than the Tor Browser, they will have to have both the Stem and the OnioNS client software running in the background. It should be application-independent. Eventually I would like the Stem code in the Tor client, and theoretically it should not be hard to do so. Currently I have a very reliable Stem solution (for which I am very thankful) and I will be utilizing that script for the time being. Based on a quick investigation it should also be easy to auto-launch it with the Tor Browser. I would like to see the OnioNS package in Linux or Tor repositories so that it may work as a general solution, and not something tied to the Tor Browser.
- I always feel nervous when people say "letting app X spin". I assume Tor Browser just looks like it's doing a DNS lookup or similar?
I may have misused the term. It's not a busy-wait. Currently it's an idle synchronous wait on separate thread in the Stem script. The Tor Browser appears as if it's waiting for a DNS lookup to occur, which is essentially correct. Once that goes through, Tor attaches the stream to a .onion address, and the browser transitions to appearing as if it's waiting for a server over a high-latency connection, which is also correct.