[tor-project] Moar Project Ideas!!
Virgil Griffith
i at virgil.gr
Tue Mar 8 17:38:50 UTC 2016
I volunteer for mentoring for anything related to: Tor2web, Roster,
relay operators, ahmia.fi, or OnionLink.
I did some analytics looking at the risk of BGP prefix hijacking. If
we want to look into this I suggest making more of a research project
(probably with Princeton), but if GSOC is willing to fund it we can
certainly look into defenses that mitigate the attack.
-V
On Thu, Mar 3, 2016 at 10:58 AM, Damian Johnson <atagar at torproject.org> wrote:
> Thanks Aaron. I assume you, Donncha, and Yawnbox would all be mentors?
>
> Personally I'm not fully groking the idea though on first read I'm
> unsure why this would take three months (or be enough for a full GSoC
> project). This sounds similar to DocTor checks with some sort of
> Routeviews and BGPStream integration.
>
> Cheers! -Damian
>
>
> On Thu, Mar 3, 2016 at 5:47 AM, Aaron Gibson <aagbsn at extc.org> wrote:
>> On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
>>>
>>> Damian Johnson:
>>>>
>>>>
>>>> Hi all, pulled the trigger on this...
>>>>
>>>>
>>>> https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa5296a221daa8a295280b37b2546e2bf
>>>>
>>>> Folks are coming out of the woodwork to mentor so we still have ten
>>>> projects (yay!), but not much concerning core tor. if you'd care to
>>>> mentor one of these then more than happy to add it back to our page.
>>>
>>>
>>> Great work on getting the GSoC program together, and getting selected!
>>>
>>> I'd be happy to be the second mentor for any Python-based project,
>>> particular if it's related to hidden services or network monitoring.
>>>
>>> Regards,
>>> Donncha
>>
>>
>> A project I discussed last night with Donncha and Yawnbox is
>>
>> Title:
>>
>> IP hijacking detection for the Tor Network.
>>
>> Description:
>>
>> IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when a bad
>> actor creates false routing information to redirect Internet traffic to or
>> through themselves. This activity is straightforward to detect, because the
>> Internet routing tables are public information, but currently there are no
>> public services that monitor the Tor network. The Tor Network is a dynamic
>> set of relays, so monitoring must be Tor-aware in order to keep the set of
>> monitored relays accurate. Additionally, consensus archives and historical
>> Internet routing table snapshots are publicly available, and this analysis
>> can be performed retroactively.
>>
>> The implications of IP hijacking are that Tor traffic can be redirected
>> through a network that an attacker controls, even if the attacker does not
>> normally have this capability - i.e. they are not in the network path. For
>> example, an adversary could hijack the prefix of a Tor Guard relay, in order
>> to learn who its clients are, or hijack a Tor Exit relay to tamper with
>> requests or name resolution.
>>
>> This project comprises building a service that compares network prefixes of
>> relays in the consensus with present and historic routing table snapshots
>> from looking glass services such as Routeviews (http://routeviews.org), or
>> aggregators such as Caida BGPStream (https://bgpstream.caida.org) and then
>> issues email alerts to the contact-info in the relay descriptor and a
>> mailing list. Network operators are responsive to route injections, and
>> these alerts can be used to notify network operators to take immediate
>> action, as well as collect information about the occurrence of these type of
>> attacks.
>>
>> Estimated time to build this service: 3 months
>>
>> --Aaron
>>
>> _______________________________________________
>> tor-project mailing list
>> tor-project at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
> _______________________________________________
> tor-project mailing list
> tor-project at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
More information about the tor-project
mailing list