Thus spake Robert Ransom (rransom.8774@gmail.com):
On 2012-03-11, The23rd Raccoon the.raccoon23@gmail.com wrote:
The crypto-tagger achieves amplification by being destructive to a circuit if the tagged cell is not untagged by them at the exit of the network, and also by being destructive when a non-tagged cell is "untagged" on a circuit coming from a non-tagging entry. It transforms all non-colluding entrances and exits into a "half-duplex global" adversary that works for the tagger to ensure that all traffic that he carries goes only through his colluding nodes.
I wonder what the 'bandwidth authorities' would think of exits that close circuits which They don't control: https://gitweb.torproject.org/torflow.git/blob/HEAD:/NetworkScanners/BwAutho...
I've been worried about various types of path biasing/circuit failure attacks for a while, but sadly the the bandwidth authorities are not something that can be relied upon as the only thing to defend against them. The bandwidth authorities are not a security measure. It is possible to deceive them.
The only way for measurements to be resilient to deception is to deploy decentralized measurement such as Eigenspeed, but Eigenspeed's passive measurements are unable to properly measure high bandwidth relays, so someone needs to research decentralized active measurement and/or a hybrid solution of Eigenspeed and the bandwidth authorities, and figure out how to blend in circuit failure into the measurements, too.
I believe Nikita's group was the first to publish about path biasing in Tor through circuit failure (http://research.microsoft.com/~gdane/papers/ccs0255-borisov.pdf), and is also the source of the EigenSpeed work. I prod him every once and a while to try out his Eigenspeed as a defense against his path biasing attack, but haven't heard much about it.
That said, the bandwidth authorities will actually compensate for this attack if the bwauthcircs=1 consensus parameter is set. Right now, the parameter is not set, because it is part of the PID feedback experiment that is currently disabled. Circuit failure statistics are still being recorded for posterity though. There are some high capacity relays exhibiting high rates of circuit failure right now, but that could also be CPU overload.
I can turn the bwauthcircs=1 parameter back on independent of the PID feedback and see what happens, but if we could solve this with crypto, that would be better I think.