On Wed, Oct 02, 2013 at 08:34:05AM -0400, Jonathan D. Proulx wrote:
On Tue, Oct 01, 2013 at 04:35:15PM -0700, Andy Isaacson wrote: :In summary, it seems likely that IaaS is pwned wholesale. Colo hardware :is somewhat more expensive to attack and possibly succeeds in raising :the bar from "software" to "attacker has to roll a truck to pwn me", :which is my current recommendation for threat modeling.
I'll grant all that, but what does it get an attacker over traffic analysis in and out of that data center which is already easy in software?
If an attacker can capture (using a fiber tap or backbone port) and decrypt (using private keys captured from an IaaS vulnerability) inter-node traffic, then they would be able to deanonymize entire flows. This would be significantly more powerful than just traffic analysis since it gives plaintext in addition to metadata.
However, I *think* (not sure) that merely capturing the Tor node's long term identity key, plus capturing all the ciphertext on the wire, does not allow decryption of sessions, because ephemeral session keys with DH key exchange saves us. The attacker needs to capture the ephemeral keys, which turns the proposed IaaS key-capture compromise into an ongoing activity rather than one-time affair.
-andy