In case it helps, here is a paper describing vulenrability of different classes of Tor user behavior to AS, Internet Exchange Point, and Tor relay or relay family adversaries. http://www.nrl.navy.mil/itd/chacs/biblio/users-get-routed-traffic-correlatio...
Note that doing AS-aware routing so as to improve security is a fairly active area of research. Nonetheless, I think the original point about hosting providers having physical access to hardware with keys from many independently-run relays has not been amongst the considerations. It is countered somewhat by even current Tor's default routing algorithm that prevents choosing relays in the same circuit from the same family but also from the same range of IP addresses. But it hasn't been scrutinized specifically as far as I know.
And here is a paper giving a framework to be able and talk about and use expectations of adversaries at the above places, and on undersea cables, via mutual legal assistance treaties, etc. (Note that this is research. It is some years away from anything like this being deployed in Tor. And trying to design trust policies and routing algorithms for your own Tor traffic is not something even an expert should try at this stage of development.) http://www.nrl.navy.mil/itd/chacs/jaggard-20000-league-under-sea-anonymous-c...
HTH, Paul
On Wed, May 25, 2016 at 10:41:22PM +0200, pa011 wrote:
@Green Thank you - couldn’t handle 'attack vector' as a synonym for ""method or type of attack" :-)
Additional to that is it clever for a supporter of TOR to to run more than one Relay (Exit) with a single ISP or even AS https://en.wikipedia.org/wiki/Autonomous_system_(Internet) or does this build a kind of new attack vector?
Am 25.05.2016 um 22:22 schrieb Green Dream:
@Paul: sure. Nils pointed out that a lot of relays using the same hosting provider could be an attack vector, because the provider would be a single point where all the relays' secret keys could be collected. My point is that if you look at the AS (Autonomous System) Number, it's normally the same for all the hosting provider's servers in that country. So if Tor path selection looks at the AS, and avoids building a circuit that uses two nodes from the same AS, this attack vector basically goes away. It's worth noting if you weren't already aware, both Atlas and Globe display the AS Number for every relay.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays