[metrics-team] M.Sc projects at Edinburgh

David Fifield david at bamsoftware.com
Tue Jan 12 21:37:43 UTC 2016 

On Thu, Jan 07, 2016 at 08:03:35PM +0000, William Waites wrote:
> Hi all, I visited the IRC channel for some of the meeting earlier
> today. I am a researcher at the School of Informatics -- though my
> background is network engineering and my interest in things like Tor
> comes from there, my actual area of research is completely
> unrelated. However it occured to me that we have some 300 or so taught
> M.Sc students who will be looking for projects across various computer
> science subdisciplines. It might be nice to have some of those work on
> things together with the Tor project.

Historical analysis of gaming the HSDir hash ring

Hidden service directories (HSDirs) for a particular hidden service are
chosen based on a deterministic hash of the hidden service identity and
the current day. The HSDirs chosen are those whose fingerprints are
closest to the hash value. The hash value for a particular hidden
service can be predicted in advance; we know that malicious relays can
manipulate their fingerprints in order to get into the privileged HSDir
position for a particular hidden service.

The question is: How often does this happen? It should be possible to
forensically recover this behavior in the past. If a particular hidden
service is being targeted, we would expect to see relays change their
fingerprints in order to match the current hash value. It would be
interesting to see what the HSDirs were for various high-profile hidden
services during every available epoch.
	blockchainbdgpzk.onion - Blockchain.info
	33y6fjyh3phzfjj.onion - The Guardian SecureDrop
	Silk Road (there were so many phishing domains for this one, I
		don't know what the real onion address was)
	3g2upl4pq6kufc4m.onion - DuckDuckGo
	https://en.wikipedia.org/wiki/List_of_Tor_hidden_services
You would also expect to see concentrations in the hash ring during
every epoch, representing potentially interesting unknown services.

You should be able to get all the data required from CollecTor:
https://collector.torproject.org/.

http://donncha.is/2013/05/trawling-tor-hidden-services/
https://blog.torproject.org/blog/hidden-services-need-some-love
http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think

More information about the metrics-team mailing list