[tor-bugs] #5563 [Tor Relay]: Better support for ephemeral relay identity keys
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Apr 4 01:03:17 UTC 2012
#5563: Better support for ephemeral relay identity keys
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version:
Keywords: | Parent: #5456
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Tagging-based amplification attacks are primarily an issue of node
integrity. For the most part, they are impossible to perform if you are
external to the tor network, and they are detectable if the adversary's
proportion of compromised nodes on the network is low, due to excessive
circuit failure at non-colluding nodes.
However, this all changes if most nodes have easily accessible identity
keys. All the adversary need do is make a quick stop at each high capacity
tor relay, freeze the ram/reboot the box, and extract the keys. From that
point on, the adversary is free to intercept and tag traffic transparently
upstream. Worse, as the adversary performs this procedure at more and more
nodes, their circuit failure rate will fall. At least according to the
math of some dude who claims to be a raccoon:
https://lists.torproject.org/pipermail/tor-dev/2012-March/003361.html
I believe the best stopgap solution to this (at least until whatever comes
out of #5460 is deployed) is to encourage relay operators to keep their
relay keys on a ramdisk, so they are discarded in the event of reboot.
This would at least require the adversary to retain persistent access to
the machine, which risks discovery via auditing mechanisms.
Unfortunately, there are a few issues with how Tor treats relay identity
keys that makes it extremely inconvenient for relay operators if they ever
change.
This ticket is to serve as the parent ticket for enumerating these
inconveniences.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5563>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list