[tor-bugs] #5460 [Tor Client]: Write proposal(s) to evaluate circuit crypto authentication

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed May 23 00:42:34 UTC 2012 

#5460: Write proposal(s) to evaluate circuit crypto authentication
------------------------+---------------------------------------------------
 Reporter:  mikeperry   |          Owner:  nickm             
     Type:  defect      |         Status:  assigned          
 Priority:  major       |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:  #5456             
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm):

 Replying to [comment:5 arma]:
 > Replying to [comment:1 rransom]:
 > > BEAR/LION/LIONESS are not ‘self-authenticating crypto’.  They are
 large-block block ciphers which ensure that any change to a block's data
 on one side of an honest relay completely scrambles the block's data on
 the other side.  They would need to be accompanied by an end-to-end MAC.
 >
 > Even if accompanied by an end-to-end mac, isn't that insufficient? If I
 can mangle a cell, and detect mangling, and it still gets to the other
 end, that sounds like a tagging attack to me. It's not as fine-grained a
 tagging attack sure, but if the goal is "cause circuit failure at the 2nd
 hop, not the third" then it's not going to do it, right?

 "It Depends".  The biggest problem with the current tagging attack is that
 a successfully tagged circuit (one where the attacker observes the tag) is
 recoverable by the attacker.  Either a whole-cell encryption approach or a
 per-hop MAC approach would solve *that*.  (As for the "it's still a tag"
 argument... it's not clear that "the whole circuit gets destroyed away
 suddenly" is much worse as a tag than "the whole circuit turns to junk
 suddenly.)


 I wrote a draft draft draft today, and I'm showing it to as some naive-
 about-tor/smart-about-crypto people to try to make sure it's readable.
 I'll give it another editing pass after that, assign it a proposal number,
 and call this ticket closed.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5460#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list