[tor-dev] Proposal 189: AUTHORIZE and AUTHORIZED cells

Watson Ladd watsonbladd at gmail.com
Fri Nov 4 21:37:01 UTC 2011 

On Fri, Nov 4, 2011 at 4:10 PM, Robert Ransom <rransom.8774 at gmail.com> wrote:
> On 2011-11-04, George Kadianakis <desnacked at gmail.com> wrote:
>>
>> Filename: 189-authorize-cell.txt
>> Title: AUTHORIZE and AUTHORIZED cells
>> Author: George Kadianakis
>> Created: 04 Nov 2011
>> Status: Open
>>
>> 1. Overview
>>
>>    Proposal 187 introduced the concept of the AUTHORIZE cell, a cell
>>    whose purpose is to make Tor bridges resistant to scanning attacks.
>>
>>    This is achieved by having the bridge and the client share a secret
>>    out-of-band and then use AUTHORIZE cells to validate that the
>>    client indeed knows that secret before proceeding with the Tor
>>    protocol.
>>
>>    This proposal specifies the format of the AUTHORIZE cell and also
>>    introduces the AUTHORIZED cell, a way for bridges to announce to
>>    clients that the authorization process is complete and successful.
>>
>> 2. Motivation
>>
>>    AUTHORIZE cells should be able to perform a variety of
>>    authorization protocols based on a variety of shared secrets. This
>>    forces the AUTHORIZE cell to have a dynamic format based on the
>>    authorization method used.
>>
>>    AUTHORIZED cells are used by bridges to signal the end of a
>>    successful bridge client authorization and the beginning of the
>>    actual link handshake. AUTHORIZED cells have no other use and for
>>    this reason their format is very simple.
>>
>>    Both AUTHORIZE and AUTHORIZED cells are to be used under censorship
>>    conditions and they should look innocuous to any adversary capable
>>    of monitoring network traffic.
>
> I wrote the following in my reply to proposal 190, but it probably
> belongs here instead:
>
> | An adversary who MITMs the TLS connection and receives a Tor AUTHORIZE
> | cell will know that the client is trying to connect to a Tor bridge.
> |
> | Should the client send a string of the form "GET
> | /?q=correct+horse+battery+staple\r\n\r\n" instead of an AUTHORIZE
> | cell, where "correct+horse+battery+staple" is a semi-plausible search
> | phrase derived from the HMAC in some way?

Seems to me at that point we are hosed anyway. If you see
correct+horse+battery+staple
and the response is garbled data, not an HTTP response, its probably
something unusual.
Bridge descriptors should include enough information for Tor to ensure
that the TLS connection is
safe. If we are protecting against passive scanning then we just need
to make it look like a webserver. One good way of doing that: ask
people who have webservers to run bridges, and have Tor simply pass
any confused HTTP requests to the actual webserver. (These shouldn't
be popular sites)
Sincerely,
Watson Ladd
-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

More information about the tor-dev mailing list