[tor-dev] Analysis of the Relative Severity of Tagging Attacks

Mike Perry mikeperry at torproject.org
Mon Mar 12 17:38:35 UTC 2012

Thus spake Robert Ransom (rransom.8774 at gmail.com):

> On 2012-03-11, The23rd Raccoon <the.raccoon23 at gmail.com> wrote:
> > The crypto-tagger achieves amplification by being destructive to a
> > circuit if the tagged cell is not untagged by them at the exit of the
> > network, and also by being destructive when a non-tagged cell is
> > "untagged" on a circuit coming from a non-tagging entry. It transforms
> > all non-colluding entrances and exits into a "half-duplex global"
> > adversary that works for the tagger to ensure that all traffic that he
> > carries goes only through his colluding nodes.
> I wonder what the 'bandwidth authorities' would think of exits that
> close circuits which They don't control:
> https://gitweb.torproject.org/torflow.git/blob/HEAD:/NetworkScanners/BwAuthority/README.spec.txt

I've been worried about various types of path biasing/circuit failure
attacks for a while, but sadly the the bandwidth authorities are not
something that can be relied upon as the only thing to defend against
them. The bandwidth authorities are not a security measure. It is
possible to deceive them.

The only way for measurements to be resilient to deception is to deploy
decentralized measurement such as Eigenspeed, but Eigenspeed's passive
measurements are unable to properly measure high bandwidth relays, so 
someone needs to research decentralized active measurement and/or
a hybrid solution of Eigenspeed and the bandwidth authorities, and
figure out how to blend in circuit failure into the measurements, too.

I believe Nikita's group was the first to publish about path biasing in
Tor through circuit failure
(http://research.microsoft.com/~gdane/papers/ccs0255-borisov.pdf), and
is also the source of the EigenSpeed work. I prod him every once and a
while to try out his Eigenspeed as a defense against his path biasing
attack, but haven't heard much about it.

That said, the bandwidth authorities will actually compensate for this
attack if the bwauthcircs=1 consensus parameter is set. Right now, the
parameter is not set, because it is part of the PID feedback experiment
that is currently disabled. Circuit failure statistics are still being
recorded for posterity though. There are some high capacity relays
exhibiting high rates of circuit failure right now, but that could also
be CPU overload.

I can turn the bwauthcircs=1 parameter back on independent of the PID
feedback and see what happens, but if we could solve this with crypto,
that would be better I think.

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120312/157ea788/attachment.pgp>

More information about the tor-dev mailing list