[tor-dev] Analysis of the Relative Severity of Tagging Attacks

Mike Perry mikeperry at torproject.org
Fri Mar 23 20:39:12 UTC 2012

Thus spake The23rd Raccoon (the.raccoon23 at gmail.com):

> So, if you have a way to measure circuit failure reliably, you can in
> fact detect the tagging attack, up to a point. It will be
> significantly easier to detect full 3-hop path bias than 2. It would
> be a good idea to solve tagging for this reason.

Ok, I've filed parent ticket
https://trac.torproject.org/projects/tor/ticket/5456 for dealing with
all of this mess.

> > I can turn the bwauthcircs=1 parameter back on independent of the PID
> > feedback and see what happens, but if we could solve this with crypto,
> > that would be better I think.

Turns out I was wrong here. There's a bug in the bwauths that prevent us
from doing this properly right now:

Turtles all the way down...

> Is this even possible without revising the circuit level protocol? We
> looked through the spec and didn't see anything that allows the
> network to migrate to alternate cipher choices easily..
> How quickly can the migration be done?

Pretty slowly, it turns out. We're going to need a new circuit protocol
and we need to decide if we want to do per-hop MACs or use
self-authenticating ciphers. I created a child ticket for the proposals
that will help us figure this out.

https://trac.torproject.org/projects/tor/ticket/5460 if you're
interested in following them.

> Otherwise, I suggest everybody start keeping track of their circuit
> failure rates though major nodes....

I created a child ticket for this, too:

I also created https://trac.torproject.org/projects/tor/ticket/5459 for
building a network scanner to detect this collusion.

It's going to be a long while before all of this stuff gets done though,
I bet. We're waaay overloaded here, development wise. We can barely keep
up with our Sponsor workload, let alone fix surprise monstrous issues
like this one. We'd love the help!

But still, thanks for taking the time to report this (and also for
providing the proofs!).

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120323/8e3714ff/attachment.pgp>

More information about the tor-dev mailing list