[tor-dev] [tor-assistants] Researching Tor for Master's Thesis

George Kadianakis desnacked at riseup.net
Tue Dec 2 20:57:09 UTC 2014

Florian Rüchel <florian.ruechel.tor at inexplicity.de> writes:

> Hi everyone,
> I am attaching the conversation from the assistants list over.
> Here is the TL;DR: I want to write my master's thesis on Tor,
> preferrably on a topic that has to do with Hidden Services and/or
> Cryptography in Tor.
> I have followed George's recommendations and read through some of the
> sources provided. In the end, several topics seem appealing to me, but
> before moving on I'd like to get some feedback from you guys on whether
> you'd consider the topics worth researching or even have some additional
> ideas.

Some comments follow:

> HSDir tracking: I have taken a look at the idea of PIR (
> https://en.wikipedia.org/wiki/Private_information_retrieval) and the
> problem associated with getting HS descriptiors. I have only looked at
> the theory of PIR so far and not yet an idea of how this can be
> accomplished (and to what extend) in practice.

This is worth researching and even implementing a PoC of.  There are
various places in the Tor protocols that PIR could be applied.

However I don't know how feasible it is for an MSc thesis.  I remember
that Ian Goldberg had a nice survey paper of PIR schemes. There are
even some implementations of some PIR schemes floating the internet,
but they are probably research quality implementations.

> Certificates for HS: I find this topic particularly interesting and have
> followed the discussion. The general concept seems like a great thing to
> achieve and it could actually outperform the regular SSL/CA
> infrastructure stuff as it could remove the need for CAs. Unfortunately,
> this seems something that is not extensive enough to warrant a whole
> thesis. If you guys think otherwise, please let me know.
> Tor with mix features: Tor has the explicit goal of being a low-latency
> network. However, there are several protocols where high-latency would
> be acceptable. I liked the idea of high latency HSes
> (https://lists.torproject.org/pipermail/tor-dev/2014-November/007818.html).
> I'd like to know what you think about this idea being viable. It would
> have the advantage of being very flexible from just a theoretic
> evaluation down to a real implementation so I could adjust this to my
> time. But only if this is actually desired so it does not need to stay
> theoretic. I think it would be very interesting to evaluate whether this
> can improve or hurt anonymity of low-latency users, as well.

I agree. Very interesting area. I'm hoping for Tor to move the area
forward during the next one year. We will see.

Parallel research would be good. Some ideas to move forward:

> Traffic confirmation attacks: This is here more or less for
> completeness. I know this topic is open for several years and would be
> one of the most powerful countermeasures to deploy but unless someone
> has started on something that I could build upon, I don't see myself
> coming up with something useful here.
> Guard discovery attacks: I have only read roughly what these attacks
> are. I'd like to know if it would make sense to take a deeper look here,
> i.e. you think extensive research is needed on that topic.

A few people are thinking about this actively, and I'm hoping that
this topic will also move forward over the next months.

I believe that there is research to be done here. See the relevant
thread for some directions.

> Improving crypto for HSes: The blog entry on HS
> (https://blog.torproject.org/blog/hidden-services-need-some-love)
> vaguely states that crypto for HSes could be improved. However, the
> article is over a year old and I know the new rend-spec-ng exists, so
> I'd like to know whether there's anything here to work on. I have a
> fairly good background on cryptography, so I'd like to help here if help
> is needed.

Maybe check the part about the HSDir hashring?

> Cryptography: There's two proposal ideas, one from 2010
> (https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/ideas/xxx-crypto-migration.txt)
> and one from 2011
> (https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/ideas/xxx-new-crypto-sketch.txt)
> which builds on that. Has some of this been addressed? Is this still
> being worked on or just leftover that has already been integrated to the
> desired level? Would an analysis of the cryptography used in Tor make
> sense to you, i.e. building on those documents reviewing where and how
> Tor uses cryptography to secure its operations and evaluating the
> methods used?

Yes, a crypto/code audit would indeed be very useful.

> Onion addresses: I took a look at several approaches around
> censorship-resistant lookups, e.g. the GNS (see George's recommendation
> below) and Aarown Swartz's proposal on squaring Zooko's triangle by
> achieving all three properties. I think it would be a cool thing if it
> were actually possible to improve onion addresses to be human-readable,
> especially when they get longer by using bigger keys in the future
> (since 80 bit won't suffice). I don't know if this is actually possible
> (I see some issues on Aaron's proposal and Dan Kaminsky confirmed them)
> but working out a scheme that makes handling the names easier for users
> while not sacrificing the security would help a lot, I think.

Yes, definitely interesting and worth doing. Many possible directions
and ideas too.

See this thread http://archives.seul.org/or/dev/May-2013/msg00115.html
for some ideas.

Another interesting idea is the anonymous blacklisting protocols, like
Nymble. Making a practical (implementable) such protocol, would give
us a very good push in the "block all Tor users from accesing our
website" fight.

Also, feel free to drop by IRC. It's #tor-dev at OFTC. Most Tor
developers are active there and would be glad to answer any questions.
> This would be the bigger topics I have found on which I could see myself
> building a thesis. I also stumbled upon smaller research questions (e.g.
> whether running a bridge/relay is good, bad or doesn't make a difference
> for anonymity) but none of those warrant a full 6 month thesis so I
> discarded them for the moment.
> If you could take the time to evaluate my ideas and let me know what you
> think, I'd greatly appreciate that. The hardest thing here as an
> outsider is to assess the current situation and figure out where work is
> actually needed and where problems/issues have already been addressed so
> any help from you guys would really help me.
> Thanks in advance & Regards,
> Florian Rüchel
> P.S.: George:
>> I'm about to relocate, so my reply will be short! Come and find us in
>> CCC for more.
> Unfortuantely, I don't know what you mean by CCC :(
>> Ah, I'm also a fan of the FluxFingers team :)
> Great! Have played some CTFs for yourselves, then? Are you member of a team?
> Thanks for your quick reply, it has helped me a great deal moving
> forward on this project.
> On 12.11.2014 23:15, George Kadianakis wrote:
>> Florian Rüchel <florian.ruechel.tor at inexplicity.de> writes:
>>> Hello everyone,
>>> I am about to write my master's thesis and am evaluating Tor as my
>>> research topic. I have read through several documents (including the
>>> Ideas page of the research page and the Research page on the Volunteer's
>>> page). I also read "Hidden Services need some love"
>>> (https://blog.torproject.org/blog/hidden-services-need-some-love) and
>>> especially followed the section on cryptography (reading both proposals)
>>> with great interest.
>>> Before diving into more of those documents that are available, I noticed
>>> you encourage people to contact you through this list should they wish
>>> to conduct research. Right now I am in a very early state as I have not
>>> chosen a topic yet. In my choice I want to do something that benefits
>>> the Tor network, satisfies my professor and involves topics I generally
>>> care for.
>>> As noted above, I took particular interest in Hidden Services and
>>> general cryptography used by Tor. So if possible, I would like to have
>>> those two (or one of those topics) to focus my thesis on. Of course, I
>>> need to define my topic in such a way that it fits my time schedule
>>> (half a year, full-time) and that my professor accepts it.
>>> Now, before moving any further I'd like to know if there are any further
>>> documents I should read that are more up to date than the documents
>>> indicated above (especially the crypto specs are from 2010/2011 so I
>>> don't know how far the network has moved here). It would also be
>>> interesting to know whether some of the issues described for Hidden
>>> Services are already addressed and whether my research would be better
>>> directed somewhere else.
>>> I would be glad if you could take the time to respond to my request so
>>> as to help me define my topic better.
>> Greetings,
>> I'm about to relocate, so my reply will be short! Come and find us in
>> CCC for more.
>> I'd first suggest you to join and skim over the [tor-dev] mailing list:
>> https://lists.torproject.org/pipermail/tor-dev/
>> Especially this month there has been an increase of threads about
>> hidden services, so I'd suggest you to check it out.
>> I'd also suggest you to read the recent blog post about the attacks
>> against HSes:
>> https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous
>> The blog post offers plenty of material for research, since it lists
>> various attacks and issues with the security of HSes that we need to
>> fix and would definitely benefit from further thinking. Check the
>> guard discovery [tor-dev] thread for example.
>> Also check this recent thread:
>> https://lists.torproject.org/pipermail/tor-dev/2014-October/007642.html
>> which is part of figuring out work for a funded project. Most of those
>> tasks are not very interesting for you, but you can find deeper
>> research questions in some of them.
>> Another guy recently did his thesis on HS scaling:
>> https://lists.torproject.org/pipermail/tor-dev/2014-April/006788.html
>> There is also this stuff:
>> https://lists.torproject.org/pipermail/tor-dev/2013-November/005878.html
>> related to the HSDir hashring in rend-spec-ng.txt.
>> And check out the "Trawling Hidden Services" paper by Ralf et al.
>> For example, on a more key management tone, petname systems for HSes
>> would be very interesting, which is related to the recent work of
>> GNUNet with GNS:
>> https://gnunet.org/gns
>> BTW, keep in mind that some of these projects will be moving during
>> the next year.
>> Also, if you have public questions which would benefit more people, it
>> would be great if you could post in [tor-dev] instead of here. It's
>> good to answer obscure HS questions in public so that more people can
>> understand the protocol.
>> Ah, I'm also a fan of the FluxFingers team :)
>> Thanks for the interest and hope this was useful.
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

More information about the tor-dev mailing list