[tor-dev] Defending against guard discovery attacks by pinning middle nodes

George Kadianakis desnacked at riseup.net
Fri Jul 11 14:10:21 UTC 2014

"Sebastian G. <bastik.tor>" <bastik.tor at googlemail.com> writes:

> 11.07.2014 14:31, Ian Goldberg:
>> On Fri, Jul 11, 2014 at 01:44:36PM +0300, George Kadianakis wrote:
>>> Hey Nick,
>>> this mail is about the schemes we were discussing during the dev
>>> meeting on how to protect HSes against guard discovery attacks (#9001).
>>> (...)
> HS stands for hidden-service, if I'm not mistaking.
>> And similarly at the exit node: the exit will now know that circuits
>> coming from the same middle are more likely to be the same client.
>> That's a little more worrying to me than the above.
> If the proposed change applies to hidden-services alone, "regular" usage
> of Tor (Client > Guard > Middle > Exit > Destination) is not affected.
> My reading was that the middle node for hidden-service connections are
> kept longer.

Even though guard discovery attacks affect mainly (only?) HSes, this
is probably not a change that could only be applied to HSes.

Mainly because it's easy for an entry guard to learn whether a client
has static middle nodes or not, and hence distinguish the HS circuit
from a normal Tor client circuit. Also, the middle guard itself will
probably be able to do this distinction too.

However, to be honest, those actors can probably already distinguish
between normal circuits and rendezvous circuits, by looking at
frequency and size of Tor cells passing.

As always, more research is needed...

More information about the tor-dev mailing list