[tor-dev] Hidden Service Scaling

waldo waldoalvarez00 at yahoo.com
Thu May 1 23:45:51 UTC 2014

El 30/04/14 17:06, Christopher Baines escribió:
> On 08/10/13 06:52, Christopher Baines wrote:
>> I have been looking at doing some work on Tor as part of my degree, and
>> more specifically, looking at Hidden Services. One of the issues where I
>> believe I might be able to make some progress, is the Hidden Service
>> Scaling issue as described here [1].
>> So, before I start trying to implement a prototype, I thought I would
>> set out my ideas here to check they are reasonable (I have also been
>> discussing this a bit on #tor-dev). The goal of this is two fold,  to
>> reduce the probability of failure of a hidden service and to increase
>> hidden service scalability.
> Previous threads on this subject:
>   https://lists.torproject.org/pipermail/tor-dev/2013-October/005556.html
>   https://lists.torproject.org/pipermail/tor-dev/2013-October/005674.html
> I have now implemented a prototype, for one possible design of how to
> allow distribution in hidden services. While developing this, I also
> made some modifications to chutney to allow for the tests I wanted to write.
> In short, I modified tor such that:
>   - The services public key is used in the connection to introduction
> points (a return to the state as of the v0 descriptor)
>   - multiple connections for one service to an introduction point is
> allowed (previously, existing were closed)
>   - tor will check for a descriptor when it needs to establish all of its
> introduction points, and connect to the ones in the descriptor (if it is
> available)
>   - Use a approach similar to the selection of the HSDir's for the
> selection of new introduction points (instead of a random selection)an taack involvin

>   - Attempt to reconnect to an introduction point, if the connection is lost
I appreciate your work since Hidden services are really bad. Hard to 
reach ATM sometimes. But ... how you do this in details? Sorry but 
walking over your sources could be challenging if I don't know the 
original codebase you used and is gonna take more time than if I just 
ask you. I also can't test as I don't have enough resources/know how/time.

  I am worried about an attack coming from evil IP based on forced 
disconnection of the HS from the IP. I don't know if this is possible 
but I am worried that if you pick a new circuit randomly could be highly 
problematic. Lets say I am NSA and I own 10% of the routers and 
disconnecting your HS from an IP I control, if you select a new circuit 
randomly, even if the probabilities are low, eventually is a matters of 
time until I force you to use an specific circuit from those convenient 
to me in order to have a possible circuit(out of many) that transfers 
your original IP as metadata through cooperative routers I own and then 
do away with the anonymity of the hidden service.

  The big question I have is what is the probability with current Tor 
network size of this happening? If things are like I describe, is a 
matter of seconds or thousand of years?

> With chutney, I added support for interacting with the nodes through
> Stem, I also moved the control over starting the nodes to the test, as
> this allows for more complex behaviour.
> Currently the one major issue is that using an approach similar to the
> HSDir selection means that introduction points suffer from the same
> issue as HSDir's currently [1]. I believe any satisfactory solution to
> the HSDir issue would resolve this problem also.
> One other thing of note, tor currently allows building circuits to
> introduction points, through existing introduction points, and selecting
> introduction points on circuits used to connect to other introduction
> points. These two issues mean that a failure in one introduction point,
> can currently cause tor to change two introduction points. (I am not
> saying this needs changing, but you could adjust the circuit creation,
> to prevent some extra work later if a failure occurs).
> Any comments regarding the above would be welcome.
> I have put the code for this up, but it should not be used for anything
> other than private testing (and will not work properly outside of
> chutney at the moment anyway).
> The modifications to tor can be found in the disths branch of:
>   git://git.cbaines.net/tor.git
> The modifications and additional tests for chutney can be found in the
> disths branch of:
>   git://git.cbaines.net/chutney.git
> To run the tests against the new code, you would do something along the
> lines of:
>   git clone -b disths git://git.cbaines.net/tor.git
>   git clone -b disths git://git.cbaines.net/chutney.git
>   cd tor
>   ./autogen.sh
>   ./configure
>   make clean all
>   cd ../chutney
>   git submodule update --init
>   export PATH=../tor/src/or:../tor/src/tools/:$PATH
>   ls networks/hs-* | xargs -n 1 ./chutney configure
>   ls networks/hs-* | xargs -n 1 ./chutney --quiet start
> The last command should yield some output similar to:
>   networks/hs-dual-intro-fail-3 PASS
>   networks/hs-intro-fail-2 PASS
>   networks/hs-intro-fail-3 PASS
>   networks/hs-intro-select-2 PASS
>   networks/hs-start-3 PASS
>   networks/hs-stop-3 PASS
>   networks/hs-tripple-intro-fail-3 PASS
> 1: https://trac.torproject.org/projects/tor/ticket/8244
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140501/a492fa9d/attachment.html>

More information about the tor-dev mailing list