[tor-dev] Hidden Service Scaling
michael at briarproject.org
Wed May 7 17:30:29 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 07/05/14 17:32, Christopher Baines wrote:
>> What about the attack suggested by waldo, where a malicious IP
>> repeatedly breaks the circuit until it's rebuilt through a
>> malicious middle node? Are entry guards enough to protect the
>> service's anonymity in that case?
> I think it is a valid concern. Assuming the attacker has
> identified their node as an IP, and has the corresponding public
> key. They can then get the service to create new circuits to their
> node, buy just causing the existing ones to fail.
> Using guard nodes for those circuits would seem to be helpful, as
> this would greatly reduce the chance that the attackers nodes are
> used in the first hop.
> If guard nodes where used (assuming that they are currently not),
> you would have to be careful to act correctly when the guard node
> fails, in terms of using a different guard, or selecting a new
> guard to use instead (in an attempt to still connect to the
> introduction point).
Perhaps it would make sense to pick one or more IPs per guard, and
change those IPs when the guard is changed? Then waldo's attack by a
malicious IP would only ever discover one guard.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the tor-dev