[tor-dev] Hidden Service Scaling

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/05/14 17:32, Christopher Baines wrote:
>> What about the attack suggested by waldo, where a malicious IP 
>> repeatedly breaks the circuit until it's rebuilt through a
>> malicious middle node? Are entry guards enough to protect the
>> service's anonymity in that case?
> 
> I think it is a valid concern. Assuming the attacker has
> identified their node as an IP, and has the corresponding public
> key. They can then get the service to create new circuits to their
> node, buy just causing the existing ones to fail.
> 
> Using guard nodes for those circuits would seem to be helpful, as
> this would greatly reduce the chance that the attackers nodes are
> used in the first hop.
> 
> If guard nodes where used (assuming that they are currently not),
> you would have to be careful to act correctly when the guard node
> fails, in terms of using a different guard, or selecting a new
> guard to use instead (in an attempt to still connect to the
> introduction point).

Perhaps it would make sense to pick one or more IPs per guard, and
change those IPs when the guard is changed? Then waldo's attack by a
malicious IP would only ever discover one guard.

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJTam21AAoJEBEET9GfxSfMiLkIAJuEjcF4yYH8L6nJOeSw33r+
aa7ANQPoBE0+dxXssNmFSw6Jw77qfip8LTQrvp58csdoxlh7ckp5wDMD0EqDag8X
98MuD6LRMD2q8MyJWHHYzBIn1SipW0PdTjpckdWlzI/u7ltpLy1ZHtLlpbKOGTKP
pTmG0enWCGP7bpkQeEiJYmCHPbQWxTYJ1lvGdG9EX6DMqWR51FiTJpl5u/eI0JiS
5iLzCuPyP+DCyOBlaxFozujSRnElAKgsIQKz9+NY+bmHFC7tCnh1zE7DikbJlDUd
XmZuzvK2VPuCabtDUegBteeenoyD3gtKKk59OyQUu9YbBz8JfJLY0zEmvTG9Mn4=
=gDUS
-----END PGP SIGNATURE-----