[tor-dev] Crux: Privacy-preserving statistics for Tor

[str4d]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Vasilios Mavroudis wrote:
> Hello,
> 
> I would like to introduce our project "Crux", which enables the
> computation of privacy preserving statistics on sensitive data. The
> project was developed at University College London (UCL) by me, in 
> close collaboration with George Danezis.

This is fantastic work. Haven't read all of your thesis yet, but it
looks similar to the stats collection system that we ran for a while
inside I2P, but with the privacy protections that I wanted it to have.
Well done!

> 
> "Crux" was designed with Tor hidden services in mind (in accordance
> with this 
> <https://research.torproject.org/techreports/hidden-service-stats-2015
- -04-28.pdf>
>
> 
Tor
> Tech Report), but it can be applied on various kinds of data (given
> an appropriate parser).

Excellent. I want to use this in I2P :)

> 
> It supports three statistics (i.e. mean, median, variance) and its
> threat model is compatible Tor's (see technical document below).

I will look into this, but I doubt there will be any insurmountable
incompatibilities with I2P's threat model.

> Currently, we don't have a parser specific for the data collected
> by the Tor relays, but we plan to keep adding functionality.
> 
> The source code can be found here:
> https://github.com/mavroudisv/Crux The theoretical background,
> threat model, security argument and technical details can be found
> here: link <http://mavroudisv.eu/files/thesis.pdf>
> 
> 
> Ideas, comments, feedback much appreciated!

Firstly: needs more docs. I shouldn't have to read your entire thesis
in order to figure out how to run it :P The README is a good start,
but the command parameters need clarification/definitions, and it is
not at all obvious how the relays work. An XLS file is also mentioned
without explanation.

Secondly, you could probably simplify configuration by managing hidden
service connections yourself. I believe the Stem library can do this?
I2P has a python library that can be used to listen on and connect to
I2P Destinations, with a socket-like interface.

It's not clear to me from your thesis whether you plan to merge the
relay component into the Tor relay code (and have the Tor relays talk
directly to the query processors), or have your relays running
separately and interfacing with the Tor relays to fetch stats. This
will potentially alter how it would be used with other networks. In
I2P's case I'd imagine it would be easiest (in terms of usability by
those setting up relays) to write an I2P plugin in Java that performs
the relay role, but I wouldn't want to be duplicating a lot of logic
that subsequently needs to be kept in-sync with upstream :)

str4d

> 
> Vasilis
> 
> 
> 
> _______________________________________________ tor-dev mailing
> list tor-dev at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> 
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWFP9HAAoJEBO17ljAn7PgAq0P/jrjLnPxg2+rfOX1H46xClpG
wfeeNuDltlrvTtNwtDO+lqSzpz+LY/PkUbHow2B7wprRgGvav2kCtGh3xga4BVEX
SoYiNcWhRKFmrw6jNjAGPh060hcC7WzBbAjxQ28kotl7NiXO4ZbeMdQ5vqDVE5+K
2f0lSFnBYmj4SYxaVWIxGir3FRn+VdACWjQPL1JV4LDbAPXmNlg17nBwvj5g9lhS
n9InsXUqoyhJ5zbVqwHoNl8N2IMui+i2ppF3ZiuHQCHw88+6qJxVW5u11zP2TccJ
ycFNE5jcxxNtK9+1jwdfpen5yAnAlaaeKHkHZ+oNN1nb156QbLhcIwqt8IeRFcZv
SzaCQk6NIAZFbOVPNzTJ6akXjajd7AbkdVnGBeziD8z8yD1Qa+OH0vBoT/jTP5Ec
OdU9f0a3Vc3zftoSaRsCHaQX7+1OEKjDkyk6Gs6lt2PUWVvnNu2+ztXBttI2v8Ee
UjEbAC7OR8NpyBAn0p+ja/353zCZU0TXzjccEFb7YtjCCy0hACQGuxwjEECcpbQH
MKRZa0JmbSVbDsZoRuMNEwPzg4/sXTVaS8mGmOurotXR1iPgs80DxiAym0kLOe0d
xllTDtf561gekxed/+Zm5hjH5FAR7uMI4cpywRUMqyCzJGSKZKr/2uxjnv832j4H
ecujGrMEByFdgfG3co5P
=etz3
-----END PGP SIGNATURE-----