[tor-dev] Different trust levels using single client instance

teor teor2345 at gmail.com
Sat Oct 22 00:43:12 UTC 2016


> On 22 Oct. 2016, at 07:38, bancfc at openmailbox.org wrote:
> 
> Summarized question:
> 
> Do you recommend allowing Workstation VMs of different security levels to communicate with the same Tor instance? Note that they connect via separate internal networks to the Gateway and have different interfaces & controlports so inter-workstation communication should not be possible.
> 
> 
> Single Tor Gateway, Multiple Workstations
> 
> Pros:
> *Same guard node means less chance of picking a malicious one
> *Single Gateway VM uses less resources
> 
> Cons:
> *Some unforeseen way malicious VM "X" can link activities of or influence traffic of VM "Y"
> **Maybe sending NEWNYM requests in a timed pattern that changes exit IPs of VM Y's traffic, revealing they are behind the same client?
> **Maybe eavesdropping on HSes running on VM Y's behalf?
> **Something else we are not aware of?

* Caching of DNS, HS descriptors, preemptive circuits, etc. 
* VMs can leak other VM's guards and even entire circuits
  * easily without a control port filter
  * perhaps some discovery attacks even with a filter

> 
> 
> Multi-Tor Gateways mapped 1:1 to Workstation VMs
> 
> Pros:
> *Conceptually simple. Uses a different Tor instance so no need to worry about all these questions.
> 
> Cons:
> *Uses a different entry guard which can increase chance of running into a malicious relay that can deanonymize some of the traffic.
> * Uses extra resources (though not much as a Tor Gateway can run with as little as 192MB RAM)

* Links traffic at different guards to the same source IP address
* Even VM-level isolation is not proof against some attacks

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------------










More information about the tor-dev mailing list