[tor-project] Moar Project Ideas!!
i at virgil.gr
Tue Mar 8 17:38:50 UTC 2016
I volunteer for mentoring for anything related to: Tor2web, Roster,
relay operators, ahmia.fi, or OnionLink.
I did some analytics looking at the risk of BGP prefix hijacking. If
we want to look into this I suggest making more of a research project
(probably with Princeton), but if GSOC is willing to fund it we can
certainly look into defenses that mitigate the attack.
On Thu, Mar 3, 2016 at 10:58 AM, Damian Johnson <atagar at torproject.org> wrote:
> Thanks Aaron. I assume you, Donncha, and Yawnbox would all be mentors?
> Personally I'm not fully groking the idea though on first read I'm
> unsure why this would take three months (or be enough for a full GSoC
> project). This sounds similar to DocTor checks with some sort of
> Routeviews and BGPStream integration.
> Cheers! -Damian
> On Thu, Mar 3, 2016 at 5:47 AM, Aaron Gibson <aagbsn at extc.org> wrote:
>> On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
>>> Damian Johnson:
>>>> Hi all, pulled the trigger on this...
>>>> Folks are coming out of the woodwork to mentor so we still have ten
>>>> projects (yay!), but not much concerning core tor. if you'd care to
>>>> mentor one of these then more than happy to add it back to our page.
>>> Great work on getting the GSoC program together, and getting selected!
>>> I'd be happy to be the second mentor for any Python-based project,
>>> particular if it's related to hidden services or network monitoring.
>> A project I discussed last night with Donncha and Yawnbox is
>> IP hijacking detection for the Tor Network.
>> IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when a bad
>> actor creates false routing information to redirect Internet traffic to or
>> through themselves. This activity is straightforward to detect, because the
>> Internet routing tables are public information, but currently there are no
>> public services that monitor the Tor network. The Tor Network is a dynamic
>> set of relays, so monitoring must be Tor-aware in order to keep the set of
>> monitored relays accurate. Additionally, consensus archives and historical
>> Internet routing table snapshots are publicly available, and this analysis
>> can be performed retroactively.
>> The implications of IP hijacking are that Tor traffic can be redirected
>> through a network that an attacker controls, even if the attacker does not
>> normally have this capability - i.e. they are not in the network path. For
>> example, an adversary could hijack the prefix of a Tor Guard relay, in order
>> to learn who its clients are, or hijack a Tor Exit relay to tamper with
>> requests or name resolution.
>> This project comprises building a service that compares network prefixes of
>> relays in the consensus with present and historic routing table snapshots
>> from looking glass services such as Routeviews (http://routeviews.org), or
>> aggregators such as Caida BGPStream (https://bgpstream.caida.org) and then
>> issues email alerts to the contact-info in the relay descriptor and a
>> mailing list. Network operators are responsive to route injections, and
>> these alerts can be used to notify network operators to take immediate
>> action, as well as collect information about the occurrence of these type of
>> Estimated time to build this service: 3 months
>> tor-project mailing list
>> tor-project at lists.torproject.org
> tor-project mailing list
> tor-project at lists.torproject.org
More information about the tor-project