[tor-relays] relays "in the cloud"

[Jonathan D. Proulx]

Hi All,

There must be discussion of this I'm not finding so references to that
are welcomed.

As I understand it there are three risk layers in each Tor node:

1) The node operator (who has r00t) 
2) The data center (who has net)
3) The legal jurisdiction

I've recently started running a couple of relays on public IaaS
providers.  To my thinking this doesn't present significant security
issues beyond a hosted physical server, largely because they are not
running hidden services or using Tor to anonymize their own
traffic. Presumably memory inspection on the underlying hypervisor
could easily reveal that.

Most of what could be discovered from hypervisor monitoring seems liek
it could also be discovered by traffic analysis available to any
datacenter provider should they choose or be compeled to.

The one novel thing this may make easier is stealing the hosts private
keys, which would make traffic analysis easier (but I don't thing
significantly better) and allow impersonation of the node which would
not otherwise be possible (well it maybe possible to steal from memory
on a running system given physical access and sufficient equipment,
time and expertise but nearly impossible if not actually so).

What is the consensus level of paranoia on this?

Are there threats to virtualized systems I'm not considering?

Thanks,
-Jon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131001/f5029afd/attachment.sig>