[tor-relays] relays "in the cloud"

Andy Isaacson adi at hexapodia.org
Thu Oct 3 19:24:32 UTC 2013


On Wed, Oct 02, 2013 at 08:34:05AM -0400, Jonathan D. Proulx wrote:
> On Tue, Oct 01, 2013 at 04:35:15PM -0700, Andy Isaacson wrote:
> :In summary, it seems likely that IaaS is pwned wholesale.  Colo hardware
> :is somewhat more expensive to attack and possibly succeeds in raising
> :the bar from "software" to "attacker has to roll a truck to pwn me",
> :which is my current recommendation for threat modeling.
> 
> I'll grant all that, but what does it get an attacker over traffic
> analysis in and out of that data center which is already easy in
> software?

If an attacker can capture (using a fiber tap or backbone port) and
decrypt (using private keys captured from an IaaS vulnerability)
inter-node traffic, then they would be able to deanonymize entire flows.
This would be significantly more powerful than just traffic analysis
since it gives plaintext in addition to metadata.

However, I *think* (not sure) that merely capturing the Tor node's long
term identity key, plus capturing all the ciphertext on the wire, does
not allow decryption of sessions, because ephemeral session keys with DH
key exchange saves us.  The attacker needs to capture the ephemeral
keys, which turns the proposed IaaS key-capture compromise into an
ongoing activity rather than one-time affair.

-andy


More information about the tor-relays mailing list