hostile node anonymity attack scenario
Paul Forgey
paulf at aphrodite.com
Tue Feb 1 04:47:01 UTC 2005
What if a hostile _first_ node from your node were to pretend to honor
your extend requests and complete the connection to the exit point, yet
capture everything that happens? Such a node would be able to determine
that it is the first hop from a particular connection because it would
be able to see clear text data. I know the data between nodes is
encrypted, but if you are the first node then you have knowledge of what
the encrypted data is. While it pretends to honor extend requests and
handshake new keys, it's actually doing so with itself so that it can
see the entire circuit.
If I understand the design document, data isn't spread out across
different nodes so that each node doesn't have the complete data. Doing
so would strengthen tor against such an attack. Some scrambling
mechanism so that each group of bytes need to be put back together with
complimentary information routed through other nodes. This way, ALL the
nodes from the node under attack would have to be under control by the
same attacker.
Since intermediate tor nodes have key pairs signed with their ip
information which prevent subverting connections to hostile nodes, I see
that it would be extremely difficult to run one master hostile node and
divert all traffic to it from a node (or ISP or country) being attacked.
More information about the tor-talk
mailing list