Mechanism for resisting targetted backdoors in Tor
Steven Murdoch
tortalk+Steven.Murdoch at cl.cam.ac.uk
Thu Aug 10 13:15:07 UTC 2006
At the PET workshop (http://petworkshop.org/2006) I gave a brief talk
on a simple idea relating to Tor. One known weakness of open source
software is that, even if the source is well auditied, an attacker
could still implant a backdoor in the version downloaded by one
person, and have a very low chance of detection.
I suggested a mechanism for allowing users to detect if they were the
victim of such a targetted attack. The threat is very specialised and
the solution is not foolproof but I hope it will be of interest.
I describe the basics of the idea in this blog post:
http://www.lightbluetouchpaper.org/2006/07/13/protecting-software-distribution-with-a-cryptographic-build-process/
Also, there are more details in the comments.
I would be happy to receive any questions or comments.
Thanks,
Steven.
--
w: http://www.cl.cam.ac.uk/users/sjm217/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060810/b17e3a6e/attachment.pgp>
More information about the tor-talk
mailing list