(Theory) The BGP exploit: Effects on Tor routing and overall anonymity?
John Brooks
aspecialj at gmail.com
Fri Aug 29 05:46:30 UTC 2008
The short answer is no, not much. The long answer is a lot longer than that,
so get ready :P
This would serve the person intercepting the traffic in near exactly the
same way it does the operator of the node - entry nodes know the client,
middle nodes know the entry and exit nodes, exit nodes know the destination
(and the traffic to that destination). You would still need to intercept a
significant amount of nodes before being able to break anonymity and tell
which users are responsible for what traffic - which is a problem because
the entire reason this attack works is that it targets more specific IP
blocks. That many announcements (for various nodes) would be pretty easy to
see. If an attacker were able to intercept traffic on the entry and exit
nodes, or the client and destination, they could use timing and bandwidth
correlations to tell (with high probability) that this client is accessing
this destination. But this is no different from an attacker with control of
the entry node or exit/destination.
The only way to make use of it that doesn't involve guessing at what nodes
are in use would be to start at one end and work backwards or forwards in
realtime. Essentially, you start by intercepting traffic to a target
destination, then intercept traffic to the exit node contacting that
destination, then intercept traffic to the middle node contacting that exit,
then the entry node contacting that middle node, and finally to the client.
The problem here is that you'd need a consistant (and obvious) traffic
pattern sustained throughout that time (which would be long, due to the
large amount of traffic most nodes handle and that BGP is not
instantaneous), which is not generally true of HTTP requests. The complexity
of such an attack would be problematic, and it still involves quite a lot of
guesswork.
So no, this isn't a significant risk to tor anonymity, it's at best a
quicker way to intercept traffic and follow a node path to its source, and I
would be amazed if that were pulled off successfully. Remember that this
exploit only allows you to intercept traffic *to* a specific destination,
and in that situation you have no more information than the real destination
does (less, in fact, because you don't see the traffic going the other
direction unless you intercept that too).
- John Brooks
On Thu, Aug 28, 2008 at 11:21 PM, F. Fox <kitsune.or at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Once I read about the recent BGP exploit (
> http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html ) - which
> has the potential to re-route the traffic of millions of users - I had a
> question, from a theoretical standpoint:
>
> If such siphoning drew in traffic passing in between Tor nodes, would
> this have an effect on reducing anonymity for the users having their
> traffic relayed by these nodes? If so, how?
>
> - --
> F. Fox
> Owner of Tor node "kitsune"
> http://fenrisfox.livejournal.com
>
> Note 2008/08/19: I lost my old GPG keypair, and have generated a new
> one. Authenticity can be verified by checking the ContactInfo on kitsune.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIcBAEBCAAGBQJIt4dHAAoJECxKjnsrYHNHl8AP/3U3VKRjmft8SADOPJtOPdIt
> HCBbf60VSDTCPVnfKiDNQ7GmYDzUPeYX763qkPO6/yds/As6mwbIWYhtrMlGyX63
> 0JhvWVnQdNDHQ2begsX4tHVJwck1+e3jCawoo9Z5uydKomJbPL3JNkxQ1RYQ5aKD
> sq1z5Ha27FpxB3kA9GjbcgrpIaQTCaBEY+vVtDtT+zQdmFSaBsWNuPhs/7Iq2Lum
> 8AZwXMKElGIZICjMjf76Otdevkday40bgjPohliRfG9Yz5v5OHQLNI95GuI4YCxr
> aqLV7Q8aoqGEwkxkPYvBlMSV/F+0Q7Xwa9p+XgdSNtAhh4Q2dG7tdmOKPnOAEQzG
> 1aKtFFFwKJgOK0YsvutB/l5ePgqv4WtM/CUHmcQViUT/1EwvgTDxOMV2MAwHAAmz
> TDSpnbgweWwbWy/BME76zECvJGJalOqXo2XOioKRGP2KAWjK4bQvtZaTvKCf3CVI
> cvJ/we8eQmqKRuBiFU6yQNcgzpx3Q5XMvyQi5FYB8X+HWH9oFNBSVFpN4jRVf0Dm
> RWNgx3XxejT1BzE7oRrQ19iAvT6q0jozhKayLbMWRlhE0NAeH9FuN7peAlS3CnGw
> MEWSEaS1xTxw3+vWUbWpJSisELqI19xkFWO5y7ThsoQGuCbMxZ4Zut0z8MVciQ2v
> yHquFwNAvmzRWYyOaamj
> =cnNg
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080828/e4c400f7/attachment.htm>
More information about the tor-talk
mailing list