[tor-talk] Tor security on EC2

[Marco Gruß]

Hello there,

with https://cloud.torproject.org/ actively promoting it,
I have been thinking about Tor vs. EC2 for a while.

Since at least Amazon's US datacenters are most certainly
under US jurisdiction, it might be possible for LEA to
obtain the private keys of EC2 tor nodes. Snapshotting
the corresponding EBS volume is trivial (in fact, you
can do it yourself from the EC2 console), so unencrypted
key files can be easily extracted.
You could use some kind of encryption (ecryptfs for your
tor home, or even cryptsetup on a second EBS volume) to
store your keys, but even then they could possibly be
extracted from a dump of the VM's memory (obtained by
running xen xm dump-core on the host).

Tor people, is there some kind of "automagic family"
for EC2 nodes? There's a (current, it seems) list of
IP networks available here:

https://forums.aws.amazon.com/ann.jspa?annID=1351

Thoughts?

Marco