Full Disclosure mailing list archives

Re: tor vulnerabilities?

From: Michael T <mt2410689 () gmail com>
Date: Wed, 3 Jul 2013 10:54:09 -0500

What about keysigning among tor operators?  I trust top_op1, and he trusts
top_op2, 3, and 4, so I can trust them as well.

Mike
//Not my areas of expertise

On Wed, Jul 3, 2013 at 9:34 AM, Georgi Guninski <guninski () guninski com>wrote:

Valdis,

I see no reason to trust tor.

How do you disprove that at least (say) 42% of the tor network
is malicious, trying to deanonymize everyone and logging
everything?

Or maybe some obscure feature deanonymize in O(1) :)


On Sat, Jun 29, 2013 at 08:05:17PM -0400, Valdis.Kletnieks () vt edu wrote:

On Fri, 28 Jun 2013 23:37:45 -0400, Neel Rowhoiser said:

I just stumbled across this and despite its sort of half-assed write

up, I

think its possibly an advisory? If I am understanding it correctly,

they're

saying that you can use a directory authority that hands out

invalid/wrong RSA

keys for other relays, you can cause decryption to fail and thus

introduce path

bias to nodes of the directory authorities choosing by selectively

handing out

valid RSA keys?


Oh, it's *that* attack again (as far as I can tell).  Some French guys

did a

proof-of-concept a few years ago that you could do this sort of thing if

you

subverted a sufficient number of nodes.  But keep reading.

If the bit towards the end about guard nodes is correct, it would seem

to

indicate that they can use the semantics for detecting when a guard is

causing

too many extend relay cells to fail to cause valid guards to be marked

invalid,

and their rogue guards to succeed essentially using tor's semantics

against

them and causing the odds that you-re ingress point to the tor network

is rogue

to approach 1.


The problem is that you have to subvert a large number of relays to
do it, in a way that doesn't get noticed..

Why aren't the tor relay keys signed? And what other myriad of

documents do


And who would sign said relay keys?  They're all essentially self-signed
already, so what you're looking for is a PKI.  And the whole point of

the tor

system is that nobody involved trusts a central authority.  If you've

got a

good idea on how to do it, feel free to comment.

directory authorities serve that also don't have integrity controls?

This sort

of makes me question the tor projects ability to deliver on any of the

promises

they make, as it would seem that a person needs like 3 or 4 rogue

nodes before

they could start de-anonymizing users, and the more of them they

introduced the

more of the network they could capture?


Actually, it's more like 3 or 4 *hundred* nodes.  As I write this, there
are 3,903 relays connected, 1,218 guard nodes, and 2,396 directory

mirrors.


http://torstatus.blutmagie.de/

Even if you control 400 of those routers, the odds that any connection

will

only traverse your nodes is only 0.1% or so.  If you have "3 or 4', it's
literally a one-in-a-billion shot.  Assuming a million tor tunnels form a
day, you'd catch one circuit every 3 years or so.  And no guarantee that
the circuit you caught carried anything you would find useful.

I suppose you could bring up 4,000 tor nodes of your own, to increase

your odds

of end-to-end control on a circuit all the way to 12% or so. However,

that's

very much a one trick pony, and probably wouldn't work simply because

people

would notice the sudden growth before you got enough nodes connected to

do much

damage.

And using rogue directory servers to improve your odds doesn't help

either.

Currently, there's a whole whopping 5 'bad exit' routers.  You can

improve

your chances by corrupting stuff so half the exits are bad - but again,

that

will get noticed when a single-digit number hits three digits.  And you

need

to get it up to 4 digits before you have decent odds.

And yes, the Tor designers are totally aware that this "vulnerability"
exists - the problem is that all proposed solutions so far are even
worse (for instance, requiring signed relay keys).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: tor vulnerabilities? Georgi Guninski (Jul 03)
- Re: tor vulnerabilities? Valdis . Kletnieks (Jul 03)
  - Re: tor vulnerabilities? adam (Jul 03)
- Re: tor vulnerabilities? coderman (Jul 03)
  - Re: tor vulnerabilities? Georgi Guninski (Jul 04)
- Re: tor vulnerabilities? Michael T (Jul 04)
  - Re: tor vulnerabilities? Valdis . Kletnieks (Jul 03)
- Re: tor vulnerabilities? Alex (Jul 04)