On Sat, 2017-10-14 at 16:44 +0300, Nazar Mokrynskyi wrote: > However, for this attack you'll need to control 2 nodes in the > established circuit, which is not terribly bad for large networks IMO.
Attackers can be the recipient for free, so they only need to become the hidden service's guard. Tor slows them down by rotating guards slowly, and making nodes wait to become guards, but it's easy enough for a persistent and patient attacker to do this. An ephemeral or secret hidden service like onion share sounds okay, but anything long lived like ricochet or news sites can be exposed. You can expose anything with a timing attack of course, but these tagging attacks give you a very high level of proof they moment they work. Jeff p.s. I noticed an amusing countermeasure that's morally inspired by verifiable mix nets: We could defeat the end-to-end tagging by MACing at each hop, not so expensive if we extend the cell sizes, not sure if this enables other attacks in the circuit based context however. We could avoid expanding cell sizes by accumulating the MACs and eventually sending them to the client or HS. If a even small amount of the traffic is dummy traffic, then these could be used to prove miss behavior by nodes, removing their guard flag.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
