Mike Perry mikepe...@torproject.org writes:
A. Johnson:
The idea would be that Guard_3 would rotate on the order of hours,
Guard_2 would come from a set that is rotated on the order of days
(based on the expected duration for the adversary to become
Guard_3), and Guard_1 would rotate on
George Kadianakis desnac...@riseup.net writes:
Mike Perry mikepe...@torproject.org writes:
A. Johnson:
The idea would be that Guard_3 would rotate on the order of hours,
Guard_2 would come from a set that is rotated on the order of days
(based on the expected duration for the adversary
By the way, I actually can think of a good reason to include multiple rotation
speeds: to deal with both your uncertainty about surveillance speed and its
randomness. Suppose that you think it takes somewhere between 3 hours and 1
month, but don’t have a much better guess than that. Then a good
It's interesting to reduce the HS path length, but that would reduce
the length of the chain that the adversary has to walk, which is bad :/
Yeah, security in this attack model pushes towards a long path.
The rendezvous model is a bit restricting isn't it :(
Agreed, modifying path selection
A. Johnson:
HS - Guard_1 - Guard_2 - Guard_3 - RP.
The idea is that Guard_1 is a single node that you choose and keep
for O(6 months, or as long as possible), but Guard_2 actually comes
from a set of 3-6 or so nodes that you keep for O(weeks), and
Guard_3 you rotate something like
As I was saying above, a fixed exit would allow compromise in the time
it takes to begin surveillance (times three). We can likely do better
than that.
Ok, this was my assumption behind arguing for staggering these rotation
periods, too. I don't think that having a fixed exit is a good
The idea would be that Guard_3 would rotate on the order of hours,
Guard_2 would come from a set that is rotated on the order of days
(based on the expected duration for the adversary to become Guard_3), and
Guard_1 would rotate on the order of months (based on the expected
duration for the
HS - Guard_1 - Guard_2 - Guard_3 - RP.
The idea is that Guard_1 is a single node that you choose and keep for
O(6 months, or as long as possible), but Guard_2 actually comes from a
set of 3-6 or so nodes that you keep for O(weeks), and Guard_3 you
rotate something like O(hours).
...
The
A. Johnson:
It seems to me that we want to defend against (at least) two
different attacks here:
Sybil attack:
...
Coercion attack:
Yes, I also am currently thinking about the problem in this way.
Unfortunately, it doesn't really make sense to add two '5 day
guards' in a
And yes again. In this model, an ultra-mega-secret HS should use a
long chain of guards. Of course, at some point, it is easier to do a
congestion attack to identify the first guard being used by the HS.
That is still a win, though, in that such an attack takes more
technical skill and
A. Johnson aaron.m.john...@nrl.navy.mil writes:
As I've suggested before, I really really think you should also analyze
an I2P-like scheme where HSs try really hard to maintain path
persistence to their RPs for some fixed time period on the order of an
hour (but which can be parameterized and
It seems to me that we want to defend against (at least) two different
attacks here:
Sybil attack:
...
Coercion attack:
Yes, I also am currently thinking about the problem in this way.
Unfortunately, it doesn't really make sense to add two '5 day
guards' in a circuit, since a Sybil
George Kadianakis:
Roger Dingledine a...@mit.edu writes:
On Sat, Sep 13, 2014 at 04:07:13PM +0300, George Kadianakis wrote:
So let's say that along with our guard, we also pick 6 second-tier
guards (middle nodes) that also get pinned for 2-3 months. This makes
us look like this:
As I've suggested before, I really really think you should also analyze
an I2P-like scheme where HSs try really hard to maintain path
persistence to their RPs for some fixed time period on the order of an
hour (but which can be parameterized and analyzed to give the expected
time for guard
Paul Syverson paul.syver...@nrl.navy.mil writes:
On Fri, Jul 11, 2014 at 08:31:05AM -0400, Ian Goldberg wrote:
On Fri, Jul 11, 2014 at 01:44:36PM +0300, George Kadianakis wrote:
Hey Nick,
this mail is about the schemes we were discussing during the dev
meeting on how to protect HSes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 13/09/14 14:07, George Kadianakis wrote:
a) To reduce the ownage probabilities we could pick a single
middle node instead of 6. That will greatly improve guard
discovery probabilities, and make us look like this:
HS - guard - middle - exit
On Sat, Sep 13, 2014 at 04:07:13PM +0300, George Kadianakis wrote:
So let's say that along with our guard, we also pick 6 second-tier
guards (middle nodes) that also get pinned for 2-3 months. This makes
us look like this:
- middle1
- middle2
HS - guard - middle3 -
On Fri, Jul 11, 2014 at 01:44:36PM +0300, George Kadianakis wrote:
Hey Nick,
this mail is about the schemes we were discussing during the dev
meeting on how to protect HSes against guard discovery attacks (#9001).
I think we have some ideas on how to offer better protection against
such
Sebastian G. bastik.tor bastik@googlemail.com writes:
11.07.2014 14:31, Ian Goldberg:
On Fri, Jul 11, 2014 at 01:44:36PM +0300, George Kadianakis wrote:
Hey Nick,
this mail is about the schemes we were discussing during the dev
meeting on how to protect HSes against guard discovery
19 matches
Mail list logo