#29174: Guard Node can eclipse the hidden service -----------------------------------+------------------------------------ Reporter: TBD.Chen | Owner: (none) Type: defect | Status: new Priority: Very High | Milestone: Component: Core Tor/Tor | Version: Tor: 0.3.0.1-alpha Severity: Critical | Resolution: Keywords: guard, hidden service | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------------+------------------------------------
Comment (by TBD.Chen): I think using 2 guards is quiet better than the spot-check in this certain schema. Because the spot-check should balance traffic cost and the response time after the guard starting to drop cells. And if the spot-check failed, we cannot locate the bad points instantly. The bad point may be Intro-Points, other middle nodes, or even HSDirs. But if we use the 2 guards when we creating HS-IP circuit, we can avoid this with several additionally cost. If the attacker blocks half of the HS-IntroPoint circuits, the client may fail to send her INTRODUCE1 cell with half probability at the first, and then she will retry automatically until success. The client feels no abnormality. ------------------------------------------------------------- At last, can I get a TROVE-id or CVE-id for this bug track? Which can eclipse hidden services stealthily (: ------------------------------------------------------------- ------------------------------------------------------------- Replying to [comment:5 arma]: > Replying to [comment:4 mikeperry]: > > it would not be to hard to augment it to send periodic end-to-end probes for introduce1 circuits > > In the original tor-design paper, we spoke of onion services doing spot- checks of their introduction points, to make sure that they are actually introducing. That approach would test a larger fraction of the system than just doing a liveness check within the circuit. Both are kind of messy though. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29174#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs