Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Wednesday July 27 2016, @04:13AM   Printer-friendly
from the honest-onions dept.

A pair of researchers from Northwestern University are working on a framework to let users identify misbehaving Tor nodes.

In a brief paper presented to last week's Privacy Enhancing Technologies symposium in Germany, they suggest their proof-of-concept worked, turning up 110 snooping relays on Tor. Northwestern University's Amirali Sanatinia and Guevara Noubir made the discovery on a 72-day run of their toolkit starting in February.

The problem centres around hidden services, which are meant to protect users by keeping traffic on the Tor network. That protects users against attacks that match entry-node traffic to exit-node traffic, because there's no exit node.

However, as CloudFlare-supported research found last year, the Hidden Service Directory (HSDir) then becomes an attack vector.

That's what Sanatinia and Noubir went to work on in this brief paper. They describe “honey onions” (honions) that they reckon “expose when a Tor relay with HSDir capability has been modified to snoop into the hidden services that it currently hosts”.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by Anonymous Coward on Wednesday July 27 2016, @05:48AM

    by Anonymous Coward on Wednesday July 27 2016, @05:48AM (#380613)

    It has traffic padding and a couple other additional anonymizing features that never made it into the official java reference router, but which are already provisioned for in the protocol documentation and that the router could handle if the transmitting node support for it was added.

    Plus unlike Tor, I2P was hidden service first with clearnet access as a limited secondary goal. (I2P doesn't choose random endpoints to send clearnet traffic through, due in large part to there only being 1 public clearnet endpoint (which leaves the network via a TOR socks proxy) and maybe a few other private I2P socks endpoints. It is not officially sanctions because of concerns about identity leaks from SOCKS proxied apps (same issue as applies to tor, but is often overlooked in their discussion of utilizing services over it.)

    Starting Score:    0  points
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  

    Total Score:   2