nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 21:16:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Write attacks+defenses vs rendezvous pts

Browse Source 
svn:r720
This commit is contained in:
Nick Mathewson 2003-11-03 00:52:50 +00:00
parent aed9895495
commit 49b1c0e95c
1 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
doc/tor-design.tex
View File

@ -1418,10 +1418,8 @@ and its resistance to attacks.
\SubSection{Attacks and Defenses}
\label{sec:attacks}
Below we summarize a variety of attacks and how well our design withstands
them.
[XXX Note that some of these attacks are outside our threat model! -NM]
Below we summarize a variety of attacks, and discuss how well our
design withstands them.
\subsubsection*{Passive attacks}
\begin{tightlist}
@ -1708,7 +1706,33 @@ them.
\subsubsection*{Attacks against rendezvous points}
\begin{tightlist}
\item foo
\item \emph{Make many introduction requests.} An attacker could
attempt to deny Bob service by flooding his Introduction Point with
requests. Because the introduction point can block requests that
lack authentication tokens, however, Bob can restrict the volume of
requests he receives, or require a certain amount of computation for
every request he receives.
\item \emph{Attack an introduction point.} An attacker could try to
disrupt a location-hidden service by disabling its introduction
point. But because a service's identity is attached to its public
key, not its introduction point, the service can simply re-advertise
itself at a different introduction point.
\item \emph{Compromise an introduction point.} If an attacker controls
an introduction point for a service, it can flood the service with
introduction requests, or prevent valid introduction requests from
reaching the hidden server. The server will notice a flooding
attempt if it receives many introduction requests. To notice
blocking of valid requests, however, the hidden server should
periodically test the introduction point by sending its introduction
requests, and making sure it receives them.
\item \emph{Compromise a rendezvous point.} Controlling a rendezvous
point gains an attacker no more than controlling any other OR along
a circuit, since all data passing along the rendezvous is protected
by the session key shared by the client and server.
\end{tightlist}