| herehere 2005-06-04, 8:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hey Zax,
I found some more information on the benifits of using SSL(or
TLS) with Tor and remailing; the additional layer of encryption
prevents "data injection" by the Tor ExitNode.
The topic of SSL protection from data injection is discussed in
or-talk; the thread is called "evil nodes":
<http://archives.seul.org/or/talk/Jun-2005/threads.html>
herehere <KSWLA7U538505.3833912037@reece.net.au> wrote:
(snip)
> I am not sure on this; but it seems to me that Traffic Anylasis
> of my remailing habits would be defeated when using Tor and TLS
> in conjunction. If Tor and TLS are always used then traffic
> anylasis (for example: time-stamps and data-injection) should
> not provide any meta-data on my remaling sessions.
Note: I am not an expert, but, as I understand matters my
statements below are correct.
The exitnode is the only node with access to unencrypted data
and it is the only node that can alter or inject data into the
stream.
A 'low to medium-powerful' adversary (ie. non-governmental)
could run a "honey pot" exitnode, injecting or altering the data
of specific Tor clients. This adversary logs the meta-data
transmited from the injected data. Traffic anylasis of the meta-
data can show the route a specific Tor client is using; the
client IP is not identifiable, only the route.
Cover traffic in the Onion Route 2 has a weakness via. injected
data by a honey-pot exitnode. If a honey-pot exitnode injectes
data or alters the data, traffic anylasis via. meta-data can
"pin-point" that specific client in the specific Onion Route 2
it is using. Thus, cover traffic is defeated because no matter
how much is offered traffic anylasis of injected data will
reveal the client.
The honey-pot exitnode has access to the destination url, Host,
etc. If at about the same time/duration each day I access the
same NG's from Panta's NNTP web-interface (HHTP) I am providing
alot of data for traffic anylasis. Traffic anylasis could
corralte my use of Panta's NNTP portal each day to my specific
Tor client (not a IP).
A TLS route though the Tor network to a Host, Stat update or
NNTPS server would prevent the exitnode from injecting data.
The exitnode would still know the destination Host or NNTPS
server but not the protocol (SMTP,M2N) or NG's/messages that are
downloaded.
After reading about Tor I find it less secure/anonymous than I
originally thought it was. That is why I feel the addition of
TLS is important if you need strong security and anonymity.
The only problem I see with using SSL and Tor is when I want to
use HHTPS (like Panta's webbased NG's). Using SSL will prevent
data-injection but it will also prevent Privoxy from filtering
dangerous webdata like: webbugs, java, cookies, images,
environmental info, etc.
The best solution I can see to the above problems is to set up a
Tor exitnode with a soft exit policy (119 ok) on my computer. I
would hard-coded my exitnode as the exitnode in my Tor client
via. "StrickExitNode". This way I can insure that the exitnode
is not a honey-pot node, I can use a TLS connection for
remailing and still use a HHTP connection for web-based reading
of free NG's. By using HHTP to read free NG's my my
environmental info and web-data is filtered.
Runing a Tor server has the added benifit of providing
"plausable deniability". All the connetions to/from my Tor
server, which also funtions as a entrynode and middleman should
provide 'cover traffic' for my Tor client's use.
It seems to me that if many people use remailing with Tor and
TLS and run thier own exitnode (hard-codeing as their client's
exitnode) we would all be more secure and anonymous as there
would be much more cover traffic and no danger from honey-pot
exit nodes.
Let me know what you think!
Thanks,
- ---
Question Everything...Stay Safe...herehere
Contact Info:
herehere <at> nym.panta-rhei.eu.org
- ---
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQA/ AwUBQqIw08eAaJ6NbaCwEQM5QgCfcbGhRYrBZYMQ
qtQND6LQQ6hUopoAn3ax
yoOF8TOixJ/14k0UNoxo0MV5
=2HL9
-----END PGP SIGNATURE-----
|