1

I've recently learned much more about Tor hidden service, thanks to this post, and its answers. But I am still wondering about a few small tid-bits...

As said in the linked post:

Q: If a hidden services IP is hidden, how is it possible to connect to them?

A: "Tor network uses different mechanisms, as stated in the article mentioned above."

a. If I am interpreting this correctly, then Tor uses a mechanism to find the hidden IP of the hidden service hoster, so whose to say an individual aiming to deanonymize a hidden service hoster doesn't use these same mechanisms or somehow see's the IP after Tor has completed this mechanism and find's the hoster's real IP, which could be very dangerous, depending on the situation. (oppressive government)

b. Another way I have interpreted this is that the client, nor Tor, needs to know the real IP address of the hidden service hoster, since they only communicate through a rendezvous point, and they both go through 3 encrypted hops just like normal to the rendezvous point, providing them both anonymity. Is this true, or is a. true?

If b. is true, then the client and hidden service hoster don't communicate outside of the rendezvous point, becuase it's unsafe... So how do they find out which rendezvous point they will both be communicating at? And is\f the data is decrypted at the rendezvous point from the hidden service from the hoster, and encrypted again for the client, could a malicious/adversary controlled rendezvous point see what data is being sent/received?

This is also stated in the linked post:

"Note that hidden services might be deployed without IP address at all; while a machine running Tor would have an IP address, the hidden service itself might only listen on HiddenServicePort and thus be not available without Tor at all."

If an individual is living in a country with an oppressive government, and wants to host a hidden service in this way to avoid a dangerous situation, how would they do so?

Thanks for any and all answers.

tim petrem
  • 33
  • 3

2 Answers2

1

Another way I have interpreted this is that the client, nor Tor, needs to know the real IP address of the hidden service hoster, since they only communicate through a rendezvous point, and they both go through 3 encrypted hops just like normal to the rendezvous point, providing them both anonymity. 

Yes, this is correct. It's helpful to think of the hidden service as a mirror of the standard tor connection: both you and the site create a 3-node circuits, and what would normally be the exit nodes talk to each other*. Just as a clearnet site you visit does not know your IP, but just the exit node's, so you don't know the hidden service's IP.

You can find out more about these mechanics on the Tor Stack Exchange and the Tor website.

* The client's exit nodes only talk to the hidden service's "exit" nodes to pass along a request for a rendezvous point; the service replies with one, and the rest of the communication happens over that circuit.

Community
  • 1
Xiong Chiamiov
  • 9,384
  • 2
  • 34
  • 76
  • Thank you very much for the answer, that clears that up for me. But what was the mechanism spoke of in [this posts answer?](https://security.stackexchange.com/questions/147068/few-questions-about-tor-hidden-services) And how does the hidden service/host and the user/client determine which rendezvous point they will communicate through if they don't communicate outside of it? Also when data is sent by either the hidden service or the client, I assume it is decrypted at the rendezvous point, then re-encrypted when sent to the reveivier, Is this correct? – tim petrem Jan 03 '17 at 19:32
  • I'm not sure exactly what the answerer there meant. But as detailed in the links in my answer, the hidden service creates a *hidden service descriptor* that contains information about the service itself as well as the entry points to its circuits, and then uploads that to a distributed hash table; your client downloads the descriptor from the hash table, and that's how it knows where to send traffic to. – Xiong Chiamiov Jan 03 '17 at 19:58
  • On the subject of encryption, the Tor website says that "the rendezvous point simply relays (end-to-end encrypted) messages from client to service and vice versa.". I'm not clear on how exactly this happens, but it does appear that the communication is entirely encrypted. – Xiong Chiamiov Jan 03 '17 at 19:59
1

To add to the answer above:

If b. is true, then the client and hidden service hoster don't communicate outside of the rendezvous point, becuase it's unsafe... So how do they find out which rendezvous point they will both be communicating at?

The rendezvous point is chosen by a client, randomly, from a list of Tor relay nodes (they don't have to be exit nodes). The client decides which node would serve as RP, establishes a circuit to this node, and then tells the server (through introductory point) the fingerprint of the node.

And if the data is decrypted at the rendezvous point from the hidden service from the hoster, and encrypted again for the client, could a malicious/adversary controlled rendezvous point see what data is being sent/received?

The communication between server and client is NOT decrypted at RP; it is end-to-end encrypted. RP is only forwarding data between them, but it doesn't know what is there. So the answer is no, adversary RP cannot see what data is being sent. However it can see which Tor node the data is being sent to/received from. This is why Tor client does not talk directly to RP.

If an individual is living in a country with an oppressive government, and wants to host a hidden service in this way to avoid a dangerous situation, how would they do so?

The individual then firewalls the machine running the server from Internet, preferably using an external firewall. The firewall should pass no incoming connections, and should only pass outgoing TCP connections. It should also block ICMP (with couple of exceptions) and UDP.

Your server must only listen on 127.0.0.1 IP address, and not on any other address.

Hidden service is configured in Tor configuration. For example, you can configure ssh on your server by adding the following into the torrc file:

HiddenServicePort 22 127.0.0.1:22

This means a connection coming to Tor hidden server address, port 22 is forwarded to 127.0.0.1, port 22. If your sshd is only listening on 127.0.0.1:22, you now have the SSH server which is not accessible through "normal" internet, and is only accessible through Tor.

George Y.
  • 3,504
  • 2
  • 10
  • 15