3

At least some decentralised networks purported to provide anonymity are vulnerable to this attack: the original software is modified to allow tracking/logging/whatever, and a large amount of nodes running this modified software joins the network. The larger the proportion of attacker's nodes is, the less secure is the network.

Examples:

When a police officer wants to determine if a Freenet node is downloading child pornography, he parses the logs kept by the ICAC database. That database logs activity on Freenet from several law enforcement nodes operating on the network that have been modified for law enforcement use.

Is there an architectural solution to this vulnerability? Are there decentralised networks not vulnerable to this?

To me it seems like there is no way for genuine nodes to reliably verify that yet another new node is running unmodified software. Barring circumstantial methods (e.g. an oddily large amount of new nodes suddenly crops up on AWS), no methods seem to exist even in theory: compromised nodes will respect the protocol and remain unnoticed to genuine nodes, while knowing each other and cooperating to break anonymity for the attacker's benefit.

Do these considerations stand?

Greendrake
  • 669
  • 1
  • 8
  • 17

1 Answers1

3

It would be possible in theory using remote attestation for network access controls. This could reduce the TCB (Trusted Computing Base) to only the CPU. Unfortunately, this would require all Tor relays to be run on hardware that supports such remote attestation such as those with SGX, which would raise both practical and ethical issues as it would, in essence, be a form of DRM. This technique is general and is not specific to Tor. It is a way for a remote system to attest to the fact that it is running specific code. It requires trusted hardware that is able to run signed code without the rest of the operating system, even the kernel, being able to tamper with, or even read, its execution context (if it could read the protected memory, it could get the master key and use it to tamper with the encrypted traffic).

Note that this would protect from relays with a maliciously-modified copy of Tor, but it would not at all prevent passive traffic analysis attacks or attacks that involve injecting delays into encrypted traffic (so-called tagging attacks). These attacks do not rely on a custom version of Tor, but they are less powerful. Compare naïve tagging attacks with the much more powerful crypto tagging attack which requires a modified Tor process (or at least knowledge of the encryption and authentication key).

Currently, the only solution to these kinds of attacks is diligent users who monitor the network for any signs of malicious activity, such as that from the (presumably still active) KAX17 threat actor. There are some limited social techniques to improve trust in the network, however. And, of course, you can consider running some relays yourself to improve the network's resilience to these Sybil attacks!

forest
  • 64,616
  • 20
  • 206
  • 257