Tor, DoS, Hacks, Privacy Tokens

The privacy-oriented browser Tor (The Onion Router) is researching ways “anonymous tokens†could counter Denial of Service (DoS) attacks – a pressing issue for the network.

Tor has been subject to DoS attacks, degrading its performance. While there are technical fixes Tor has worked to implement, the nature of the network and the anonymity of the traffic on it make it particularly susceptible to DoS attacks.

In August, Tor introduced the idea of using anonymous tokens to counter such attacks, allowing them to differentiate between “good†and “bad†traffic, and to avoid implementing user accounts, which most sites and networks use to identify traffic and bad actors.

During last week’s “State of the Onion†address, when the Tor team gave updates on projects and forecasted new developments for 2021, the team reinforced their interest in developing these anonymous tokens.

“Memory is an amazing thing,†said George Kadianakis, a Tor Network team developer. “It allows us to experience the world, remember the things we’ve been to and remember the nice food we ate.

“It’s also particularly important in our digital life. At Tor, we don’t have the concept of memory. The Tor network does not keep track of its clients, does not use cookies or anything, and every claim that comes in and comes out we forget about it. So Tor is memoryless. It’s stateless. And this fact causes some issues.â€

A DoS attack is one such issue.

What is a DoS attack?

A DoS attack disrupts a website by initiating thousands of connections to it, overwhelming it and causing it to crash.

Tor is particularly vulnerable to such attacks because of its emphasis on anonymity. While a normal network would have your identity tied to an account or the like, Tor does not; therefore, it doesn’t have a great way of differentiating malicious traffic from non-malicious traffic.

The process of navigating the Tor network to secure a connection between a server and remote user also requires intensive work by a central processing unit (CPU), which can get to a state where it’s maxed out and unable to accept new traffic, a feature DoS attacks exploit.

Read more: Tor Project Launches Membership Program to Boost Agility, Funds

“The attacks exploit the inherent asymmetric nature of the onion service rendezvous protocol, and that makes it a hard problem to defend against,†reads a post that examines solutions to DoS attacks..

“During the rendezvous protocol, an evil client can send a small message to the service while the service has to do lots of expensive work to react to it,†the post reads. “This asymmetry opens the protocol to DoS attacks, and the anonymous nature of our network makes it extremely challenging to filter the good clients from the bad.â€

How anonymous tokens could help

Rather than implementing accounts or cookies, both of which would undermine Tor’s mission, Kadianakis proposed tokens that could be included in a user’s traffic request. These tokens would allow websites accessible through the Tor network to “intelligently prioritize which requests it answers.â€

“We could use anonymous tokens. Tokens are a part of the internet that use blockchains and other protocols like Cloudflare’s Privacy Pass,†saids Kadianakis during the presentation. “It’s basically like a train ticket. By having a train ticket you can show that you’ve done some effort to acquire it, but it doesn’t tie to your identity. So if you drop it on the floor and someone else picks it up they cannot impersonate you and they don’t know who you are.â€

The scenario he envisioned is one where the onion service could issue these tokens and give them to clients who have already demonstrated their trustworthiness (in ways yet to be determined). These trusted clients would then give their tokens to the onion service when they connect and, in doing so, get service before an untrusted user (eg., a potential attacker).

Read more: ‘Digital Mercenaries’: Why Blockchain Analytics Firms Have Privacy Advocates Worried

Kadianakis said tokens could also be used to design a secure name system so people can register names for their own use with tickets, which could help encourage audience activities.

“The anonymous nature of our network makes it challenging to filter the good clients from the bad. There is no one established attacker, but rather an ongoing challenge,†according to Isabela Bagueros, executive director of the Tor Project.

“That is why we are focused on investigating methods to rate limit or otherwise reduce the ability of clients to make large numbers of connections to an onion service without violating a client or service’s privacy,†she said.

Users could also apply their tokens toward acquiring private bridges and exit nodes, which would potentially provide additional security. Private bridges are how users access the Tor network in places where censors have blocked access to public Tor relays by blocking their IP addresses. They have a collection of private bridges that are not publicly available; these can be handed out a few at a time to clients in order to impede enumeration and IP address-blocking by censors.

Tokens may help with one crypto hack

Another attack vector for hackers are “relays.†Relays route traffic and obscure traceable and identifiable IP addresses, with an exit relay being the final one that connects users to a site.

As CoinDesk reported in August, a hacker was using his or her position as a “major exit relay host to stage sophisticated person-in-the-middle attacks, stripping websites of encryption and giving her/him full unrestricted access to traffic passing through her/his servers.†The hacker was using this access to steal cryptocurrencies.

When asked what impact tokens might have on mitigating such an attack, Kadianakis said a token-based approach could improve usability in a way that makes phishing attacks like this infeasible, but it all depends on the integration.

Read More: Start9 Labs Pitches a Private At-Home Server. And It Works

“Another approach to this issue, one that we’re already taking, is to strengthen the onion services ecosystem and encourage more service and sites to use onions, as onion services do not use exit nodes and therefore bypass this kind of attack completely,†he said in an email to CoinDesk.

For exits and exit safety, the Tor Project is investigating ways of creating a trusted set of exit relays with known and verified operators, to reduce the incidence of attack from exit usage, said Bagueros.

“We are also looking into requiring captcha-issued tokens in order to use these exits. In this way, these exits should be used less for automated scraping and spam, which should reduce the rate at which their IP addresses are banned from sites, and generally improve their IP address reputation,†she said.

The team is still researching tokens and does not have a timeline for development.

Proof-of-Work

Another approach the original blog post lays out is a proof-of-work system to acquire tokens.

Onion services can ask the client to solve a proof-of-work puzzle before they’re allowed to connect.

“With the right proof-of-work algorithm and puzzle difficulty, this can make it impossible for an attacker to overwhelm the service, while still making it reachable by normal clients with only a small delay,†read the post.

In the case of DDoS attacks, Kadianakis said Tor could employ proof-of-work tokens created by the clients themselves and sent directly to the service.

Read more: How a Hacker Launched a Decentralized Network to Track Internet Censorship

“Proof-of-work is one way to make it more expensive for clients to consume service resources in bulk that we’re investigating,†said Bagueros. “We’re also looking into … a token that signifies the quantity of work spent compactly without impacting privacy.â€

Tor has not yet found a privacy-oriented blockchain it sees as sufficient for this, but remains hopeful one will be found.

In terms of other ways of earning these tokens, Tor lays out a number of options, such as allowing connected sites to award tokens to trusted users or giving users tokens with every donation they make to the project. It is also in the midst of brainstorming what additional benefits tokens could offer, how they could interact with each other and what wallets for them might look like, including a Tor Browser wallet integration.

There is currently no discussion about monetizing tokens.

Du lịch nhật bản, hướng dẫn du lịch Nhật và đánh giá địa điểm Nhật Bản Japan travel news, japan travel guides, japan holiday destinations and japan reviews

RELATED NEWS

Alleged Bitcoin Fog Operator Arrested for Money Laundering, Admin Accused of Mixing 1.2 Million BTC

U.S. law enforcement arrested the alleged operator of Bitcoin Fog, Roman Sterlingov in Los Angeles on Tuesday. Documents show Sterlingov is accused of laundering over 1.2 million bitcoin via the Bitcoin Fog mixer, a tool that allows users to mix transactions together. According to federal investigators, Sterlingov ran the operation for ten years and processed […]

Xem chi tiết: Alleged Bitcoin Fog Operator Arrested for Money Laundering, Admin Accused of Mixing 1.2 Million BTC

North Korean Hackers Threatened Bithumb Exchange With a $16M Ransom Amid the 2017 Data Breach, Says Report

A new report commissioned by the U.S. secret services unveiled what happened behind the attack launched by North Korean hackers against a South Korean crypto exchange. The case is about a breach on June 29, 2017, which exposed data tied to over 30,000 customers stemming from Bithumb. Hackers Threatened to ‘Destroy’ Data and Cryptos Stolen […]

Xem chi tiết: North Korean Hackers Threatened Bithumb Exchange With a $16M Ransom Amid the 2017 Data Breach, Says Report

US Government Expands Charges Against North Korean Hackers- Authorities Describe Them as The ‘World’s Leading Bank Robbers’

The U.S. Department of Justice (DOJ) unsealed new charges against the North Korean state-sponsored Lazarus Group. The hackers are allegedly responsible for stealing over $1.3 billion in cryptocurrencies and fiat during coordinated cyber-heists. North Korean Hackers Also Developed and Deployed Malicious Crypto Apps According to the announcement, law enforcement expanded charges to Park Jin Hyok, […]

Xem chi tiết: US Government Expands Charges Against North Korean Hackers- Authorities Describe Them as The ‘World’s Leading Bank Robbers’

UN Report: North Korea Stockpiles $316 Million in Cryptocurrencies From Cyberattacks

A panel of experts at the United Nations says that North Korea has amassed $316 million in cryptocurrencies from various cyberattacks on crypto exchanges and financial institutions. The panel also investigated North Korea’s involvement in the $281 million hack of a crypto exchange. UN Expert Panel Sheds Light on North Korea’s Cyberattack Activities A United […]

Xem chi tiết: UN Report: North Korea Stockpiles $316 Million in Cryptocurrencies From Cyberattacks

Darknet Giant White House Market Drops Bitcoin, Supports Monero Payments Only

The prominent darknet marketplace, White House Market, has dropped bitcoin payments and now accepts monero only. The darknet marketplace administrators detailed that there was an issue with a payment processor blocking Tor exit nodes, but the full transition to monero was always planned. A number of crypto proponents have reported on the darknet marketplace, White […]

Xem chi tiết: Darknet Giant White House Market Drops Bitcoin, Supports Monero Payments Only

EXMO Exchange Now Says It Lost 6% of Total Crypto Assets in Monday’s Hack

Cryptocurrency exchange EXMO has given a new estimate for the amount of cryptocurrency lost in a security breach Monday, saying nearly 6% of its total crypto assets were stolen. The U.K.-based platform had originally estimated that 5% of its cryptocurrency had been lost to the attacker. The total loss in terms of dollar value is […]

Xem chi tiết: EXMO Exchange Now Says It Lost 6% of Total Crypto Assets in Monday’s Hack

Crypto Exchange EXMO Says Hackers Have Stolen 5% of Total Assets

U.K.-based cryptocurrency exchange EXMO disclosed Monday that its hot wallets have been compromised and all withdrawal activity has been suspended.  In a blog post on Monday, EXMO said it had detected “large withdrawals” on Dec. 21 at 02;27 UTC, and reacted “immediately and re-deployed hot wallets.” Five percent of the total assets held by the […]

Xem chi tiết: Crypto Exchange EXMO Says Hackers Have Stolen 5% of Total Assets

Monero Breaks 2-Year High Amid Rising Concerns Over Online Ransom

Prices for privacy-focused cryptocurrency monero broke its two-year high on Tuesday. It has been rallying since March’s crypto market sell-off. Monero (XMR) prices, Dec. 15, 2019 to Dec. 15, 2020. The price of monero rose to as high as $157.64 early Tuesday, the highest level since June 2018, according to data compiled on the CoinDesk […]

Xem chi tiết: Monero Breaks 2-Year High Amid Rising Concerns Over Online Ransom

CEO of DeFi Insurer Nexus Mutual Hacked for $8M in NXM Tokens

Coronavirus-Induced Poverty Will Bring More Bitcoin Crime in 2021: Kaspersky Report

Crypto Exchange Liquid Says User Data Possibly Exposed in Security Breach

Televend’s Complex System of Telegram Drug Bots Swell as German Police Seize 9 Telegram Drug Channels

Concordium Debuts its Business-Oriented Blockchain Mainnet

Doge in Brooklyn: A Local Apparel Store Starts Accepting the Famed Crypto

Iran’s President Wants Crypto ‘Laws and Instructions’ Implemented as Soon as Possible

South African Court Submissions Expose Lies and Deceptive Tactics Used to Perpetuate MTI Bitcoin Ponzi Scheme

Other Articles