Censorship- and Coercion-Resistant Network Architectures (HOPE XI)
Decentralized network architectures can protect against vulnerabilities not addressed by strong encryption. Encryption works well, but only when private keys can be kept secret and ciphertext can get to its destination intact. Encrypted messages can be surveilled by acquiring private keys (FBI and Lavabit/Apple), man-in-the-middle attacks (NSA QUANTUM), or censored by blocking communication entirely (Pakistan and YouTube). These attacks are difficult to protect against because they are social rather than technological. But they all have one thing in common: they require centralization. Censorship and man-in-the-middle attacks target communication bottlenecks and legal coercion targets a small number of legal entities. This talk will discuss decentralized approaches to attack tolerance, including ongoing original research.
The Onion Report (HOPE XI live blog)
Notes taken at HOPE XI.
Presenters:
asn
Nima Fatemi
David Goblet
Nima gives some basic stats. New board, 6 members. 8 employees, 12 contractors. 40 volunteers. 7000 relay operators. 3000 bridge operators. Dip in relay operators around April 2016 with corresponding spike in bridge operators.
Five teams work on TOR. The Network team is working on better crytography (Ed25519 and SHA3). TOR depends on 8 trusted computers around the world that maintain consensus, which are sometimes attacked with DDoS. There is now a backup list that can be used when no consensus is reached.
Application team doing ongoing development on the TOR browser. Porting the browser to mobile platforms. Doing research and development on sandboxing and usability. Also working on TorBirdy (email) and Tor Messenger (XMPP, OTR).
The UX team collaborating with security usability researchers. Can’t collect usage data because of privacy. Running user studies. Now have a security “slider.” Now display routing chain.
Community team drafting social contracts, membership guidelines, etc. Doing outreach, including the Library Freedom Project.
Measurement team received $152,500 grant from Mozilla. Revamping entire metrics interface.
Ahmia is a search engine for onion services. TOR now gives badges to relays.
Copyright © Edward L. Platt 2011–2024
