Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for experimental subsystems #699

Closed
Baccount opened this issue May 27, 2018 · 1 comment
Closed

Support for experimental subsystems #699

Baccount opened this issue May 27, 2018 · 1 comment
Labels
defense in depth enhancement

Comments

@Baccount
Copy link
Contributor

Baccount commented May 27, 2018
edited

mikeperry has developed new subsystems that protects against multiple side channel attacks, and against Guard discovery attacks which may be able to de-anonymize OnionShare's onion services "hidden services". It should be possible to implement this script into onionshare with some default options set up for users and the ability to customize the options.

The Vanguards Subsystem

Each of these options is assigned its own set of nodes, which are rotated based on the randomized selection algorithm specified in the Mesh Vanguards Proposal.

The Rendguard Subsystem

The Rendguard subsystem keeps track of how often various relays appear in the rendezvous point position on the service side of an onion service. Since rendezvous points are be chosen by the client that connects to a service, it is possible for clients to choose malicious, colluding rendezvous points to help them mount guard discovery and other attacks.
This subsystem emits warnings and optionally closes the circuit when a rendezvous point is chosen more than a 2X multiple of its consensus bandwidth weight.

The Bandguards Subsystem

The bandguards subsystem performs accounting to watch for signs of bandwidth sidechannel attacks on individual onion service circuits. It then closes circuits that exceed these limits and emits log messages. While we expect the default values to be set properly, these limits can be tuned through configuration as well. See the Configuration section for more details.

And here is a example config file.
https://raw.githubusercontent.com/mikeperry-tor/vanguards/master/vanguards-example.conf

https://github.com/mikeperry-tor/vanguards

Here is the official proposal for vanguards.

https://gitweb.torproject.org/torspec.git/tree/proposals/292-mesh-vanguards.txt
@micahflee
@mig5
@Baccount
Copy link
Contributor Author

Baccount commented Jun 14, 2018
edited

I got vanguards subsystems working! @mig5 @maqp And it also works with V3 onions.
Optional add V3 support #461 (comment)
Optional Compile Tor 0.3.4.2 for The Bandguards Subsystem support.

  1. Download https://github.com/mikeperry-tor/vanguards.git
  2. Recompile onionshare with ControlPort 9051 added to the torrc_template replace tor.real 0.3.3.x with tor.real 0.3.4.x
  3. Open onionshare
  4. Open vanguards-example.conf and change the option circ_max_dropped_bytes_percent to = 100.0 and circ_max_megabytes should equal the size of the hosted file, right now set it too = 10000
  5. cd to the vanguard file source directory and then run
    ./src/vanguards.py --control_port 9051 --loglevel DEBUG --config Vangard_source_location/vanguards-master/vanguards-example.conf
  6. Start a share in Onionshare and Vangards and the other subsystem should now run correctly.

Update

Disable Stop after first download option or the download gets cancelled around 3/4th of the way through.

TorProject made a parent tracking ticket for vanguards implemtation. https://trac.torproject.org/projects/tor/ticket/26635

@Baccount Baccount mentioned this issue Jun 17, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defense in depth enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mig5 @micahflee @Baccount