Is it true (yet?) that each Tor router maintains a connection with each other router? Why?

Asked

Viewed 402 times

9

The original article describing the tor project, in the first paragraph of section 4, it says:

Each onion router (Onion router) maintains a TLS connection with each other onion router.

The paper is from ten years ago (2004), when there were a much smaller number of relays on the Tor network. Today there are more than 5000.

  • That number doesn’t break some limit of open sockets or something?
  • Does not impose a performance penalty on relays?
  • Maintaining or not these connections affects some primitive security?
  • And what kind of messages do they exchange in these open connections when they’re not part of the same circuit?

P.S.: I’m sorry if the translation "onion router" gives someone chills. I find it jocose ;)

security-guard networks tor

  • Cross-posted no tor.SE: http://tor.stackexchange.com/questions/1867/is-is-still-true-that-each-onion-relay-keeps-an-open-tls-connection-to-every-oth

1 answer

7


The fact that each "Relay" node has to connect to any other node of this type does not mean that the connections need stay open 100% of the time - just while they’re being used. I don’t know the protocol in detail, but second that thread at a given moment only a subset of the possible connections are actually open. There is a configurable limit to the maximum number of sockets open simultaneously, for this reason.

I don’t know how to talk about performance, but network security is impacted by the number of nodes. According to these two questions in security.SE, if an attacker (for example the NSA) creates a large number of Relays, and a connection start and end in a Relay controlled by them (even if it leaves and enters again) it is possible to correlate the package size and the date/time of the connection, and so conclude that the IP address "A" communicated with the "B" - and in many cases (or all), know also the content of this communication.

If the connection only starts at a node controlled by the attacker, you can’t know the content, just profile (i.e. know that IP "A" uses Tor) - which depending on the country and your regime may be all you need to know.

Whether there is a defense to this or not, I cannot say, there is much information and I am not really familiar with this protocol. What I know is that there are different kinds of us: Entry/Exit, who communicate with Tor customers; Relay, that communicate with each other, and may or may not also be Entry/Exit; Bridge, which is not listed in the Tor directory, so as to make it difficult to identify and Bloquer all nodes; etc. In some circumstances, a client can be configured to restrict which nodes can be used as Entry, but according to the FAQ this should not normally be done, and may even worsen anonymity.

As for the last question, I do not believe there is any communication between the nodes when they are not participating in a circuit at that time (i.e. transmitting a package of point A pro B). So much so that the sockets can be closed - if they are not, it is for reasons of efficiency.

  • Thank you for the answer! As for the main question, in fact, I looked now and saw that there is the option ConstrainedSockSize (https://www.torproject.org/docs/tor-manual.html.en). Thank you for the clarification! About security, I was referring to whether or not I had the connections open. Actually, the number of nodes is critical to anonymity, but I didn’t know if these connections needed to stay open for any reason. Thanks for the help!

Browser other questions tagged security-guard networks tor

You are not signed in. Login or sign up in order to post.