> On 25 Jul 2017, at 15:36, Nima Azizzadeh <n.azizza...@gmail.com> wrote: > > Hello > My name is Nima Azizzadeh and I'm a second year of mastering Cyber Security > major at University of Tehran, Iran. I am extremely interested in pursuing > independent research. An extensive research experience will greatly help me > consolidate my future career choice. > > Recently I'm interested in tor project vulnerabilities and I looked at some > papers about it. This paper "The Effect of DNS on Tor’s Anonymity, NDSS, > February 2017" attracted a great deal of my attention. A lot of research has > gone into improving the Tor network, but its use of DNS has received little > attention. In this research project, they set out to learn how DNS can harm > the anonymity of Tor users, and how adversaries can leverage the DNS protocol > to deanonymize users. They studied (i) how exposed the DNS protocol is > compared to web traffic, (ii) how Tor exit relays are configured to use DNS, > (iii) how existing website fingerprinting attacks can be enhanced with DNS, > and (iv) how effective these enhanced website fingerprinting attacks are at > Internet-scale. > > Also, I found another project that I think can defend against these attacks > to some degree. The project is T-DNS (Connection-Oriented DNS to Improve > Privacy and Security - DNS over TCP and TLS). It combines TCP to smoothly > support large payloads and mitigate spoofing and amplification for DoS. T-DNS > uses transport-layer security (TLS) to provide privacy from users to their > DNS resolvers and optionally to authoritative servers. > > I want to integrate T-DNS server proxy and client proxy with Tor project > source code to add some security feature to Tor project. I also implement > T-DNS server proxy and client proxy I just need to add this feature in Tor > source code. Something like creating a built-in standalone T-DNS client proxy > and server proxy in Tor relays, and encourage people to use them with Tor > Exits (and other DNS clients and servers). > > As you have a lot of exprience on Tor project, I would be happy if you could > help me on this or give me some suggestion to clarify the way for me. I look > forward to hearing from you!
Hi Nima, We would love to make Tor's DNS more secure. Tor Exits use DNS from a lot of different providers. The Tor network can't rely on just a few T-DNS servers. That would make them a single point of failure. So I think we need to fix the DNS protocol and upgrade most DNS servers to make this work. Or, we could create a standalone T-DNS client proxy and server proxy, and encourage people to use them with Tor Exits (and other DNS clients and servers). That would be a great way to upgrade gradually. Tim T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
