Skip to content
Snippets Groups Projects

Tor

Last edited by Alexander Færøy

Guard node improvements (task 4.1)

  • Further design and discussion, along with at least one whitepaper, discussing guard node design and improvements based on the reactions of researchers in the field.
  • A more formal set of specification documents describing our guard selection and path selection algorithms, so that researchers can better analyze their security properties, so that we can better validate the correctness of our implementation, and so that other implementations of Tor and other anonymity tools can take advantage of our findings.
  • An implementation of our improved guard node design, included in our codebase, with improvements as found necessary during research.
  • Improvements to the testing of our route selection infrastructure. Risks and contingencies for guard redesign.

Improved public identity keys for Tor relays (task 4.2)

  • An updated design document to handle all pending questions in the design proposal with a complete specification for key algorithms currently described in English.
  • Additional design proposals for handling key revocation, and future identity key types if they should prove to be needed.
  • Support for offline identity key storage, so that a relay’s most sensitive key material no longer needs to be stored unencrypted on the same computer as the relay.
  • Directory system support for improved identity key infrastructure: relays must publish cross-certified [14] server descriptors including new identity key types [13] as well as old ones. Authorities must track and certify all key types, and prevent later changes in binding between identity keys.
  • Protocol support for improved identity key infrastructure: clients connecting to a server can verify that they are connecting to the server with the desired identity key(s), and can instruct midpoint servers to extend to the server with the desired identity key(s).

Better DoS resistance throughout the Tor protocol (task 4.3)

  • A whitepaper identifying and classifying kinds of DoS against onion routing networks; evaluating them for importance; identifying already-proposed fixes, and identifying problems for which new fixes are still needed.
  • One or more design proposals for improvements to the Tor protocol to avoid the most important denial-of-service attacks against Tor networks. These will provide sufficient detail and rationale so that other implementations of the Tor protocols, and designers of other anonymity tools, can use them to strengthen their systems as well.
  • Implementations of the most beneficial of these proposals (in terms of cost-benefit ratio), so as to render Tor servers and the Tor network less susceptible to denial of service. The details of these will be defined more fully after the analysis in the steps above.

Rigorous developer documentation (task 4.4)

  • A quick-start guide for new developers to Tor, covering the layout of the Tor source code, our coding practices, development methodology, testing strategies, and other information that new developers frequently take time to learn.
  • A quick-start guide to writing tests for the Tor codebase.
  • A high-level overview of the structure of the Tor codebase, explaining the relationships between the key modules in Tor and the data flows through each one.
  • A user’s manual for the compatibility and cryptographic layers at the bottom of the Tor code stack.
  • A detailed high- and low-level overview of all modules in Tor, their data flows, their intended interactions, and their actual behaviors.

Breakdown per year

Task Year 1 Year 2
Tor Task Area 1:
Guard Node
Improvements * Design and write at least one whitepaper on
guard node design and improvements. #17261 (moved)
  • Documentation specifying guard selection and path selection algorithms. #17261 (moved)
  • Implementation of improved guard node design. #17262 (moved) || * Improved testing of route selection infrastructure. #17295 (moved) || | Tor Task Area 2: |----------------- Crypto Improvement to Tor Relay Identity Keys || * Updated design document resolving pending questions.
  • Design proposals for handling key revocation, and future identity key types. #17265 (moved)
  • Support for offline identity key storage. #13642 (moved) || * Directory system support for improved identity key infrastructure. #17702 (moved) #17668 (moved)
  • Protocol support for improved identity key infrastructure. #15054 (moved) || | Tor Task Area 3: |----------------- Better DoS Resistance for the Tor Protocol || * Whitepaper identifying and classifying kinds of DoS against onion routing networks. #17263 (moved)
  • At least one design proposal for improvements to the Tor protocol to avoid DoS attacks against Tor networks #17268 (moved) || * Implementations of the proposals to render Tor servers and the Tor network less susceptible to DoS attack. #17293 (moved) || | Tor Task Area 4: |----------------- Rigorous Developer Documentation || * Quick-start guide for new developers to Tor. #17266 (moved)
  • Quick-start guide to writing tests for the Tor codebase. #17264 (moved)
  • Overview of the structure of the Tor codebase. #17267 (moved) || * User’s manual for compatibility and crypto layers. #17294 (moved)
  • Detailed high- and low-level overview of all modules in Tor. #17292 (moved) || | Browser Task |------------- Area 1: Security and Privacy || * Drop-in minimalistic PartitionAlloc Builds
  • Basic build hardening cleanup
  • Address short-term issues from iSEC report
  • Provide AddressSanitizer builds for alpha/beta series
  • Begin conversion of key Torbutton features into C++ patches || * Make use of more advanced PartitionAlloc features
  • Finalize remaining Torbutton conversion into C++
  • Improve Tor Browser Update security
  • Investigate and address remaining/long-term iSEC findings
  • Mozilla Sandboxing Support (contingent on Mozilla) || | Browser Task |------------- Area 2: Overall Usability || * Native code signing for MacOS and Windows
  • Continual usability improvements based on support feedback || * Continual usability improvements based on support feedback
  • Improve Security and Privacy feature UI || | Browser Task |------------- Area 3: Patch Cleanup and Merge Work || * Work with Mozilla to merge our updated patches for Firefox 31
  • Review Firefox 38 and update our patches
  • Update our toolchain and build system to support Firefox 38
  • Work with Mozilla to merge our updated patches for Firefox 38 || * Review Firefox 45 and update our patches
  • Update our toolchain and build system to support Firefox 45
  • Work with Mozilla to merge our updated patches for Firefox 45 || | Browser Task |------------- Area 4: Quality Assurance and Testing || * Mozilla testing coverage and test updates for Linux || * Automated Mac and Windows testing support
  • User-deployable automated Mac, Windows, and Linux testing ||

Tracking our work

Guard node improvements (task 4.1)

  • An implementation of our improved guard node design, included in our codebase, with improvements as found necessary during research.
    • tor-guards-revamp. (I suggest we don't use"tor-guard" for this, since that is for every single guard-related thing.)
  • Improvements to the testing of our route selection infrastructure. Risks and contingencies for guard redesign.

Improved public identity keys for Tor relays (task 4.2)

  • Protocol support for improved identity key infrastructure: clients connecting to a server can verify that they are connecting to the server with the desired identity key(s), and can instruct midpoint servers to extend to the server with the desired identity key(s).

Better DoS resistance throughout the Tor protocol (task 4.3)

  • One or more design proposals for improvements to the Tor protocol to avoid the most important denial-of-service attacks against Tor networks. These will provide sufficient detail and rationale so that other implementations of the Tor protocols, and designers of other anonymity tools, can use them to strengthen their systems as well.
  • Implementations of the most beneficial of these proposals (in terms of cost-benefit ratio), so as to render Tor servers and the Tor network less susceptible to denial of service. The details of these will be defined more fully after the analysis in the steps above.

Rigorous developer documentation (task 4.4)

  • A user’s manual for the compatibility and cryptographic layers at the bottom of the Tor code stack.
  • A detailed high- and low-level overview of all modules in Tor, their data flows, their intended interactions, and their actual behaviors.

Comments

    Please register or sign in to add a comment.