Move hidden service protoco...
Karsten Loesing authored 16 years ago
|
1) ## translation metadata
|
more prop fixes, including...
Roger Dingledine authored 15 years ago
|
2) # Revision: $Revision$
|
Move hidden service protoco...
Karsten Loesing authored 16 years ago
|
3) # Translation-Priority: 3-low
4)
5) #include "head.wmi" TITLE="Tor: Hidden Service Protocol"
6)
7) <div class="main-column">
8)
9) <h2>Tor: Hidden Service Protocol</h2>
10) <hr />
11)
12) <p>
13) A hidden service needs to advertise its existence in the Tor network before
14) clients will be able to contact it. Therefore, the service randomly picks
15) some relays, builds circuits to them, and asks them to act as introduction
16) points telling them its public key. Note that in the following figures the
17) green links are circuits rather than direct connections. This makes it
18) impossible for anyone to associate the introduction points with the hidden
|
Incorporated two correction...
Karsten Loesing authored 16 years ago
|
19) server's IP address. This is important, because although the introduction
|
Move hidden service protoco...
Karsten Loesing authored 16 years ago
|
20) points and others are told the hidden service's identity (public key), they
|
Incorporated two correction...
Karsten Loesing authored 16 years ago
|
21) must not learn about the hidden server's location (IP address).
|
Move hidden service protoco...
Karsten Loesing authored 16 years ago
|
22) </p>
23)
24) <img alt="Tor hidden service step one" src="$(IMGROOT)/THS-1.png" />
25) # maybe add a speech bubble containing "PK" to Bob, because that's what
26) # Bob tells to his introduction points
27)
28) <p>
29) In a second step, the hidden service assembles a hidden service descriptor
30) containing the introduction points' addresses and its public key and signs
31) it with its private key. It stores that descriptor on a set of directory
|
Incorporated two correction...
Karsten Loesing authored 16 years ago
|
32) servers, again using a circuit that hides the link between the directory
33) server storing the
34) descriptor with the hidden server's IP address. The descriptor will be
|
Added some more details to...
Karsten Loesing authored 16 years ago
|
35) found by clients requesting XYZ.onion where XYZ is a 16 characters long
36) name that can be uniquely derived from the service's public key. Although
37) it might seem impractical to use an automatically-generated service name,
|
change -- to –
Jens Kubieziel authored 16 years ago
|
38) it serves an important goal: Everyone – including the introduction points,
39) the directory servers, and of course the clients – can verify that they
|
Added some more details to...
Karsten Loesing authored 16 years ago
|
40) are talking to the hidden service. After this step, the hidden service is
41) set up.
|
Move hidden service protoco...
Karsten Loesing authored 16 years ago
|
42) </p>
43)
44) <img alt="Tor hidden service step two" src="$(IMGROOT)/THS-2.png" />
45) # maybe replace "database" with "directory servers"; further: how incorrect
46) # is it to *not* add DB to the Tor cloud, now that begin dir cells are in
47) # use?
48)
49) <p>
50) A client that wants to contact a hidden service needs to learn about its
51) onion address first. After that, the client can initiate connection
52) establishment by downloading the descriptor from the directory servers. If
53) there is a descriptor for XYZ.onion (the hidden service could also be
54) offline or have left long ago, or there could be a typo in the onion
55) address), the client creates a circuit to another randomly picked relay and
56) asks it to act as rendezvous point, telling it a one-time secret.
57) </p>
58)
59) <img alt="Tor hidden service step three" src="$(IMGROOT)/THS-3.png" />
60) # maybe add "cookie" to speech bubble, separated from the surrounded
61) # "IP1-3" and "PK"
62)
63) <p>
64) Upon setting up the rendezvous point, the client assembles an introduce
65) message (encrypted to the hidden service's public key) including the
66) address of the rendezvous point and the one-time secret. The client sends
67) this message to one of the introduction points, requesting it to deliver it
68) to the hidden service. Again, communication takes place via a circuit, so
69) that nobody can relate sending the introduce message to the client's IP
70) address, ensuring the client's anonymity.
71) </p>
72)
73) <img alt="Tor hidden service step four" src="$(IMGROOT)/THS-4.png" />
74)
75) <p>
76) The hidden service decrypts the client's introduce message and finds the
77) address of the rendezvous point and the one-time secret in it. The service
78) creates a circuit to the rendezvous point and sends the one-time secret to
79) it in a rendezvous message.
80) </p>
81)
|
Added some more details to...
Karsten Loesing authored 16 years ago
|
82) <p>
83) At this point it is of special importance that the hidden service sticks to
84) the same set of guard nodes for creating new circuits. Otherwise an attacker
85) could run an own relay and force a hidden service to create an arbitrary
86) number of circuits in the hope of the corrupt relay to be picked as entry
|
Incorporated two correction...
Karsten Loesing authored 16 years ago
|
87) node and learn the hidden server's IP address via timing analysis. This
|
Added some more details to...
Karsten Loesing authored 16 years ago
|
88) attack was described by Øverlier and Syverson in their paper titled
|
Incorporated two correction...
Karsten Loesing authored 16 years ago
|
89) Locating Hidden Servers.
|
Added some more details to...
Karsten Loesing authored 16 years ago
|
90) </p>
91)
|
Move hidden service protoco...
Karsten Loesing authored 16 years ago
|
92) <img alt="Tor hidden service step five" src="$(IMGROOT)/THS-5.png" />
93) # it should say "Bob connects to Alice's ..."
94)
95) <p>
96) In the last step, the rendezvous point notifies the client about successful
97) connection establishment. After that, both, client and hidden service can
98) use their circuits to the rendezvous point for communicating with each
99) other. The rendezvous point simply relays (end-to-end encrypted) messages
100) from client to service and vice versa.
101) </p>
102)
|
Added some more details to...
Karsten Loesing authored 16 years ago
|
103) <p>
104) One of the reasons for not using the earlier created connection via the
105) introduction point for actual communication is that no single relay should
106) appear to be responsible for a given hidden service. This is why the
107) rendezvous point never learns about the hidden service's identity.
108) </p>
109)
110) <p>
111) In general, the complete connection between client and hidden service
112) consists of 6 relays: 3 of them were picked by the client with the third
113) being the rendezvous point and the other 3 were picked by the hidden
114) service.
115) </p>
116)
|
Move hidden service protoco...
Karsten Loesing authored 16 years ago
|
117) <img alt="Tor hidden service step six" src="$(IMGROOT)/THS-6.png" />
118)
|
Added some more details to...
Karsten Loesing authored 16 years ago
|
119) <p>
120) There are more detailed descriptions about the hidden service protocol than
121) this one. See the
122) <a href="<svnsandbox>doc/design-paper/tor-design.pdf">Tor design paper</a>
123) for an in-depth design description and the
124) <a href="<svnsandbox>doc/spec/rend-spec.txt">rendezvous specification</a>
125) for the message formats.
126) </p>
127)
|