Bitcoin over tor [vulnerabilities]

[darkfuji]

Hey i've never used this forum before, but i read this paper today that you guys might want a look at: http://arxiv.org/abs/1410.6079 , it shows a couple of big security issues with using bitcoin over tor, i recommend you have a look.

[youngmike]

You shouldn't use it with tor

[Qoheleth]

Brainstorming possible fixes:

• Rethink the IP reputation protocol so that "known proxy" addresses are not held to the same standard as nodes themselves. This is a quick fix but is problematic in that spammers can then get additional leeway by running an apparent Tor exit node.
• Users who want to run "pure Tor" should run their nodes as a hidden service and connect primarily to hidden service peers. Users who want to support the network and are not worried about being identified should run their nodes both as a hidden service and as a "normal" plaintext peer. This way, the visible IP addresses are not Tor exit nodes but actual Bitcoin nodes which should be able to pre-filter bad content before the network at large has to see it (and thereby avoid getting unknowingly banned out by an attacker). The downside here is that it requires overcoming a network catch-22; until there are enough real nodes visible as both Tor hidden services and as IP addresses, the few Tor hidden service nodes existing today ca be easily blackholed.

[theymos]

Users who want to run "pure Tor" should run their nodes as a hidden service and connect primarily to hidden service peers. Users who want to support the network and are not worried about being identified should run their nodes both as a hidden service and as a "normal" plaintext peer. This way, the visible IP addresses are not Tor exit nodes but actual Bitcoin nodes which should be able to pre-filter bad content before the network at large has to see it (and thereby avoid getting unknowingly banned out by an attacker). The downside here is that it requires overcoming a network catch-22; until there are enough real nodes visible as both Tor hidden services and as IP addresses, the few Tor hidden service nodes existing today ca be easily blackholed.

A major problem with that is that one IP can run any number of hidden services with different hidden service addresses, so a Sybil attack is also pretty easy there. Bitcoin Core tries to make this a bit more difficult by partitioning the set of all possible .onion addresses into 16 groups and only connecting to hidden services in different groups, but I don't think that this is actually very effective because an attacker can easily fill all 16 groups with his hidden services.

One sort-of-solution would be for Tor nodes to always connect to a couple of trusted nodes in addition to some normal nodes. This increases centralization, but Tor is already very centralized, so I don't know that it'd be much worse.

[OgNasty]

I have considered running a trusted hidden service node.  Perhaps if other reputable Bitcointalk members were wanting to establish a "trusted" network of nodes, that might be a step in the right direction.

[Gavin Andresen]

You can mitigate the attacks described in the paper by running bitcoind with more lenient banning behavior.

E.g. put this in your bitcoin.conf:

Code:

bantime=11

... so if Tor peers sharing an IP address are banned, they are only banned for eleven seconds.

If you want to live dangerously, you can also set:

Code:

banscore=10000

... to make it a lot harder for an attacker to cause you to ban naughty IP addresses. But this might make it easier for an attacker to fill up your node's memory with garbage.

[scarsbergholden]

I think you could get around this issue by not running a full node via tor but to rather use tor to only push a new TX to the network by some trusted service. This would cause Bitcoin over tor to be more centralized (as mentioned above) however it would protect your identity. To protect yourself against an attack in which a tor exit node is able to fake a TX that was sent to you; you would want to use a mixing service to get bitcoin to be sent to your "tor" Bitcoin address (again centralization, but again protection of your identity).