oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:46:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add emphasis and diagram explanation

Browse source
This commit is contained in:
urist 2024-12-27 13:12:02 +01:00
parent 29ed2530e3
commit e138d35017
1 changed files with 28 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

33
opsec/high_availability/index.html
View file

@ -86,7 +86,7 @@ Being able to plausibly deny being the operator of, or a downstream service supp
<p>
<h2> <b>Threat model</b> </h2>
In order to understand how high availability, or lack thereof, impacts our security posture me must first define the skills and abilities of our adversary. For this tutorial the adversary has the following attributes:
In order to understand how high availability, or lack thereof, impacts our security posture <b>me must first define the skills and abilities of our adversary</b>. For this tutorial the adversary has the following attributes:
<br><br>
<ul>
@ -96,7 +96,7 @@ In order to understand how high availability, or lack thereof, impacts our secur
</ul>
A concrete example of such an adversary would be law enforcement and government agencies.
A concrete example of such an adversary would be <b>law enforcement and government agencies</b>.
</p>
@ -119,7 +119,7 @@ The adversary has identified a probable city of residence for the administrator
<ol>
<li>Target 1 group of city block and send someone to the internet backbone for this city block to cut it off from the internet</li>
<li>Check whether the onion service is still up</li>
<li>Check whether the onion service <b>is still up</b></li>
<li>If it goes down, add it to the suspect pool</li>
</ol>
@ -137,8 +137,8 @@ The adversary has identified a probable city of residence for the administrator
<div class="col-lg-8 col-lg-offset-2">
<p>
<h2> <b>How can high availability help?</b> </h2>
In the above scenario if the onion service operator had setup a redundant, highly available server then connections would have been seamlessly sent to another server in the redundancy pool, this preventing the adversary
from extracting location information based on their operation. This works best with a server in a different country or region, making a coordinated attack by several adversaries a requirement in order to use this method for deanonymization.
In the above scenario if the onion service operator had setup a <b>redundant, highly available server then connections would have been seamlessly sent to another server</b> in the redundancy pool, thus preventing the adversary
from extracting location information based on their operation. This works best with a server in a <b>different country or region</b>, making a coordinated attack by several adversaries a requirement in order to use this method for deanonymization.
</p>
@ -158,8 +158,31 @@ Below is a chart depicting an adversary attack flow. As shown, high availability
<br>
<img src="ha_attack_flow.png" width="75%" height="75%">
<br>
As you can see the adversarie's playbook is quite simple:
<br><br>
<ol>
<li>Identify a list of potential suspects</li>
<li>Cut them off the internet</li>
<li>Check whether this action made the hidden service unreachable</li>
</ol>
Those actions are easily perpetrated by law enforcement as they only require: <br>
<ul>
<li>DSLAM level access to the internet backbone used by the suspects (impacting a perimeter like a city block)</li>
<li>City block level access to the power grid in order to run disruptive actions</li>
</ul>
<br>
Both of those are trival to obtain for LEOs (law enforcement officers).
<br><br>
<img src="attack_diagram.svg">
<br>
This Diagram shows where the attack takes place and how a redundant setup prevent such attacks from confirming the physical location of the hidden service.
<br>
</p>
</div>