oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
blog-contributions/opsec/high_availability/index.html
nihilist d7046eac19 updated all the simplex chat links
2025-02-03 13:03:49 +01:00

238 lines
9.3 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="High Availability and anonymity">
<meta name="author" content="MulliganSecurity">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Why is High Availability Important for Deniability ?</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/mulligan_sec.jpeg" width="50px" height="50px"> <ba>Mulligan Security - 30 / 12 / 2024</ba></p>
<p>
<h1> Why is High Availability Important for Deniability ? </h1>
The concept of high availability is omnipresent in centralized services. One expects their ISP to provide internet access, their email provider to give them 100% uptime whenever they want to send an email and so on.<br/> <br/>
<b> High-availability, the ability to provide high-uptime infrastructure, also has far-reaching implications for OPSEC practitioners.</b> <br/><br/>
When an adversary wants to collect information such as physical location behind a hidden service, depending on their power they will use downtime as an indicator in order to progressively narrow the pool of potential service location until they can act decisively against the remaining suspects.
<br> <br>
<b>Anonymity IS a requirement for deniability</b><br>
Being able to plausibly deny being the operator of, or a downstream service supplier to a hidden service is a significant boon to personal protection.
</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<p>
<h2> <b>Threat model</b> </h2>
In order to understand how high availability, or lack thereof, impacts our security posture <b>me must first define the skills and abilities of our adversary</b>. For this tutorial the adversary has the following attributes:
<br><br>
<ul>
<li>Ability to monitor the hidden service status and know rapidly if it goes offline</li>
<li>Ability to directly tamper with either the power grid or the internet infrastructure with high granularity (DSLAM level, which could be a small town or a group of city blocks)</li>
<li>Ability to monitor the effects of tampering or incidents impacting the power grid or the internet infrastructure</li>
</ul>
A concrete example of such an adversary would be <b>law enforcement and government agencies</b>.
</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<p>
<h2> <b>Attack Scenario</b> </h2>
The adversary has identified a probable city of residence for the administrator of a hidden service. In order to narrow down their search perimeter they will do the following:
<br>
<ol>
<li>Target 1 group of city block and send someone to the internet backbone for this city block to cut it off from the internet</li>
<li>Check whether the onion service <b>is still up</b></li>
<li>If it goes down, add it to the suspect pool</li>
</ol>
</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<p>
<h2> <b>How can high availability help?</b> </h2>
In the above scenario if the onion service operator had setup a <b>redundant, highly available server then connections would have been seamlessly sent to another server</b> in the redundancy pool, thus preventing the adversary
from extracting location information based on their operation. This works best with a server in a <b>different country or region</b>, making a coordinated attack by several adversaries a requirement in order to use this method for deanonymization.
</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<p>
<h2> <b>Adversary Attack Flow</b> </h2>
Below is a chart depicting an adversary attack flow. As shown, high availability will prevent the adversary from progressing beyond their initial step of uptime-based target acquisition.
<br>
<br>
<img src="ha_attack_flow.png" width="75%" height="75%">
<br>
As you can see the adversarie's playbook is quite simple:
<br><br>
<ol>
<li>Identify a list of potential suspects</li>
<li>Cut them off the internet</li>
<li>Check whether this action made the hidden service unreachable</li>
</ol>
Those actions are easily perpetrated by law enforcement as they only require: <br>
<ul>
<li>DSLAM level access to the internet backbone used by the suspects (impacting a perimeter like a city block)</li>
<li>City block level access to the power grid in order to run disruptive actions</li>
</ul>
<br>
Both of those are trival to obtain for LEOs (law enforcement officers).
<br><br>
<img src="attack_diagram.png">
<br>
This Diagram shows where the attack takes place and how a redundant setup prevent such attacks from confirming the physical location of the hidden service.
<br>
<br>
<b>In conclusion, your hidden service is one downtime away from having its location disclosed to an adversary, so you need to make sure it has High Availability</b>
</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FdXQ3FLM5ufTNQxgXU6jm07fRXSq9Ujkt%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAzABUDXe4g0bjXyPcNOU0QzWxMYMMGgR3kcOQacoEaQ0%253D&data=%7B%22groupLinkId%22%3A%22G3yklv9753AcNA7lGV3FBw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About Mulligan Security</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u><br>86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8RmvPsvspG8jGr99yK3PSs</p></br><p><u>Contact:</u> mulligansecurity@riseup.net <br><a href="http://msec2nnqtbwh5c5yxpiswzwnqperok5k33udj7t6wmqcleu3ifj34sqd.onion">website</a>
<br>
<a href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FiZJOs1BYKxD2nEndBtacHlBP-bNKv3gywICYPZZjXXE%3D%40chatnedvznvcnsovrm3e6jrgt6pkpai5i3rgslrrxlnv352ardboebid.onion%2FtT5R0tQWBzJPAkjvH-wai4PnpfTor89R%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA_7oNMJAjBrt210CSc2LEIZJh5BFizPx7JUYFCmj8p1k%253D">SimpleX</a>
</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>
Reference in a new issue View git blame Copy permalink