Ithimba labacwaningi baseGeorgetown University kanye ne-US Naval Research Laboratory ukumelana kwenethiwekhi ye-Tor engaziwa ekuhlaselweni okuholela ekunqatshelweni kwesevisi (DoS). Ucwaningo ngokubeka engcupheni inethiwekhi ye-Tor lwakhiwe ngokuyinhloko ekuhloleni (ukuvimbela ukufinyelela ku-Tor), ukuhlonza izicelo nge-Tor kuthrafikhi yezokuthutha, nokuhlaziya ukuhlobana kokugeleza kwethrafikhi ngaphambi kwendawo yokungena nangemva kwe-node yokuphuma ye-Tor ukuze kungabi namagama abasebenzisi. Lolu cwaningo lubonisa ukuthi ukuhlasela kwe-DoS ngokumelene ne-Tor akunakwa futhi, ngezindleko zezinkulungwane zamaRandi ngenyanga, kungase kubangele ukuphazamiseka ku-Tor okungase kuphoqe abasebenzisi ukuthi bayeke ukusebenzisa i-Tor ngenxa yokungasebenzi kahle.
Abacwaningi bahlongoze izimo ezintathu zokwenza ukuhlasela kwe-DoS: ukudala ukuminyana phakathi kwamanodi ebhuloho, ukungalingani komthwalo nokudala ukuminyana phakathi kwama-relay, ukuqaliswa kwakho okudinga umhlaseli ukuthi abe nokuphuma kwe-30, 5 kanye no-3 Gbit/s. Ngokwemali, izindleko zokwenza ukuhlasela phakathi nenyanga zizoba yi-17, 2.8 kanye ne-1.6 yamadola ayizinkulungwane, ngokulandelana. Ukuze uqhathanise, ukwenza ukuhlasela okuqondile kwe-DDoS ukuphazamisa i-Tor kuzodinga i-512.73 Gbit/s yomkhawulokudonsa futhi kubiza u-$7.2 wezigidi ngenyanga.
Indlela yokuqala, ngezindleko zamaRandi ayizinkulungwane eziyi-17 ngenyanga, ngokusebenzisa izikhukhula isethi elinganiselwe yamanodi ebhuloho anomfutho we-30 Gbit/s izonciphisa ijubane lokulanda idatha ngamaklayenti ngo-44%. Ngesikhathi sokuhlolwa, yi-12 obfs4 kuphela indawo yamabhuloho kwangu-38 asele esebenza (awafakiwe ohlwini lwamaseva ohla lwemibhalo yomphakathi futhi asetshenziselwa ukudlula ukuvinjwa kwama-sentinel node), okwenza kube nokwenzeka ukukhukhula ngokukhetha izindawo ezisele zebhuloho. . Abathuthukisi be-Tor bangakwazi kabili izindleko zokulungisa futhi babuyisele ama-node angekho, kodwa umhlaseli uzodinga kuphela ukukhulisa izindleko zabo zibe ngu-$31 ngenyanga ukuze ahlasele wonke amabhuloho angu-38.
Indlela yesibili, edinga i-5 Gbit/s ukuze ihlasele, isekelwe ekuphazamiseni isistimu yokulinganisa yomkhawulokudonsa we-TorFlow emaphakathi futhi inganciphisa isilinganiso sesivinini sokulanda idatha samakhasimende ngo-80%. I-TorFlow isetshenziselwa ukulinganisa umthwalo, okuvumela ukuhlasela ukuphazamisa ukusatshalaliswa kwethrafikhi futhi kuhlele ukudlula kwayo ngenani elilinganiselwe lamaseva, okubangela ukuthi alayishe ngokweqile.
Indlela yesithathu, lapho i-3 Gbit / s yanele, isekelwe ekusebenziseni iklayenti le-Tor eliguquliwe ukudala umthwalo we-parasitic, okunciphisa isivinini sokulandwa kweklayenti ngo-47% ngezindleko zamaRandi ayizinkulungwane ezingu-1.6 ngenyanga. Ngokukhuphula izindleko zokuhlasela zibe ngamaRandi ayizinkulungwane ezingu-6.3, unganciphisa isivinini sokulandwa kwamakhasimende ngo-120%. Iklayenti eliguquliwe, esikhundleni sokwakhiwa okujwayelekile kochungechunge lwama-node amathathu (i-node yokufaka, emaphakathi neyokuphuma), lisebenzisa uchungechunge lwama-node ayi-8 avunyelwe yi-protocol enenani eliphakeme lama-hops phakathi kwama-node, emva kwalokho licela ukulandwa amafayela amakhulu futhi imisa imisebenzi yokufunda ngemva kokuthumela izicelo, kodwa iyaqhubeka nokuthumela imiyalo ye-SENDME eyala ama-node okufakwayo ukuthi aqhubeke nokudlulisa idatha.
Kuyaphawulwa ukuthi ukuqalisa ukunqatshelwa kwesevisi kusebenza ngokuphawulekayo kunokuhlela ukuhlasela kwe-DoS usebenzisa indlela ye-Sybil ngezindleko ezifanayo. Indlela ye-Sybil ihlanganisa ukubeka inombolo enkulu yama-relay ayo kunethiwekhi ye-Tor, lapho amaketango angalahlwa khona noma ancishiswe umkhawulokudonsa. Uma kubhekwa isabelomali sokuhlasela esingu-30, 5, kanye no-3 Gbit/s, indlela ye-Sybil ifinyelela ukuncipha kokusebenza okungu-32%, 7.2%, no-4.5% wamanodi okukhiphayo, ngokulandelanayo. Ngenkathi ukuhlaselwa kwe-DoS okuhlongozwayo ocwaningweni kuhlanganisa wonke ama-node.
Uma siqhathanisa izindleko nezinye izinhlobo zokuhlasela, khona-ke ukwenza ukuhlasela ukuze ungadaluli abasebenzisi ngesabelomali esingu-30 Gbit/s kuzosivumela ukuthi sifinyelele ukulawula okungaphezu kuka-21% wokungenayo kanye no-5.3% wama-node aphumayo futhi sizuze ukumbozwa wonke ama-node ochungechungeni ku-1.1% wamacala. Kubhajethi ye-5 ne-3 Gbit / s, ukusebenza kahle kuzoba ngu-0.06% (4.5% engenayo, i-1.2% egress nodes) kanye ne-0.02% (i-2.8% engenayo, i-0.8% egress nodes).
Source: opennet.ru