Evolving Our Tor Relay Security Architecture – Emerald Onion
4 months ago
- #Confidential Computing
- #Tor
- #Security
- Emerald Onion is fundraising for new server hardware supporting AMD SEV-SNP to enhance Tor relay security.
- Phase 1: Implemented a diskless relay architecture using a custom JeOS image based on Alpine Linux, reducing attack surface and ensuring minimal state persistence.
- Key files for Tor relay identity are preserved across deployments, with a focus on simplicity and security.
- Phase 2: Plans to use SEV-SNP for Confidential Computing to protect against untrusted hardware and hypervisors, raising the security bar.
- The organization is committed to open-source development and transparency, sharing tools and findings with the Tor community.
- A detailed threat model outlines mitigated and ongoing threats, with SEV-SNP addressing many integrity and confidentiality concerns.
- Fundraiser aims to purchase HPE ProLiant DL325 Gen10 servers with AMD Epyc 7xx3 CPUs for Phase 2 deployment.