- tor-dev - lists.torproject.org

More on Fingerprinting Unlinkability ~ Summer of Privacy
by Vafa Andalibi 14 Jun '18

14 Jun '18

Hello Everyone! I’m Vafa and I’m happy to announce that I’m going to work on a project related to Cross-Origin Fingerprinting Unlinkability in Tor Summer of Privacy (late arrival!), this would be my first contribution to the great Tor project and I will i will try my best to do it well. In this project I’m going to use the results of one of my previous works about web-based browser fingerprinting and I hope that I would be able to extend and employ that to possibly address an issue, i.e. possible paradoxical configurations, regarding sophisticated randomization in the attributes and properties the uniforming of which are difficult. My previously implemented tool [1] builds a model over (semi)-legitimate database of browser fingerprinting and uses this model in three different modes, all of which might come handy or be a good start for this project. In this project, Arthur is going to be my mentor, and the above-mentioned previous work was under supervision of Prof. Jean Camp. I would be happy to answer further questions and discuss things that are (un)intentionally omitted here. Cheers! [1] http://paradoxcatcher.readthedocs.io/en/latest/

1 0

Porting TOR Relay Software To Run On Windows
by Keifer Bly 14 Jun '18

14 Jun '18

Hello, So I Retrieved the tor source code from https://github.com/torproject/tor Here’s one thing I have noticed about the network. I have noticed that there is no version of the tor relaying software that will run on Windows. I know Windows isn’t the most secure OS to run a relay off of for a few reasons, however if there was a version of the tor relaying software that was compatible with Windows, this would remove the barrier an quite a number of people who want to run a bridge or relay but do not want to have to go through the hassle of running a Linux virtual machine or something. After just trying to start this project, here is the issue I am already encountering. The tor relaying software is written in C, which I cannot seem to find any compilers for that would work with Windows. Microsoft Visual Studio would be very convenient here, but I have checked and from what I can see it does not support C, but does support C++ and of course C#. Any thoughts on what a good compiler might be to try to port the tor relay software to run as a Command Prompt software on Widows? Let me know your thoughts. Thanks all.

2 1

permission denied when running snowflake-client with debian-tor user
by iry 11 Jun '18

11 Jun '18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Tor developers, I met a problem when trying to use the snowflake-client binary extracted from TBB 8.0a8 with the system Tor. Specifically, it seems snowflake-client cannot be run by debian-tor user, regardless of the permissions it is given. I am posting the full steps below. A better formatted version of it can be found here: http://forums.whonix.org/t/replacing-meek-snowflake/5190/18 > Here is the original permission and ownership of snowflake-client: > > user@host:~$ ls -l snowflake-client -rwx------ 1 user user 14160744 > Jun 4 06:17 snowflake-client > > It can be executed by user user: > > user@host:~$ sudo -u user ./snowflake-client 2018/06/04 06:18:21 > > > --- Starting Snowflake Client --- 2018/06/04 06:18:21 No HTTP > signaling detected. Using manual copy-paste signaling. 2018/06/04 > 06:18:21 Waiting for a "signal" pipe... ^C > > We now change the permission to let it executable by user > debian-tor: > > user@host:~$ sudo chmod 777 snowflake-client > > > user@host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04 > 06:18:43 > > Noticed the permission denied: > > --- Starting Snowflake Client --- 2018/06/04 06:18:43 No HTTP > signaling detected. Using manual copy-paste signaling. 2018/06/04 > 06:18:43 Waiting for a "signal" pipe... 2018/06/04 06:18:43 open > signal: permission denied > > We now change its ownership to debian-tor:debian-tor: > > user@host:~$ sudo chown debian-tor:debian-tor snowflake-client > user@host:~$ ls -l snowflake-client -rwxrwxrwx 1 debian-tor > debian-tor 14160744 Jun 4 06:17 snowflake-client > > Still, permission denied: > > user@host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04 > 06:19:15 > > > --- Starting Snowflake Client --- 2018/06/04 06:19:15 No HTTP > signaling detected. Using manual copy-paste signaling. 2018/06/04 > 06:19:15 Waiting for a "signal" pipe... 2018/06/04 06:19:15 open > signal: permission denied > > However, when executing it by user, it works fine: > > user@host:~$ sudo -u user ./snowflake-client 2018/06/04 06:19:22 > > > --- Starting Snowflake Client --- 2018/06/04 06:19:22 No HTTP > signaling detected. Using manual copy-paste signaling. 2018/06/04 > 06:19:22 Waiting for a "signal" pipe... ^C I didn't find any special requirement for the user who runs snowflake-client from the documentation, so it would be extremely helpful and appreciated if you could share some insights on this problem. :) Best Regards, iry -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzKSpZKlpRovTotu+oUtNvG3N1TwFAlseXpcACgkQoUtNvG3N 1Tx/fBAAvnl84inklNYJ4N0QRz9X9FAtmTlTTb4mrtW+WM36oaDEFigSZeha7pmw er+oV1hG1SlHf6iel2i6YyUXAi7r6YURqlv0fFtLMaelfAIda/ywEMwVsJ19VHzn qPPEADQVY4c55KuOgkhCMSTxGUn2wXbM+PpFf/WTaZ40gjPOjucUXUxlhwj6X6EX wTBiUEq2yjs4xyWSfgOinFuoPqLG5Hfx/z+1ZSyL2R0yeeK1kSiB5kD90mwfOeKq EM32xbYLy4OmQQ3cABHB2mn0wDaS8E2t22sHXhPNANdJTdM/ztcjI7BZjNMUz1Ig aQEVpLE2yvVQu4O3nyThLnH/b08z4a6oVVE7JQpG9rmLfoFuUbJ6vTF+l6nQTJOY mnkiL6RwGVerm612OXFOLBpHSBbToEX12tqqjC569s/OExcFzHpiiTg22HcOYab/ YSu4zUTX23wRBQhOkBQ7EL+idHGK7lwGN5d0Y45H7cwOoIXwXTu3ff1e6yjuT9Bx Pc+tlkw7vJGB5jhFuW9EYvjrWDklbpR7HZ7TTSkDvGvzXUkAZnCzyBAnePxwQbid 45Vwsn7QCFISsZdXCS53RPoVPbNGcSQTyWn4gv/U37Fb/pZ1LYYAJFcNOl5HB8fl nhXL9D7Mey/79n3hepChBUXpaNeHX9J+7R91A8tUjzz9irmhU8o= =Aie4 -----END PGP SIGNATURE-----

4 3

Debug or a high level of logging still present when using obfs4 bridges
by President Camacho 05 Jun '18

05 Jun '18

Debug or a high level of logging still present in /var/log/tor/log - when using obf4 (or whatever) bridges This is a reminder that this problem continues to exist in Tails 3.7. (and several versions prior) "[warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards." The logging is crazy and consumes several MB per session. ** I have not tested this with plain Tor and/or TBB outside of Tails. ** Nevertheless, this is being posted to tor-dev just in case the problem exists there, too. (and for historical purposes as the problem continues to exist in Tails)

2 1

Removing my relay from the fallback dir list
by Thom Wiggers 05 Jun '18

05 Jun '18

Hi Teor, all, With the DO billing changes (that snuck up on me), I think it's time to retire my main tor relay for the moment. It's on the fallbackdir list though, although it's not currently part of the distributed lists. I've attached a patch that takes it out of the codebase. Maybe it'll appear somewhere else in the future, I'll reconsider it for the fallbackdir list then. Regards, Thom (resent as previous message was sent from address not on list)

1 0

Proposal 292: Mesh-based vanguards
by George Kadianakis 03 Jun '18

03 Jun '18

Hello list, here is the vanguard proposal that supersedes proposal 247. It specifies the newest vanguard design which we've been working on: https://github.com/mikeperry-tor/vanguards FWIW, the above project is still in experimental state and we are expecting to launch it officially in the short term future. Until then, feel free to experiment with it if you feel like it. Check out the proposal and code and let us know if you have any questions or feedback! Thanks! --- Filename: 292-mesh-vanguards.txt Title: Mesh-based vanguards Authors: George Kadianakis and Mike Perry Created: 2018-05-08 Status: Open Supersedes: 247 0. Motivation A guard discovery attack allows attackers to determine the guard node of a Tor client. The hidden service rendezvous protocol provides an attack vector for a guard discovery attack since anyone can force an HS to construct a 3-hop circuit to a relay (#9001). Following the guard discovery attack with a compromise and/or coercion of the guard node can lead to the deanonymization of a hidden service. 1. Overview This document tries to make the above guard discovery + compromise attack harder to launch. It introduces a configuration option which makes the hidden service also pin the second and third hops of its circuits for a longer duration. With this new path selection, we force the adversary to perform a Sybil attack and two compromise attacks before succeeding. This is an improvement over the current state where the Sybil attack is trivial to pull off, and only a single compromise attack is required. With this new path selection, an attacker is forced to do a one or more node compromise attacks before learning the guard node of a hidden service. This increases the uncertainty of the attacker, since compromise attacks are costly and potentially detectable, so an attacker will have to think twice before beginning a chain of node compromise attacks that they might not be able to complete. 1.1. Tor integration The mechanisms introduced in this proposal are currently implemented partially in Tor and partially through an external Python script: https://github.com/mikeperry-tor/vanguards The Python script uses the new Tor configuration options HSLayer2Nodes and HSLayer3Nodes to be able to select nodes for the guard layers. The Python script is tasked with maintaining and rotating the guard nodes as needed based on the lifetimes described in this proposal. In the future, we are aiming to include the whole functionality into Tor, with no need for external scripts. 1.2. Visuals Here is how a hidden service rendezvous circuit currently looks like: -> middle_1 -> middle_A -> middle_2 -> middle_B -> middle_3 -> middle_C -> middle_4 -> middle_D HS -> guard -> middle_5 -> middle_E -> middle_6 -> middle_F -> middle_7 -> middle_G -> middle_8 -> middle_H -> ... -> ... -> middle_n -> middle_n this proposal pins the two middle positions into a much more restricted sets, as follows: -> guard_2A -> guard_3A -> guard_1A -> guard_2B -> guard_3B HS -> guard_3C -> guard_1B -> guard_2C -> guard_3D -> guard_3E -> guard_2D -> guard_3F Additionally, to avoid linkability, we insert an extra middle node after the third layer guard for client side intro and hsdir circuits, and service-side rendezvous circuits. This means that the set of paths for Client (C) and Service (S) side look like this: C - G - L2 - L3 - R S - G - L2 - L3 - HSDIR S - G - L2 - L3 - I C - G - L2 - L3 - M - I C - G - L2 - L3 - M - HSDIR S - G - L2 - L3 - M - R 1.3. Threat model, Assumptions, and Goals Consider an adversary with the following powers: - Can launch a Sybil guard discovery attack against any node of a rendezvous circuit. The slower the rotation period of the node, the longer the attack takes. Similarly, the higher the percentage of the network is compromised, the faster the attack runs. - Can compromise any node on the network, but this compromise takes time and potentially even coercive action, and also carries risk of discovery. We also make the following assumptions about the types of attacks: 1. A Sybil attack is observable by both people monitoring the network for large numbers of new nodes, as well as vigilant hidden service operators. It will require either large amounts of traffic sent towards the hidden service, multiple test circuits, or both. 2. A Sybil attack against the second or first layer Guards will be more noisy than a Sybil attack against the third layer guard, since the second and first layer Sybil attack requires a timing side channel in order to determine success, whereas the Sybil success is almost immediately obvious to third layer guard, since it will be instructed to connect to a cooperating malicious rend point by the adversary. 3. As soon as the adversary is confident they have won the Sybil attack, an even more aggressive circuit building attack will allow them to determine the next node very fast (an hour or less). 4. The adversary is strongly disincentivized from compromising nodes that may prove useless, as node compromise is even more risky for the adversary than a Sybil attack in terms of being noticed. Given this threat model, our security parameters were selected so that the first two layers of guards should be hard to attack using a Sybil guard discovery attack and hence require a node compromise attack. Ideally, we want the node compromise attacks to carry a non-negligible probability of being useless to the adversary by the time they complete. On the other hand, the outermost layer of guards should rotate fast enough to _require_ a Sybil attack. See our vanguard simulator project for a simulation of the above adversary model and a motivation for the parameters selected within this proposal: https://github.com/asn-d6/vanguard_simulator https://github.com/asn-d6/vanguard_simulator/wiki/Optimizing-vanguard-topol… 2. Design When a hidden service picks its guard nodes, it also picks an additional NUM_LAYER2_GUARDS-sized set of middle nodes for its `second_guard_set`, as well as a NUM_LAYER3_GUARDS-sized set of middle nodes for its `third_guard_set`. When a hidden service needs to establish a circuit to an HSDir, introduction point or a rendezvous point, it uses nodes from `second_guard_set` as the second hop of the circuit and nodes from `third_guard_set` as third hop of the circuit. A hidden service rotates nodes from the 'second_guard_set' at a random time between MIN_SECOND_GUARD_LIFETIME hours and MAX_SECOND_GUARD_LIFETIME hours. A hidden service rotates nodes from the 'third_guard_set' at a random time between MIN_THIRD_GUARD_LIFETIME and MAX_THIRD_GUARD_LIFETIME hours. Each node's rotation time is tracked independently, to avoid disclosing the rotation times of the primary and second-level guards. 2.1. Security parameters We set NUM_LAYER2_GUARDS to 4 nodes and NUM_LAYER3_GUARDS to 6 nodes. We set MIN_SECOND_GUARD_LIFETIME to 1 day, and MAX_SECOND_GUARD_LIFETIME to 45 days inclusive, for an average rotation rate of 29.5 days, using the max(X,X) distribution specified in Section 3.3. We set MIN_THIRD_GUARD_LIFETIME to 1 hour, and MAX_THIRD_GUARD_LIFETIME to 48 hours inclusive, for an average rotation rate of 31.5 hours, using the max(X,X) distribution specified in Section 3.3. See Section 3 for more analysis on these constants. 2.2. Path restriction changes In order to avoid information leaks and ensure paths can be built, path restrictions must be loosened. In particular, we allow the following: 1. Nodes from the same /16 and same family for any/all hops 2. Guard nodes can be chosen for RP/IP/HSDIR 3. Guard nodes can be chosen for hop before RP/IP/HSDIR. The first change prevents the situation where paths cannot be built if two layers all share the same subnet and/or node family. It also prevents the the use of a different entry guard based on the family or subnet of the IP, HSDIR, or RP. The second change prevents an adversary from forcing the use of a different entry guard by enumerating all guard-flaged nodes as the RP. The third change prevents an adversary from learning the guard node by way of noticing which nodes were not chosen for the hop before it. 3. Rationale and Security Parameter Selection 3.1. Sybil rotation counts for a given number of Guards The probability of Sybil success for Guard discovery can be modeled as the probability of choosing 1 or more malicious middle nodes for a sensitive circuit over some period of time. P(At least 1 bad middle) = 1 - P(All Good Middles) = 1 - P(One Good middle)^(num_middles) = 1 - (1 - c/n)^(num_middles) c/n is the adversary compromise percentage In the case of Vanguards, num_middles is the number of Guards you rotate through in a given time period. This is a function of the number of vanguards in that position (v), as well as the number of rotations (r). P(At least one bad middle) = 1 - (1 - c/n)^(v*r) Here's detailed tables in terms of the number of rotations required for a given Sybil success rate for certain number of guards. 1.0% Network Compromise: Sybil Success One Two Three Four Five Six Eight Nine Ten Twelve Sixteen 10% 11 6 4 3 3 2 2 2 2 1 1 15% 17 9 6 5 4 3 3 2 2 2 2 25% 29 15 10 8 6 5 4 4 3 3 2 50% 69 35 23 18 14 12 9 8 7 6 5 60% 92 46 31 23 19 16 12 11 10 8 6 75% 138 69 46 35 28 23 18 16 14 12 9 85% 189 95 63 48 38 32 24 21 19 16 12 90% 230 115 77 58 46 39 29 26 23 20 15 95% 299 150 100 75 60 50 38 34 30 25 19 99% 459 230 153 115 92 77 58 51 46 39 29 5.0% Network Compromise: Sybil Success One Two Three Four Five Six Eight Nine Ten Twelve Sixteen 10% 3 2 1 1 1 1 1 1 1 1 1 15% 4 2 2 1 1 1 1 1 1 1 1 25% 6 3 2 2 2 1 1 1 1 1 1 50% 14 7 5 4 3 3 2 2 2 2 1 60% 18 9 6 5 4 3 3 2 2 2 2 75% 28 14 10 7 6 5 4 4 3 3 2 85% 37 19 13 10 8 7 5 5 4 4 3 90% 45 23 15 12 9 8 6 5 5 4 3 95% 59 30 20 15 12 10 8 7 6 5 4 99% 90 45 30 23 18 15 12 10 9 8 6 10.0% Network Compromise: Sybil Success One Two Three Four Five Six Eight Nine Ten Twelve Sixteen 10% 2 1 1 1 1 1 1 1 1 1 1 15% 2 1 1 1 1 1 1 1 1 1 1 25% 3 2 1 1 1 1 1 1 1 1 1 50% 7 4 3 2 2 2 1 1 1 1 1 60% 9 5 3 3 2 2 2 1 1 1 1 75% 14 7 5 4 3 3 2 2 2 2 1 85% 19 10 7 5 4 4 3 3 2 2 2 90% 22 11 8 6 5 4 3 3 3 2 2 95% 29 15 10 8 6 5 4 4 3 3 2 99% 44 22 15 11 9 8 6 5 5 4 3 The rotation counts in these tables were generated with: def num_rotations(c, v, success): r = 0 while 1-math.pow((1-c), v*r) < success: r += 1 return r 3.2. Rotation Period As specified in Section 1.2, the primary driving force for the third layer selection was to ensure that these nodes rotate fast enough that it is not worth trying to compromise them, because it is unlikely for compromise to succeed and yield useful information before the nodes stop being used. From the table in Section 3.1, with NUM_LAYER2_GUARDS=4 and NUM_LAYER3_GUARDS=6, it can be seen that this means that the Sybil attack on layer3 will complete with 50% chance in 12*31.5 hours (15.75 days) for the 1% adversary, ~4 days for the 5% adversary, and 2.62 days for the 10% adversary. Since rotation of each node happens independently, the distribution of when the adversary expects to win this Sybil attack in order to discover the next node up is uniform. This means that on average, the adversary should expect that half of the rotation period of the next node is already over by the time that they win the Sybil. With this fact, we choose our range and distribution for the second layer rotation to be short enough to cause the adversary to risk compromising nodes that are useless, yet long enough to require a Sybil attack to be noticeable in terms of client activity. For this reason, we choose a minimum second-layer guard lifetime of 1 day, since this gives the adversary a minimum expected value of 12 hours for during which they can compromise a guard before it might be rotated. If the total expected rotation rate is 29.5 days, then the adversary can expect overall to have 14.75 days remaining after completing their Sybil attack before a second-layer guard rotates away. 3.3. Rotation distributions In order to skew the distribution of the third layer guard towards higher values, we use max(X,X) for the distribution, where X is a random variable that takes on values from the uniform distribution. Here's a table of expectation (arithmetic means) for relevant ranges of X (sampled from 0..N-1). The table was generated with the following python functions: def ProbMinXX(N, i): return (2.0*(N-i)-1)/(N*N) def ProbMaxXX(N, i): return (2.0*i+1)/(N*N) def ExpFn(N, ProbFunc): exp = 0.0 for i in xrange(N): exp += i*ProbFunc(N, i) return exp The current choice for second-layer guards is noted with **, and the current choice for third-layer guards is noted with ***. Range Min(X,X) Max(X,X) 40 12.84 26.16 41 13.17 26.83 42 13.50 27.50 43 13.84 28.16 44 14.17 28.83 45 14.50 29.50** 46 14.84 30.16 47 15.17 30.83 48 15.50 31.50*** The Cumulative Density Function (CDF) tells us the probability that a guard will no longer be in use after a given number of time units have passed. Because the Sybil attack on the third node is expected to complete at any point in the second node's rotation period with uniform probability, if we want to know the probability that a second-level Guard node will still be in use after t days, we first need to compute the probability distribution of the rotation duration of the second-level guard at a uniformly random point in time. Let's call this P(R=r). For P(R=r), the probability of the rotation duration depends on the selection probability of a rotation duration, and the fraction of total time that rotation is likely to be in use. This can be written as: P(R=r) = ProbMaxXX(X=r)*r / \sum_{i=1}^N ProbMaxXX(X=i)*i or in Python: def ProbR(N, r, ProbFunc=ProbMaxXX): return ProbFunc(N, r)*r/ExpFn(N, ProbFunc) For the full CDF, we simply sum up the fractional probability density for all rotation durations. For rotation durations less than t days, we add the entire probability mass for that period to the density function. For durations d greater than t days, we take the fraction of that rotation period's selection probability and multiply it by t/d and add it to the density. In other words: def FullCDF(N, t, ProbFunc=ProbR): density = 0.0 for d in xrange(N): if t >= d: density += ProbFunc(N, d) # The +1's below compensate for 0-indexed arrays: else: density += ProbFunc(N, d)*(float(t+1))/(d+1) return density Computing this yields the following distribution for our current parameters: t P(SECOND_ROTATION <= t) 1 0.03247 2 0.06494 3 0.09738 4 0.12977 5 0.16207 10 0.32111 15 0.47298 20 0.61353 25 0.73856 30 0.84391 35 0.92539 40 0.97882 45 1.00000 This CDF tells us that for the second-level Guard rotation, the adversary can expect that 3.3% of the time, their third-level Sybil attack will provide them with a second-level guard node that has only 1 day remaining before it rotates. 6.5% of the time, there will be only 2 day or less remaining, and 9.7% of the time, 3 days or less. Note that this distribution is still a day-resolution approximation. 4. Security concerns and mitigations 4.1. Mitigating fingerprinting of new HS circuits By pinning the middle nodes of rendezvous circuits, we make it easier for all hops of the circuit to detect that they are part of a special hidden service circuit with varying degrees of certainty. The Guard node is able to recognize a Vanguard client with a high degree of certainty because it will observe a client IP creating the overwhelming majority of its circuits to just a few middle nodes in any given 31.5 day time period. The middle nodes will be able to tell with a variable certainty that depends on both its traffic volume and upon the popularity of the service, because they will see a large number of circuits that tend to pick the same Guard and Exit. The final nodes will be able to tell with a similar level of certainty that depends on their capacity and the service popularity, because they will see a lot of handshakes that all tend to have the same second hops. The most serious of these is the Guard fingerprinting issue. When proposal 254-padding-negotiation is implemented, services that enable this feature should use those padding primitives to create fake circuits to random middle nodes that are not their guards, in an attempt to look more like a client. Additionally, if Tor Browser implements "virtual circuits" based on SOCKS username+password isolation in order to enforce the re-use of paths when SOCKS username+passwords are re-used, then the number of middle nodes in use during a typical user's browsing session will be proportional to the number of sites they are viewing at any one time. This is likely to be much lower than one new middle node every ten minutes, and for some users, may be close to the number of Vanguards we're considering. This same reasoning is also an argument for increasing the number of second-level guards beyond just two, as it will spread the hidden service's traffic over a wider set of middle nodes, making it both easier to cover, and behave closer to a client using SOCKS virtual circuit isolation. 5. Default vs optional behavior We suggest this torrc option to be optional because it changes path selection in a way that may seriously impact hidden service performance, especially for high traffic services that happen to pick slow guard nodes. However, by having this setting be disabled by default, we make hidden services who use it stand out a lot. For this reason, we should in fact enable this feature globally, but only after we verify its viability for high-traffic hidden services, and ensure that it is free of second-order load balancing effects. Even after that point, until Single Onion Services are implemented, there will likely still be classes of very high traffic hidden services for whom some degree of location anonymity is desired, but for which performance is much more important than the benefit of Vanguards, so there should always remain a way to turn this option off. In the meantime, a reference implementation is available at: https://github.com/mikeperry-tor/vanguards/blob/master/vanguards/vanguards.… Appendix A: Full Python program for generating tables in this proposal #!/usr/bin/python import math ############ Section 3.1 ################# def num_rotations(c, v, success): i = 0 while 1-math.pow((1-c), v*i) < success: i += 1 return i def rotation_line(c, pct): print " %2d%% %6d%6d%6d%6d%6d%6d%6d%6d%6d%6d%8d" % \ (pct, num_rotations(c, 1, pct/100.0), num_rotations(c, 2, pct/100.0), \ num_rotations(c, 3, pct/100.0), num_rotations(c, 4, pct/100.0), num_rotations(c, 5, pct/100.0), num_rotations(c, 6, pct/100.0), num_rotations(c, 8, pct/100.0), num_rotations(c, 9, pct/100.0), num_rotations(c, 10, pct/100.0), num_rotations(c, 12, pct/100.0), num_rotations(c, 16, pct/100.0)) def rotation_table_31(): for c in [1,5,10]: print "\n %2.1f%% Network Compromise: " % c print " Sybil Success One Two Three Four Five Six Eight Nine Ten Twelve Sixteen" for success in [10,15,25,50,60,75,85,90,95,99]: rotation_line(c/100.0, success) ############ Section 3.3 ################# def ProbMinXX(N, i): return (2.0*(N-i)-1)/(N*N) def ProbMaxXX(N, i): return (2.0*i+1)/(N*N) def ExpFn(N, ProbFunc): exp = 0.0 for i in xrange(N): exp += i*ProbFunc(N, i) return exp def ProbUniformX(N, i): return 1.0/N def ProbR(N, r, ProbFunc=ProbMaxXX): return ProbFunc(N, r)*r/ExpFn(N, ProbFunc) def FullCDF(N, t, ProbFunc=ProbR): density = 0.0 for d in xrange(N): if t >= d: density += ProbFunc(N, d) # The +1's below compensate for 0-indexed arrays: else: density += ProbFunc(N, d)*float(t+1)/(d+1) return density def expectation_table_33(): print "\n Range Min(X,X) Max(X,X)" for i in xrange(10,49): print " %2d %2.2f %2.2f" % (i, ExpFn(i,ProbMinXX), ExpFn(i, ProbMaxXX)) def CDF_table_33(): print "\n t P(SECOND_ROTATION <= t)" for i in xrange(1,46): print " %2d %2.5f" % (i, FullCDF(45, i-1)) ########### Output ############ # Section 3.1 rotation_table_31() # Section 3.3 expectation_table_33() CDF_table_33() ---------------------- 1. https://onionbalance.readthedocs.org/en/latest/design.html#overview

3 2

proposal: new log severity level: trace
by Simon 01 Jun '18

01 Jun '18

Hello tor developers, I've had limited contact with nickm and dmr and I was encouraged to solicit interest and comments via the tor-dev mailing list... I'm interested in contributing a new feature to little-t tor in the form of a new log severity level called 'trace'. Currently there are 5 severity levels [1]; debug, info, notice, warn, and err. trace would be more verbose than debug, and trace function calls at runtime. It would also be configurable -- perhaps by environment variables and/or command line options -- regarding which functions get traced and when at runtime. Because introducing function level tracing likely also introduces a performance penalty, I'm suggesting that this feature would be optionally compiled in at build time. The use of the new log severity level 'trace' would be for new developers to better comprehend the tor source code by giving them a further resource -- in addition to the source code, tests, documentation, and IRC chat -- to learn from. The debug log will be more useful in the context of the function call tree, and function usage is easier to grasp than battling through the ~ 165k LOC. In addition, any developer who likes to debug via the log files will appreciate having the extra function call tree context. I have a basic, generic working proof of concept which produces output when running tor. Here is a snippet of the output: ... T125580 + directory_initiate_command_routerstatus_rend() { // #63 T125580 + node_get_by_id() { // #278 T125580 } T125580 + directory_initiate_command_rend() { // #63 T125580 + directory_command_should_use_begindir() { // #63 T125580 + fascist_firewall_allows_address_or() { // #5814 T125580 + compare_tor_addr_to_addr_policy() { // #6009 T125580 } T125580 } T125580 + directory_fetches_from_authorities() { // #126 T125580 + server_mode() { // #6859 T125580 } T125580 + router_my_exit_policy_is_reject_star() { // #128 T125580 + router_get_my_routerinfo() { // #130 T125580 } T125580 } T125580 } T125580 } ... Explanation of the snippet: '<thread ID> <indent> + <function>() { #<calls>' means <function> has been called <calls> times. <indent> represents the function call tree indent level. '}' means the function returns. One can introduce extra info not implemented yet such as timestamps, calling parameters, return value, and extra info specified by the developer. Regarding regular tor log output: This could be mixed in with the trace output, e.g.: ... T125580 + router_get_my_routerinfo() { // #130 T125580 - info 1 of 2: abc <-- non trace T125580 - info 1 of 2: def <-- non trace T125580 } ... This email is mainly to determine if there is a interest for such a tor feature to be implemented further. AFAIK it does not seem to be implemented already and does not seem to exist as a documented helpful tool [2]. And I'm not aware of a third party tool which would 'just work' with tor. Strategies for implementing the function trace: I'll now discuss the strategies which I know about for implementing the function trace, including the one I want to use: 1. Manual instrumentation: Here each function is manually instrumented in the tor source code with entry and exit macros. This is time consuming and error prone. And it can make the source code less readable. 2. Using the gcc -finstrument-functions [3] command line switch: There are many examples [4] [5] of using this to generate a runtime function call tree. But this mechanism causes each function to make two extra calls whether you want that or not, so performance might be poor. Plus getting hold of the actual function names and displaying them can be tricky; only the function address is given to the entry and exit functions. Also, there is no way to access the function parameters or return value. 3. Using the llvm xray [6] [7] feature: This was originally contributed to llvm by Google but is more designed for inspecting very high performance call trees in a production environment. A sort of dtrace for user level functions. However, it also doesn't log function parameters or the return value AFAIK. And logging happens via an intermediate binary file which must get converted to something ascii / human friendly. This also means it's tricky to mix in the existing tor log output, for one nice seemless log file. 4. Using gcc compile to assembler command line switch: AFAIK this technique was first developed by myself. The idea is to replace gcc with an own script which pretends to be gcc and invokes the real gcc after making subtle changes. If a makefile tries to compile a .c file to a .o file then the pretend gcc will change the behaviour so that an intermediate assembler file will be generated. However, the assembler file gets changed so that every function call becomes an indirect function call via a pointer. This means we can change the pointer to execute either the original function (with the overhead of an indirect function call), or a wrapper function with the same declaration. The wrapper function has access to all the function parameters and return value, can log the entry and exit, while calling the original function which got wrapped. I have chosen implementation strategy #4 because it provides the most flexibility without changing any existing source code or makefile. A limitation is that it only works currently with gcc on Intel. However, msvc & llvm might have a similar compile to assembly feature. And in theory the same technique could be implemented for non-Intel chips if they have an indirect call assembly instruction. An interesting side effect of strategy #4 is that it could possibly be used to enhance testing in two ways: 1. If the test is for a particular function or set of functions then trace could be preconfigured to provide more detailed output for just those functions, and any functions they call. 2. The indirect function pointer can be changed at runtime if desired to create a kind of general purpose function mocking facility for testing. However, I believe tor tests already do their own mocking. Here is an example of the proof of concept auto generated C code for the function firewall_is_fascist_or(): extern unsigned long long cwrap_count_call_firewall_is_fascist_or; extern int (* cwrap_indirect_orig_firewall_is_fascist_or) (void); extern int (* cwrap_indirect_wrap_firewall_is_fascist_or) (void); extern int (* cwrap_indirect_mock_firewall_is_fascist_or) (void); static int cwrap_wrap_firewall_is_fascist_or (void) { cwrap_count_call_firewall_is_fascist_or ++; // todo: add per binary/file/function verbosity checking // todo: show function parameters for simple types, e.g. foo=123, bar=7 if (cwrap_count_call_firewall_is_fascist_or <= 10000) cwrap_log(1, "+ firewall_is_fascist_or() { // #%llu\n", cwrap_count_call_firewall_is_fascist_or); int cwrap_result = (* cwrap_indirect_orig_firewall_is_fascist_or)(); if (cwrap_count_call_firewall_is_fascist_or <= 10000) cwrap_log(-1, "}\n"); // todo: show return value for simple types return cwrap_result; } So the pretend gcc doubles the number of functions, creating a 'wrap' version of each regular function. While the changed assembler files change the assembler call function into an indirect call function which uses the newly created indirect function pointer. In theory the makefile just works and is unmodified. However, extra files get created during make. Looking forward to comments, suggestions, and/or votes for and against, even if it's only to point out that something with similar functionality exists already. -- Simon [1] https://www.torproject.org/docs/tor-manual.html.en [2] https://gitweb.torproject.org/tor.git/tree/doc/HACKING/HelpfulTools.md [3] https://stackoverflow.com/questions/6176284/why-doesnt-finstrument-function… [4] https://balau82.wordpress.com/2010/10/06/trace-and-profile-function-calls-w… [5] https://mcuoneclipse.com/2015/04/04/poor-mans-trace-free-of-charge-function… [6] https://www.youtube.com/watch?reload=9&v=jyL-__zOGcU [7] https://llvm.org/docs/XRay.html

1 0

[release] Onionoo 6.0-1-14-0, ExoneraTor 2.1.0, metrics-web 1.1.0
by iwakeh 31 May '18

31 May '18

Hi there! three new releases are available: https://dist.torproject.org/onionoo/6.0-1.14.0/ https://dist.torproject.org/exonerator/2.1.0/ https://dist.torproject.org/metrics-web/1.1.0/ This is the second batch of releases of Metrics products, which now use a to a better performing JSON processing library. Other details can be found in the respective change logs [0], [1], and [2]. All releases are already deployed on all respective tp.o instances. Please direct comments and questions to the metrics-team mailing list [3]. Cheers, iwakeh [0] https://gitweb.torproject.org/onionoo.git/tree/CHANGELOG.md?h=onionoo-6.0-1… [1] https://gitweb.torproject.org/exonerator.git/tree/CHANGELOG.md?h=exonerator… [2] https://gitweb.torproject.org/metrics-web.git/tree/CHANGELOG.md?h=metrics-w… [3] https://lists.torproject.org/cgi-bin/mailman/listinfo/metrics-team

1 0

(no subject)
by abhinav chowdary 31 May '18

31 May '18

Iam in or out

2 2

(no subject)
by abhinav chowdary 30 May '18

30 May '18

Join me pls

1 0