On 21 May 2019, at 00:35, George Kadianakis desnacked@riseup.net wrote:
Tom Ritter tom@ritter.vg writes:
On Thu, 16 May 2019 at 11:20, George Kadianakis desnacked@riseup.net wrote: 3) Duration of Activity ("DoA")
The USENIX paper uses the period of time during which circuits send and receive cells to distinguish circuit types. For example, client-side introduction circuits are really short lived, wheras service-side introduction circuits are very long lived. OTOH, rendezvous circuits have the same median lifetime as general Tor circuits which is 10 minutes. We use WTF-PAD to destroy this feature of client-side introduction circuits by setting a special WTF-PAD option, which keeps the circuits open for 10 minutes completely mimicking the DoA of general Tor circuits.
10 minutes exactly; or a median of 10 minutes? Wouldn't 10 minutes exactly be a near-perfect distinguisher? And if it's a median of 10 minutes, do we know if it follows a normal distribution/what is the shape of the distribution to mimic?
Oops, you are right, Tom.
It's not 10 minutes exactly. The right thing to say is that it's a median of 10 minutes, altho I'm not entirely sure of the exact distribution.
These circuits basically now follow the MaxCircuitDirtiness configuration like general circuits, and it gets orchestrated by circuit_expire_old_circuits_clientside(). Not sure if it's in a spec somewhere.
I will update the spec soon with the fix. Thanks!
If I understand correctly, Tor's circuits close about 10 minutes after the last time they handled traffic.
So that's a *minimum* of 10 minutes. And probably a *median* of slightly more than 10 minutes, if the user is web browsing.
T