[anti-censorship-team] Results of Turbo Tunnel security audit that affect Snowflake
David Fifield
david at bamsoftware.com
Sat Apr 24 17:36:03 UTC 2021
There was recently a security audit of Turbo Tunnel software artifacts,
including dnstt and Snowflake. I posted the report on the dnstt page:
https://www.bamsoftware.com/software/dnstt/cure53-turbotunnel-2021.pdf
The report finds three issues that have to do with Snowflake, rated from
Informational to Low.
UCB-02-001: Memory leak in Handler() routine of Snowflake client library (Low)
UCB-02-008: Lack of rate limiting in Snowflake and dnstt (Info)
UCB-02-009: Brokers and proxies are not authenticated (Low)
For UCB-02-001, I have already opened
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40042.
UCB-02-008 is not a vulnerability, but only a suggestion that
rate-limiting interactions may help mitigate certain kinds of
resource-exhaustion attacks. Some related tickets are:
"Broker needs better resilience against DoS"
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/25593
"Make it more expensive (CPU wise, or other thing) to make the initial
connection to a snowflake"
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31124
UCB-02-009 is something we have already discussed in the team across
various issues. I don't know if we can meaningfully authenticate
proxies, but the broker's messages ought to be signed and encrypted.
"End-to-end confidentiality for Snowflake client registrations"
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/22945
"Authentication for proxy--bridge connections"
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/31804
More information about the anti-censorship-team
mailing list