[tor-bugs] #15938 [Tor]: HS descriptor cache leaks timing information to local users
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 6 16:51:35 UTC 2015
#15938: HS descriptor cache leaks timing information to local users
--------------------------------+------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version:
Keywords: SponsorR, SponsorU | Actual Points:
Parent ID: | Points:
--------------------------------+------------------------------
Anyone who can connect to a tor client can discover which HSs have been
accessed recently, by running a timing attack against the HS cache. Cached
descriptors return much faster than uncached descriptors.
This may be possible through browser JavaScript attempting HS connections
and timing the responses.
An observer on the network or in control of an HSDir could potentially
enhance this timing attack with network request correlation.
Yawning suggests a per-stream-isolation cache to avoid this issue.
Each TorBrowser-isolated cache would most likely have 0 or 1 HS descriptor
in it - 0 if the URL is not a HS, and 1 if it is.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15938>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list