[tor-bugs] #13837 [Core Tor/Tor]: Mitigate guard discovery by pinning middle node

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 15 01:13:48 UTC 2017 

#13837: Mitigate guard discovery by pinning middle node
------------------------------------------------+--------------------------
 Reporter:  asn                                 |          Owner:
                                                |  mikeperry
     Type:  defect                              |         Status:  assigned
 Priority:  Medium                              |      Milestone:  Tor:
                                                |  unspecified
Component:  Core Tor/Tor                        |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tor-hs, tor-guard, guard-discovery  |  Actual Points:
Parent ID:  #9001                               |         Points:
 Reviewer:                                      |        Sponsor:
                                                |  SponsorV-can
------------------------------------------------+--------------------------

Comment (by mikeperry):

 Replying to [comment:15 nickm]:
 > Just skimmed the simulation code -- this looks like a plausible place to
 begin with the measurements. Do we have a plan to do these measurements,
 or should we make one?

 There is a rough outline of a plan in the comments of that script, but
 I've been thinking a bit more about it since then. Basically, I think we
 want to run several onionperf instances with different values for each of
 the NUM_LAYERN_GUARDS values. We may also want to play with cutting off
 various percentiles of the network (though this capability is not written
 in the prototype yet).

 We're going to need to measure variance of these instances somehow, or
 ideally even capture the full performance density distribution for a given
 parameter set. Variance in performance over time will be the key thing
 that changes with the parameters. We want to minimize this variance for
 sane parameter values. I think what this means is that we want to scale
 the rotation times down, so as to capture the effect of rotation on our
 performance variance over time for a fixed parameter set.

 > Also, I'm assuming that this simulation isn't trying to simulate the
 exact way in which guard sets change over time. If it is, we need to bring
 it into conformance with prop271.

 I thought about this and I don't think we want something very much like
 prop271 at all. prop271 has a lot of logic about trying to determine
 connectivity and detect and protect against various guard biasing
 attempts. For this code, I think we should trust the consensus completely,
 and have the notion of a "fallback set" and the "primary set", where we
 prefer the "primary set" if they are in the consensus, but fall back to
 members of the "fallback set" otherwise. This is kind of what the code
 does, but hat part is a bit wonky and could be done better.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13837#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list