[tor-bugs] #22728 [Core Tor/Tor]: Long-lived onion service circuits can enable guard discovery

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 25 06:04:32 UTC 2017 

#22728: Long-lived onion service circuits can enable guard discovery
-------------------------------------+----------------------------------
 Reporter:  mikeperry                |          Owner:  (none)
     Type:  defect                   |         Status:  new
 Priority:  Medium                   |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor             |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:  guard-discovery, tor-hs  |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+----------------------------------

Comment (by mikeperry):

 After thinking about the timeframes involved for attack 1 vs attack 2, I
 think that we should consider defending against attack 2 separately, again
 as a torrc option.

 Attack 1 relies on an additional full-out DoS or an OOM killer side
 channel to do better than the guard downtime frequency, which should be
 months. Attack 2 just has to wait MAX(1 week,
 guard_layer_rotation_period). For middle nodes under prop247,
 guard_layer_roation_period is days/weeks.

 Attack 1 makes me want to do conflux as per my previous comment, but
 because of the time duration and/or secondary attacks involved, attack 1
 is actually lower severity than attack 2, and we still should provide an
 option for some hidden services to lower circuit lifetime because of this.
 I've filed #23980 for this. This ticket can be the place for deciding for
 what we want to about attack 1.

 (TLS lifespan is orthogonal to both attacks, though. If services can
 reduce their circuit lifespan to minutes-hours, then 7 days of TLS
 lifespan is no longer a guard discovery vector. I would like to jack up
 TLS connection duration for other reasons, though. The TLS handshake has
 historically been a nightmare. We've wisely avoided these bugs by reducing
 our usage of its features. We should minimize its frequency of use, too.
 Why not?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22728#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list