[tor-bugs] #23856 [Core Tor/Tor]: Reduce relay bandwidth stats interval to 24 hours

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 25 13:07:49 UTC 2017 

#23856: Reduce relay bandwidth stats interval to 24 hours
-----------------------------------+------------------------------------
 Reporter:  teor                   |          Owner:  (none)
     Type:  defect                 |         Status:  new
 Priority:  High                   |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor           |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  guard-discovery-stats  |  Actual Points:
Parent ID:                         |         Points:  1
 Reviewer:                         |        Sponsor:  SponsorQ
-----------------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:9 jvsg]:
 > What happens in those cases where client and adversary are one and the
 same? An adversary could create many connections to the service, which
 could lead to the spike in stats.

 Yes, this is one possible scenario I describe in my tor-dev@ email at
 https://lists.torproject.org/pipermail/tor-dev/2017-October/012517.html

 To defend against this particular case, onion service operators could use
 a tool like OnionBalance to spread load across a set of service instances.
 But this comes with its own security tradeoffs. It's also possible to
 limit bandwidth at the onion service, but that doesn't stop the traffic
 being sent as far as the guard.

 > Would 24 hour interval be immune to that?

 There are multiple ways to determine relay load: using published relay
 statistics is one of the easiest. We are trying to decrease the usefulness
 of published relay statistics for this attack, while preserving their
 utility to relay operators and the network.

 No simple change will make tor immune. This is because there is a design
 tradeoff in tor: clients choose one guard, so they have a low probability
 of encountering a malicious guard, and so they are less linkable. But
 using one guard makes inflating its bandwidth easier.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23856#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list