[tor-bugs] #22958 [Webpages/Website]: Update website FAQ about padding defenses

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 21 03:18:40 UTC 2018 

#22958: Update website FAQ about padding defenses
-------------------------------------------+-------------------------------
 Reporter:  asn                            |          Owner:  traumschule
     Type:  defect                         |         Status:  assigned
 Priority:  Medium                         |      Milestone:  website
                                           |  redesign
Component:  Webpages/Website               |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  website, website-content, FAQ  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:
-------------------------------------------+-------------------------------
Changes (by traumschule):

 * owner:  (none) => traumschule
 * status:  new => assigned


Comment:

 I am about to create a PR based on below information, please tell if
 relevant info is missing.

 The FAQ mentions padding at two locations and needs to be updated:
 - You should split each connection over many paths.
 - You should send padding so it's more secure.

 The blog post mentions:
 - "As part of the security discussion, we talked about the
 [https://gitweb.torproject.org/torspec.git/tree/proposals/251-netflow-
 padding.txt new padding defenses] that were recently added to Tor and
 provide cover to Tor circuits against traffic analysis. We made plans for
 future padding techniques and defenses."
 A comment clarifies:
 - Note that it's just netflow padding to collapse netflow records, it's
 not the type of expensive padding that the FAQ addresses, but yes the FAQ
 should be tweaked a bit.
 It was also announced on tor-dev: https://lists.torproject.org/pipermail
 /tor-dev/2015-August/009326.html


 Trying to summarize ticket #16861 linked in the blog:
 - Now tor "sends padding on a client's Tor connection bidirectionally at a
 random interval that we can control from the consensus, with a default of
 4s-14s."
 - "padding approaches, with the goal of stymying some of the potential
 traffic analysis attacks out there -- website fingerprinting, end-to-end
 correlation, and the things in between. Padding between the guard and the
 client is especially appealing because a) it looks like it can provide
 pretty good mileage, and also b) I expect that we'd have an easier time
 raising more capacity at guards (compared to exits) if we publicize the
 reason why we need it." (comment:6:ticket:16861)
 - send at least one cell on a connection every 15s
 - the netflow defense only sends padding if the connection is idle

 I stopped digging deeper but it might be enough to add this to the faq.

 For details we could also link
 https://www.freehaven.net/anonbib/bibtex.html with several publications on
 padding.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22958#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list