[tor-commits] [tor-design-2012/master] Describe variable length cells

sjm217 at torproject.org sjm217 at torproject.org
Mon Nov 5 18:37:45 UTC 2012


commit aad2cf495f6e67a29f73a14c7f7ed48c71cb5dc0
Author: Steven Murdoch <Steven.Murdoch at cl.cam.ac.uk>
Date:   Mon Nov 5 18:37:03 2012 +0000

    Describe variable length cells
---
 tor-design-2012.tex |   46 ++++++++++++++++++++++++++++++++++------------
 1 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/tor-design-2012.tex b/tor-design-2012.tex
index da7c70b..66b6ad4 100644
--- a/tor-design-2012.tex
+++ b/tor-design-2012.tex
@@ -647,7 +647,7 @@ impact of key compromise.
 %      we can say more abotu the v2 and v3 versions of it. -NM
 
 Section~\ref{subsec:cells} presents the fixed-size \emph{cells}
-that are the unit of communication in Tor. We describe in
+that are the unit of most communication in Tor. We describe in
 Section~\ref{subsec:circuits} how circuits are built, extended,
 truncated, and destroyed. Section~\ref{subsec:tcp} describes how
 TCP streams are routed through the network.  We address
@@ -665,23 +665,45 @@ data on the connection with perfect forward secrecy, and
 prevents an attacker from modifying data on the wire or
 impersonating an OR.
 
-Traffic passes along these connections in fixed-size cells.
-Each cell is 512 bytes, and consists of a header and a
+Most traffic passes along these connections in fixed-size cells.
+Each fixed-size cell is 512 bytes, and consists of a header and a
 payload. The header includes a circuit identifier (circID) that
 specifies which circuit the cell refers to (many circuits can be
 multiplexed over the single TLS connection), and a command to
 describe what to do with the cell's payload.  (Circuit
 identifiers are connection-specific: each circuit has a
 different circID on each OP/OR or OR/OR connection it
-traverses.)  Based on their command, cells are either
-\emph{control} cells, which are always interpreted by the node
-that receives them, or \emph{relay} cells, which carry
-end-to-end stream data.  The control cell commands are:
-\emph{padding} (currently used for keepalive, but also usable
-for link padding); \emph{create} or \emph{created} (used to set
-up a new circuit); and \emph{destroy} (to tear down a circuit).
-% Add: CREATE_FAST, CREATED_FAST, NETINFO, RELAY_EARLY, VERSIONS, VPADDING,
-% CERTS, AUTH_CHALLENGE, AUTHENTICATE, AUTHORIZE. -NM
+traverses.) Fixed-size cells provide some resistance to traffic
+analysis but are inefficient, so some control cells are variable
+length, where the ability of an attacker to detect their presence
+doesn't affect security. Fixed-size cells also make the packet-size
+distribution of Tor distinctive, contrary to the goal of
+protocol-fingerprinting resistance. Therefore a variable-length
+padding cell was introduced (but is currently unused) to allow
+the implementation of schemes to disguise packet length.
+
+Based on their command, cells are either \emph{control} cells,
+which are always interpreted by the node that receives them,
+\emph{relay} cells, which carry end-to-end stream data, or
+\emph{relay\_early} cells, which work similarly to \emph{relay}
+cells but are distinguished to enforce the maximum path length
+(see \prettyref{sec:XXX}).  The fixed-size control cell commands
+are: \emph{padding} (currently used for keepalive, but also
+usable for link padding); \emph{create} or \emph{created} (used
+to set up a new circuit); \emph{create\_fast} or
+\emph{created\_fast} (used to set up a new circuit to the first
+hop, without public key computation); \emph{netinfo} (used to
+help nodes discover the time and their own address); and
+\emph{destroy} (to tear down a circuit). The variable-length
+control cell commands are: \emph{versions} (used for
+link-protocol negotiation); \emph{vpadding} (variable length
+padding); and \emph{certs}, \emph{auth\_challenge},
+\emph{authenticate}, and \emph{authorize} (used for OR-OR and
+OP-OR authentication).
+% Add: CREATE_FAST, CREATED_FAST, NETINFO, RELAY_EARLY,
+% VERSIONS, VPADDING, CERTS, AUTH_CHALLENGE, AUTHENTICATE,
+% AUTHORIZE. -NM
+% Believed done -SJM
 
 Relay cells have an additional header (the relay header) at the
 front of the payload, containing a streamID (stream identifier:



More information about the tor-commits mailing list