# [tor-commits] [tech-reports/master] Add a bit more content to the tech report.

karsten at torproject.org karsten at torproject.org
Wed Jun 17 18:48:07 UTC 2015

commit 3f30d1c88cf13794f49f374dfdd6284847ed7779
Author: George Kadianakis <desnacked at riseup.net>
Date:   Fri Jan 9 13:24:44 2015 +0200

Add a bit more content to the tech report.

- Another reason to worry about statistics.
- A risk section
---
2015/hidden-service-stats/hidden-service-stats.tex |   39 +++++++++++++++-----
1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/2015/hidden-service-stats/hidden-service-stats.tex b/2015/hidden-service-stats/hidden-service-stats.tex
--- a/2015/hidden-service-stats/hidden-service-stats.tex
+++ b/2015/hidden-service-stats/hidden-service-stats.tex
@@ -302,6 +302,15 @@ to enumerate available services.
While hiding the existence of a service is not the primary purpose of
hidden services, it's a security feature we don't want to give up easily.

+\paragraph{Unknown future attacks}
+
+Special care needs to be taken when designing and collecting
+statistics because in anonymity the attacker landscape changes
+continuously and attacks that are currently ineffective might become
+powerful in the future. Alternatively, in the future attackers might
+be able to acquire auxiliary data that can combine with statistics in
+such ways that allow attacks that would not have been possible before.
+
\subsection{Other aspects of gathering statistics}

There are certain aspects of any given statistic that should be
@@ -491,6 +500,12 @@ See ticket 13466 for details.
%
We would learn what fraction of clients and what fraction of services run
older tor versions (0.2.3.x or older).
+\\
+\textbf{Risks:}
+%
+As tor-0.2.3.x gets less common and only a few hidden services still
+use it, an adversary would be able to track their introduction points
+by checking which relays still report TAP clients on their statistics.

\subsubsection{Time from circuit purpose change to tearing down circuit}
\label{subsubsec:time_circ_purpose_change_to_teardown}
@@ -551,7 +566,7 @@ This statistic can also be used to analyze what fraction of services is
available for a short time only, and what fraction is available most of
the time.

-\subsubsection{Number of descriptor publish request (3.1.1.)}
+\subsubsection{Number of hidden service descriptors seen by directory (3.1.1.)}
\label{subsubsec:num_descriptor_publish}

\textbf{Details:}
@@ -573,14 +588,6 @@ services (botnets, chat protocols, etc.).
Also, learning the number of hidden services per directory will help us
find bugs in the hash ring code and also understand how loaded directories
are.
-FWIW, when \verb+rend-spec-ng.txt+ gets implemented, it will be harder for
-hidden service directories to learn the number of served services since
-the descriptor will be encrypted.
-However, directories will still be able to approximate the number of
-services by checking the amount of descriptors received per publishing
-period.
-If this ever becomes a problem we can imagine publishing fake descriptors
-to confuse the directories.
\\
\textbf{Risks:}
%
@@ -602,6 +609,17 @@ are published during certain times of day and certain days of the week,
which could correlate with daylight hours and/or working days in certain
parts of the world. This information could also be correlated with
network outages over time to narrow down the location of hidden services.
+\\
+\textbf{Notes:}
+%
+When \verb+rend-spec-ng.txt+ gets implemented, it will be harder for
+hidden service directories to learn the number of served services
+since the descriptor will be encrypted.
+However, directories will still be able to approximate the number of
+services by checking the amount of descriptors received per publishing
+period.
+If this ever becomes a problem we can imagine publishing fake
+descriptors

\subsubsection{Number of descriptor updates per service (3.1.2.)}
@@ -1555,4 +1573,5 @@ an objective way, ideally using the stated evaluation criteria.
\end{itemize}

\bibliography{hidden-service-stats}
-\end{document}
\ No newline at end of file
+\end{document}
+