[tor-dev] Proposal 302: Hiding onion service clients using WTF-PAD

[teor]

> On 21 May 2019, at 00:35, George Kadianakis <desnacked at riseup.net> wrote:
> 
> Tom Ritter <tom at ritter.vg> writes:
> 
>>> On Thu, 16 May 2019 at 11:20, George Kadianakis <desnacked at riseup.net> wrote:
>>>    3) Duration of Activity ("DoA")
>>> 
>>>      The USENIX paper uses the period of time during which circuits send and
>>>      receive cells to distinguish circuit types. For example, client-side
>>>      introduction circuits are really short lived, wheras service-side
>>>      introduction circuits are very long lived. OTOH, rendezvous circuits have
>>>      the same median lifetime as general Tor circuits which is 10 minutes.
>>> 
>>>      We use WTF-PAD to destroy this feature of client-side introduction
>>>      circuits by setting a special WTF-PAD option, which keeps the circuits
>>>      open for 10 minutes completely mimicking the DoA of general Tor circuits.
>> 
>> 10 minutes exactly; or a median of 10 minutes?  Wouldn't 10 minutes
>> exactly be a near-perfect distinguisher? And if it's a median of 10
>> minutes, do we know if it follows a normal distribution/what is the
>> shape of the distribution to mimic?
>> 
> 
> Oops, you are right, Tom.
> 
> It's not 10 minutes exactly. The right thing to say is that it's a median
> of 10 minutes, altho I'm not entirely sure of the exact distribution.
> 
> These circuits basically now follow the MaxCircuitDirtiness
> configuration like general circuits, and it gets orchestrated by
> circuit_expire_old_circuits_clientside(). Not sure if it's in a spec
> somewhere.
> 
> I will update the spec soon with the fix. Thanks!

If I understand correctly, Tor's circuits close about 10 minutes after
the last time they handled traffic.

So that's a *minimum* of 10 minutes. And probably a *median* of
slightly more than 10 minutes, if the user is web browsing.

T