[tor-talk] [tor-relays] clockskewer attack
Roger Dingledine
arma at mit.edu
Wed Oct 3 17:31:03 UTC 2012
On Wed, Oct 03, 2012 at 01:21:19PM -0400, Ted Smith wrote:
> > # calculates the clockskew and then finds a corrilating
> > # tor relay with an open http server with the same skew
> >
> So it actually assumes that the targeted hidden service is running a Tor
> relay _and_ an open HTTP server.
In theory you don't need the open http server -- the Tor relay will tell
you what time it thinks it is during the TLS handshake (or if you do a
directory fetch of /tor/server/authority and look at the http headers
in its answer).
But yes, running a hidden service on a public relay may not be the
greatest idea. Even ignoring this 'clock skew fingerprinting' issue,
you can do much simpler things like correlate relay up/down time with
hidden service up/down time.
And just so nobody digs out papers in the future and is shocked, here are
some related papers you could read:
http://freehaven.net/anonbib/#wpes09-bridge-attack
http://freehaven.net/anonbib/#HotOrNot
http://freehaven.net/anonbib/#improved-clockskew
--Roger
More information about the tor-talk
mailing list