Opened 5 years ago

Closed 5 years ago

#13838 closed defect (fixed)

Potential HS guard discovery using bw stats

Reported by: asn Owned by:
Priority: Medium Milestone: Tor: 0.2.6.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-hs
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Bandwidth stats are included in extra-info descriptor for 15 minute intervals.
This allows an attacker to do a guard discovery attack, by modulating traffic he sends to an HS every 15 minutes and then checking all the relay stats to see which one matches the modulation.

It was mentioned by Aaron here:
https://lists.torproject.org/pipermail/tor-dev/2014-November/007829.html

It's clear we need to increase the reporting period, so that the modulation is hidden inside the noise of unrelated traffic. We should probably increase the reporting period to every 6-12 hours or a full day. Is something using the 15-minute interval measurements that would break if we decreased the reporting frequency?

Also, is this a sufficient fix or do we need to do more?

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by karsten

Looks like this discussion is happening on #13988. Shall we move over relevant parts from this ticket and close it as duplicate?

comment:2 Changed 5 years ago by nickm

Resolution: fixed
Status: newclosed

Merged #13988 to master; closing this as fixed.

Note: See TracTickets for help on using tickets.