Opened 21 months ago

Last modified 7 weeks ago

#25574 new defect

Eliminate "silent-drop" side channels in Tor protocol

Reported by: mikeperry Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: guard-discovery-stats
Cc: dmr Actual Points:
Parent ID: Points: 10-30
Reviewer: Sponsor:

Description (last modified by dmr)

https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

There are lots of ways to inject data into Tor streams, and this is a vector of attack for guard discovery and confirmation ("DropMark" attack): https://petsymposium.org/2018/files/papers/issue2/popets-2018-0011.pdf

I have a branch that tries to eliminate a pile of these from a while ago, but it has lots of false positives due to the common occurrence of invalid stream IDs in practice (see #25573). https://gitweb.torproject.org/mikeperry/tor.git/log/?h=timing_sidechannel_fix-squashed1

I think we may want to do #25573 before trying to merge that branch.

Child Tickets

TicketStatusOwnerSummaryComponent
#25573closedTrack half-closed stream IDsCore Tor/Tor

Change History (10)

comment:1 Changed 21 months ago by nickm

I really want to ask for a proposal on this -- if only a formal list of the stuff you want to change here.

comment:2 Changed 17 months ago by dmr

Cc: dmr added

comment:3 Changed 17 months ago by asn

Milestone: Tor: unspecified

comment:4 Changed 17 months ago by dmr

Description: modified (diff)

Adding parenthetical to tie that term 'DropMark' to the paper (it might not otherwise be obvious by context).

comment:5 Changed 11 months ago by mikeperry

Points: 30

comment:6 Changed 11 months ago by mikeperry

Points: 3010-30

comment:7 Changed 10 months ago by cypherpunks

there are lots of ways to do it, but the dropmark paper says:

We used relay drop cells because they do not raise any log message.

why is that?

i found some history:

Once-upon-a-time DROP cells were getting logged. Roger //'ed it out in '06 cause it was "loud":
https://gitweb.torproject.org/tor.git/commit/?id=9bc8d69dfc4ddda5a9c8478b1f1e04490845ded0

(:thinkingface: how was that "loud"? was anything besides attackers sending DROP cells in 2006?)

mikeperry replaced the //'ed log line with return 0 in 2018:
https://gitweb.torproject.org/tor.git/commit/?id=7be71903daff042e606e7a8445a6359100c9f8f5

But even if tor had no silent drops relays could still embed timing signals like Jann Horn demonstrates here: ​https://var.thejh.net/git/?p=detour.git;a=blob;f=README (what ticket number is that?)

Last edited 7 weeks ago by cypherpunks (previous) (diff)

comment:8 Changed 6 months ago by gaba

Removing sponsor V as we do not have more time to include this tickets in the sponsor.

comment:9 Changed 6 months ago by gaba

Sponsor: SponsorV-can

Removing sponsor from tickets that we do not have time to fit in the remain of this sponsorship.

comment:10 Changed 2 months ago by cypherpunks

Could someone please update Tor's threat model to clarify that Tor cannot (and has no plans to ever be able to) protect against adversaries who control both the first and last hops of a circuit?

Last edited 7 weeks ago by cypherpunks (previous) (diff)
Note: See TracTickets for help on using tickets.