Opened 7 months ago

Last modified 4 months ago

#29999 new project

Objective 1, Activity 2: Denial of service defences

Reported by: pili Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, tor-dos, network-team-roadmap-2019-Q1Q2, user-feedback, blog
Cc: gaba Actual Points:
Parent ID: #30281 Points: 36
Reviewer: Sponsor: Sponsor27-must

Description

This is the parent ticket to hold any tickets under this activity, including:

  • Reducing the amount of circuits that they build over time on the Tor network
  • Providing more ways for onion service administrators to control the influx of incoming users in heavy traffic scenarios.
  • Improving our defense mechanisms by:
    • Decreasing onion service load on the Tor network, by slowing down Tor circuit creation on startup.
    • Optimizing relevant onion service functions that are called multiple times therefore taking a lot of the CPU.
    • Making it harder for adversaries to force services to rotate their introduction points.
  • Writing a Tor software change proposal for a “rendezvous approver” API that can be useful for:
    1. Rate limiting; allow at most N unauthenticated clients over a set time period
    2. Extra-conservative logic like "stop accepting connections during potential guard discovery"
    3. Limiting capacity to control server load; only allow N simultaneous clients.
    4. Protocol-tuned rules for things like Ricochet
    5. More advanced pre-rendezvous authorization
    6. Load-balancing across multiple servers running Tor onion services
  • Closing client circuit once the INTRO1/ACK dance has been completed, decreasing load on the Tor network.

Child Tickets

TicketStatusOwnerSummaryComponent
#15516closeddgouletConsider rate-limiting INTRODUCE2 cells when under loadCore Tor/Tor
#24962closeddgouletSingle hop onion service denial of service issuesCore Tor/Tor
#24973needs_informationTor should be more gentle when launching dozens of circuits at onceCore Tor/Tor
#26294needs_revisionasnattacker can force intro point rotation by ddosCore Tor/Tor
#29607needs_informationpidgin2019 Q1: Denial of service on v2 and v3 onion serviceCore Tor/Tor
#30790closeddgouleths-v3: Write a proposal for an ESTABLISH_INTRO cell extension containing DoS defense parametersCore Tor/Tor
#30924closeddgouleths-v3: Implement proposal 305 - ESTABLISH_INTRO Cell DoS Defense ExtensionCore Tor/Tor
#31223newResearch approaches for improving the availability of services under DoSCore Tor/Tor
#31682closeddgouletCID 1453653: Integer handling (NEGATIVE_RETURNS) in build_establish_intro_dos_extension()Core Tor/Tor
#31754newAdd HS DoS defence stats to heartbeatCore Tor/Tor

Change History (8)

comment:1 Changed 7 months ago by pili

Points: 15

comment:2 Changed 6 months ago by nickm

Milestone: Tor: unspecified

comment:3 Changed 6 months ago by dgoulet

Keywords: tor-hs tor-dos added

comment:4 Changed 6 months ago by asn

Points: 1536

comment:5 Changed 6 months ago by asn

Parent ID: #30281

comment:6 Changed 6 months ago by gaba

Keywords: network-team-roadmap-2019-Q1Q2 added

comment:7 Changed 5 months ago by wayward

Keywords: user-feedback blog added

comment:8 Changed 4 months ago by dgoulet

Sponsor: Sponsor27Sponsor27-must
Note: See TracTickets for help on using tickets.