Defend against path bias and tagging attacks

In https://lists.torproject.org/pipermail/tor-dev/2012-March/003347.html, some dude who claims to be a raccoon proved that tagging attacks are an amplification attack that allow an adversary who has c/n of the network bandwidth to compromise of c/n of all circuits through the network.

The tagging attack he describes is actually a subset of path bias attacks we've known about for a long time. Tagging is just a particularly nasty one that also allows for a level of amplification that we previously were not aware of.

This ticket is to serve as the parent ticket for several things we can do to improve the situation and defend against tagging in specific or path bias in general.

changed milestone to %Tor: unspecified

added SponsorZ-large component::core tor/tor milestone::Tor: unspecified needs-proposal priority::high research-program severity::normal status::new tor-client type::project labels

Assigning this to sponsor Z, since it needs a Tor milestone. I'd like to get fixes into 0.2.3.x, except for the stuff that requires heavy research, which should target 0.2.4.x.

Trac:
Milestone: N/A to Sponsor Z: November 1, 2013

Switching from using milestones to keywords for sponsor deliverables. See #6365 (moved) for details.

Trac:
Milestone: Sponsor Z: November 1, 2013 to N/A
Keywords: N/A deleted, SponsorZ added

There's a lot of stuff here. Could also fund some Torflow work.

Trac:
Keywords: SponsorZ deleted, SponsorZ-large added

Trac:
Milestone: N/A to Tor: 0.2.4.x-final

Trac:
Keywords: SponsorZ-large deleted, SponsorZ-large needs-proposal added

Trac:
Keywords: SponsorZ-large needs-proposal deleted, SponsorZ-large needs-proposal tor-client added

Trac:
Component: Tor Client to Tor

Mike, how much of this needs to get deferred out of 0.2.4.x ? How much is done?

Some of these should probably be cleaned up/removed. Maybe in the process we should use a keyword rather than this parent ticket.

To more directly answer your question, the only thing I'm aiming to get into 0.2.4.x at this point is #7802 (moved) (which looks like it isn't even a child here, but maybe should be?).

Okay; feel free to change the parent of #7802 (moved). Also remember that the small features deadline is real. :)

Don't worry, I've been prioritizing tor-core deadlines higher than the remote code exec deadline of Firefox 10ESR. #7802 (moved) will take priority over any Firefox bugs from now till that deadline. Hope everyone has their fingers crossed. It's gonna be a close one :).

The parent of #7802 (moved) is already occupied though. That's the main reason I think we might want to switch to tags for these.

Actually, since both deadlines are set in stone, I think #5956 (moved) is more important than Firefox 10ESR EOL at this point too (now that we have directory guards).

The good news though is that I think our 17ESR patches+Torbutton 1.5 is in a position to build a TBB alpha right now, so that may carry us for long enough with testing for me to get these two done. If not, I guess it a working 17ESR TBB-alpha just waits another week for me to do these two.

Moving the remainder of this forward.

Trac:
Milestone: Tor: 0.2.4.x-final to Tor: 0.2.5.x-final

Trac:
Milestone: Tor: 0.2.5.x-final to Tor: 0.2.???

Trac:
Cc: rransom, nickm, arma, mikeperry to rransom, nickm, arma, mikeperry, isis

Trac:
Cc: rransom, nickm, arma, mikeperry, isis to rransom, nickm, arma, mikeperry, isis, saint

This parent ticket is tagged SponsorZ, but it looks like progress on most open children stalled over a year ago and the two more-recently improved tickets (9001, 7003) might be being addressed under other proposals and work.

Should this still be an open SponsorZ ticket?

Trac:
Reviewer: N/A to N/A
Sponsor: N/A to N/A
Severity: N/A to Normal

Mikeperry probably has the best handle on the status of this.

Milestone renamed

Trac:
Milestone: Tor: 0.2.??? to Tor: 0.3.???

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

Trac:
Keywords: SponsorZ-large needs-proposal tor-client deleted, needs-proposal, tor-client, SponsorZ-large, tor-03-unspecified-201612 added
Milestone: Tor: 0.3.??? to Tor: unspecified

Remove an old triaging keyword.

Trac:
Keywords: tor-03-unspecified-201612 deleted, N/A added

Trac:
Keywords: tor-client deleted, tor-client research-program added
Type: defect to project

mentioned in issue #5458 (moved)

mentioned in issue #5462 (moved)

mentioned in issue #5464 (moved)

mentioned in issue #5956 (moved)

mentioned in issue #5968 (moved)

mentioned in issue #6135 (moved)

mentioned in issue #7157 (moved)

mentioned in issue #7281 (moved)

mentioned in issue #7582 (moved)

mentioned in issue #9001 (moved)

moved to tpo/core/tor#5456 (closed)

mentioned in issue tpo/core/tor#5968