Changes between Version 8 and Version 9 of org/sponsors/SponsorV


Ignore:
Timestamp:
Oct 25, 2017, 3:02:57 AM (2 years ago)
Author:
mikeperry
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • org/sponsors/SponsorV

    v8 v9  
    2323== Short Term ==
    2424
    25 Our short term plan is to fix lowest hanging fruit first. Because Proposal 247 requires quite a bit of performance tuning, but will still provide improved security without completing that tuning, we are going to aim to support an external implementation through an add-on Tor Controller and torrc options. This Tor controller will also be used for performance evaluation.
     25Our short term plan is to go after low hanging fruit. Several of the guard discovery attack vectors are very easy to mitigate, but very hard to solve entirely. We must not let perfect be the enemy of good during this phase.
    2626
    27 The set of development work for this is:
    28 
    29 [[TicketQuery(keywords=~guard-discovery-prop247-controller,order=priority,desc=1,format=table,col=resolution|summary|owner|reporter)]]
    30 
    31 Additionally, a few relatively simple changes can also be completed on the 0.3.2/0.3.3 timescale that should address other vectors relating to our statistics reporting and gathering:
     27To start, a few relatively simple changes can be completed on the 0.3.2/0.3.3 timescale that should address vectors relating to our statistics reporting and gathering:
    3228
    3329[[TicketQuery(keywords=~guard-discovery-stats,milestone=~0.3.2.x-final,order=priority,desc=1,format=table,col=resolution|summary|owner|reporter)]]
     
    3531[[TicketQuery(keywords=~guard-discovery-stats,milestone=~0.3.3.x-final,order=priority,desc=1,format=table,col=resolution|summary|owner|reporter)]]
    3632
     33Separate from the above, [https://gitweb.torproject.org/torspec.git/tree/proposals/247-hs-guard-discovery.txt Proposal 247] is our proposal for changing Tor's path selection for hidden services to deal with [https://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf trawling-style middle-node based attacks]. Unfortunately, Proposal 247 requires quite a bit of performance tuning before we can do a final implementation. The final implementation will also require extensive modifications to Tor's path selection code.
     34
     35The good news is that we can provide significantly improved security before we complete this implementation by providing torrc options and an add-on a Tor Controller that implements our intended algorithm. This same add-on Tor controller will also be used for performance evaluation. The target release for this initial work is Tor 0.3.3, which freezes mid-January 2018. The set of development work for this is:
     36
     37[[TicketQuery(keywords=~guard-discovery-prop247-controller,order=priority,desc=1,format=table,col=resolution|summary|owner|reporter)]]
     38
    3739== Long Term ==
    3840
    39 After 0.3.3, we plan to simulate the performance properties of Prop247 using the addon controller. Separately, we will also simulate the time-until-compromise estimates based on various parameters. We will use the results of these experiments to parameterize Prop247.
     41After 0.3.3, we plan to simulate the performance properties of Prop247 using the add-on controller. Separately, we will also simulate the time-until-compromise estimates of various parameter choices. We will use the results of these experiments to finalize parameter choices for the native Tor implementation of Proposal 247.
    4042
    41 XXX: These two simulators should have tickets.
     43XXX: These two experiments should have tickets.
    4244
    4345Proposal 247 by itself is insufficient to deal with all forms of guard discovery. In particular, circuit lifetime attacks like #22728 suggest that we need some way of re-establishing cirucits to an IP/RP over a new path. [https://www.cypherpunks.ca/~iang/pubs/conflux-pets.pdf the conflux technique] may be one way to do this. Note that for #22728 we do not need the flow control and load balancing pieces of conflux. we only need the ability to migrate an RP/IP from one path to another.