[tor-bugs] #16659 [- Select a component]: TCP Initial Sequence Numbers Leak Host Clock

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 26 21:05:24 UTC 2015 

#16659: TCP Initial Sequence Numbers Leak Host Clock
--------------------------------------+--------------------
     Reporter:  source                |      Owner:
         Type:  defect                |     Status:  closed
     Priority:  normal                |  Milestone:
    Component:  - Select a component  |    Version:
   Resolution:  not a bug             |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+--------------------
Changes (by yawning):

 * status:  new => closed
 * resolution:   => not a bug


Comment:

 Replying to [comment:7 mikeperry]:
 > If you could actually recover the current time from the ISN, that would
 be a cause for concern, since it could make correlation attacks much
 easier given an additional application layer timestamp at the exit or
 hidden service. But I agree, it doesn't seem like that is actually the
 case.

 The information's only propagated as far as the Guard anyway, and if you
 suspect you're a given HS's guard, confirming it doesn't require TCP
 sequence number trickery.

 > But pages 10-12 in
 ​http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf seem to describe
 how to work backwards and get the original clock.

 For Linux 2.2, 2.4, and 2.6.  I don't care enough to check when they
 changed the algorithm.

 If you actually bothered to read the code in question, you would see that:
   a. `net_secret` is initialized once and exactly once, and no longer
 periodically like described in the paper.
   b. The MD5 (not MD4 as described in the paper) hashed value, is added to
 the shifted and truncated time in nanoseconds `seq +
 (ktime_to_ns(ktime_get_real()) >> 6)`.  This transform is destructive, and
 the part that's added is (as I said in my comment) a cyclical timer with a
 274 s period and 64 ns resolution.

 Anything vaguely resembling the full host's time is totally destroyed by
 the shift + truncate step.

 NABing.  Complain to the Linux kernel developers if you think this is a
 big deal.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16659#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list