[tor-bugs] #25574 [Core Tor/Tor]: Eliminate "silent-drop" side channels in Tor protocol

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 4 20:17:21 UTC 2018 

#25574: Eliminate "silent-drop" side channels in Tor protocol
-----------------------------------+----------------------------------
 Reporter:  mikeperry              |          Owner:  (none)
     Type:  defect                 |         Status:  new
 Priority:  Medium                 |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor           |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  guard-discovery-stats  |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:  SponsorV-can
-----------------------------------+----------------------------------

Old description:

> https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00
>
> There are lots of ways to inject data into Tor streams, and this is a
> vector of attack for guard discovery and confirmation:
> https://petsymposium.org/2018/files/papers/issue2/popets-2018-0011.pdf
>
> I have a branch that tries to eliminate a pile of these from a while ago,
> but it has lots of false positives due to the common occurrence of
> invalid stream IDs in practice (see #25573).
> https://gitweb.torproject.org/mikeperry/tor.git/log/?h
> =timing_sidechannel_fix-squashed1
>
> I think we may want to do #25573 before trying to merge that branch.

New description:

 https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

 There are lots of ways to inject data into Tor streams, and this is a
 vector of attack for guard discovery and confirmation ("DropMark" attack):
 https://petsymposium.org/2018/files/papers/issue2/popets-2018-0011.pdf

 I have a branch that tries to eliminate a pile of these from a while ago,
 but it has lots of false positives due to the common occurrence of invalid
 stream IDs in practice (see #25573).
 https://gitweb.torproject.org/mikeperry/tor.git/log/?h
 =timing_sidechannel_fix-squashed1

 I think we may want to do #25573 before trying to merge that branch.

--

Comment (by dmr):

 Adding parenthetical to tie that term 'DropMark' to the paper (it might
 not otherwise be obvious by context).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25574#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list