[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #15938 [Tor]: HS descriptor cache leaks timing information to local users

Subject: [tor-bugs] #15938 [Tor]: HS descriptor cache leaks timing information to local users
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 06 May 2015 16:51:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 06 May 2015 12:51:43 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15938: HS descriptor cache leaks timing information to local users
--------------------------------+------------------------------
 Reporter:  teor                |          Owner:
     Type:  defect              |         Status:  new
 Priority:  normal              |      Milestone:  Tor: 0.2.???
Component:  Tor                 |        Version:
 Keywords:  SponsorR, SponsorU  |  Actual Points:
Parent ID:                      |         Points:
--------------------------------+------------------------------
 Anyone who can connect to a tor client can discover which HSs have been
 accessed recently, by running a timing attack against the HS cache. Cached
 descriptors return much faster than uncached descriptors.

 This may be possible through browser JavaScript attempting HS connections
 and timing the responses.

 An observer on the network or in control of an HSDir could potentially
 enhance this timing attack with network request correlation.

 Yawning suggests a per-stream-isolation cache to avoid this issue.

 Each TorBrowser-isolated cache would most likely have 0 or 1 HS descriptor
 in it - 0 if the URL is not a HS, and 1 if it is.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15938>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #15938 [Tor]: HS descriptor cache leaks timing information to local users
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15938 [Tor]: HS descriptor cache leaks timing information to local users
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15938 [Tor]: HS descriptor cache leaks timing information to local users
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15938 [Tor]: HS descriptor cache leaks timing information to local users
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #15937 [Tor]: Clients fail on the 7th rapid SOCKS request to the same HS
Next by Author: Re: [tor-bugs] #15933 [Tor Browser]: TorButton 1.9.2.2 breaks File Host sites
Previous by thread: Re: [tor-bugs] #15937 [Tor]: Clients fail on the 7th rapid SOCKS request to the same HS
Next by thread: Re: [tor-bugs] #15938 [Tor]: HS descriptor cache leaks timing information to local users
Index(es):
- Author
- Thread