[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #33421 [Metrics/Onionperf]: Track which Guard is used for experimental measurements



#33421: Track which Guard is used for experimental measurements
---------------------------------------+-----------------------------------
 Reporter:  acute                      |          Owner:  metrics-team
     Type:  enhancement                |         Status:  needs_information
 Priority:  Medium                     |      Milestone:
Component:  Metrics/Onionperf          |        Version:
 Severity:  Normal                     |     Resolution:
 Keywords:  metrics-team-roadmap-2020  |  Actual Points:
Parent ID:  #33321                     |         Points:  3
 Reviewer:                             |        Sponsor:  Sponsor59-must
---------------------------------------+-----------------------------------

Comment (by mikeperry):

 Thank you for your attention to detail on this, acute!

 This is true. The dark secret of the One Guard Revolution is that it
 didn't make Tor use only one guard, and never can. Tor must fall back to a
 second guard due to path restrictions and other failure cases, some of
 which can be controlled by the adversary to aid traffic analysis attacks.

 In practice, this happens when:
 1. The Exit (which is chosen first) is the same /24 or Family as the Guard
 2. The adversary chooses a RP in the same /24 or family as the Guard of an
 onion service, to more easily attack that service with traffic analysis
 3. The IP used by a circuit is in the same /24 or family as the main guard
 4. The HSDIR is in the same /24 or family as the main guard
 5. When the main Guard's TLS connection is closed a few times because of
 bad connectivity
 6. Probably some other cases no one remembers or even knows of

 Tor is not so good at these edge cases and probably never will be.

 But that's not really relevant to this ticket.

 Even if we give up on the One Guard Revolution and always use two guards,
 we should still track which guard was used for a circuit in onionperf, so
 that we can filter on the performance seen via different kinds of guards
 (as per tools for #33327).

 This will help with all kinds of analysis, including determining if and
 when a third guard is used (to find more instances of `#6`), and measuring
 the balance between the two main guards otherwise.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33421#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs