[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r9791: add initial uptime-sanity-checking proposal by Kevin Buaer a (in tor/trunk: . doc/spec/proposals)
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] r9791: add initial uptime-sanity-checking proposal by Kevin Buaer a (in tor/trunk: . doc/spec/proposals)
- From: nickm@xxxxxxxx
- Date: Sat, 10 Mar 2007 02:39:17 -0500 (EST)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Sat, 10 Mar 2007 02:39:23 -0500
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Author: nickm
Date: 2007-03-10 02:39:17 -0500 (Sat, 10 Mar 2007)
New Revision: 9791
Added:
tor/trunk/doc/spec/proposals/107-uptime-sanity-checking.txt
Modified:
tor/trunk/
tor/trunk/doc/spec/proposals/000-index.txt
Log:
r12520@Kushana: nickm | 2007-03-10 00:57:59 -0500
add initial uptime-sanity-checking proposal by Kevin Buaer and Damon McCoy.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r12520] on c95137ef-5f19-0410-b913-86e773d04f59
Modified: tor/trunk/doc/spec/proposals/000-index.txt
===================================================================
--- tor/trunk/doc/spec/proposals/000-index.txt 2007-03-10 07:38:42 UTC (rev 9790)
+++ tor/trunk/doc/spec/proposals/000-index.txt 2007-03-10 07:39:17 UTC (rev 9791)
@@ -25,4 +25,4 @@
104 Long and Short Router Descriptors [OPEN]
105 Version negotiation for the Tor protocol [OPEN]
106 Checking fewer things during TLS handshakes [CLOSED]
-
+107 Uptime Sanity Checking [OPEN]
Added: tor/trunk/doc/spec/proposals/107-uptime-sanity-checking.txt
===================================================================
--- tor/trunk/doc/spec/proposals/107-uptime-sanity-checking.txt 2007-03-10 07:38:42 UTC (rev 9790)
+++ tor/trunk/doc/spec/proposals/107-uptime-sanity-checking.txt 2007-03-10 07:39:17 UTC (rev 9791)
@@ -0,0 +1,48 @@
+Filename: 107-uptime-sanity-checking.txt
+Title: Uptime Sanity Checking
+Version:
+Last-Modified:
+Author: Kevin Buaer and Damon McCoy
+Created: 8-March-2007
+Status: Open
+
+Overview:
+
+ This document describes how to cap the uptime that is used when computing
+ which routers are maked as stable such that highly stable routers cannot
+ be displaced by malicious routers that report extremely high uptime
+ values.
+
+ This is similar to how bandwidth is capped at 1.5MB/s.
+
+Motivation:
+
+ It has been pointed out that an attacker can displace all stable nodes and
+ entry guard nodes by reporting high uptimes. This is an easy fix that will
+ prevent highly stable nodes from being displaced.
+
+Security implications:
+
+ It should decrease the effectiveness of routing attacks that report high
+ uptimes while not impacting the normal routing algorithms.
+
+Specification:
+
+ We propose that uptime be capped at two months. Currently there are
+ approximetly 50 nodes with this amount of uptime, and the average uptime
+ is around 9 days. This cap would prevent these 50 nodes from being
+ displaced by an attacker.
+
+Compatibility:
+
+ There should be no compatiblity issues due to uptime capping.
+
+Implementation:
+
+ #define MAX_BELIEVABLE_UPTIME 60*24*60*60
+ dirserv.c
+ 1448: *up = (uint32_t) real_uptime(ri, now);
+ if(*up > MAX_BELIEVABLE_UPTIME) {
+ *up = MAX_BELIEVABLE_UPTIME;
+ }
+