[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Proposal 316: FlashFlow: A Secure Speed Test for Tor (Parent Proposal)
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] Proposal 316: FlashFlow: A Secure Speed Test for Tor (Parent Proposal)
- From: Matt Traudt <pastly@xxxxxxxxxxxxxx>
- Date: Tue, 2 Jun 2020 16:12:51 -0400
- Autocrypt: addr=pastly@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFYSsCYBEACtCAyNCpmHR4A3L4AWF9UbhZDu76D3LxZHSuPkCWOI++7Lm1SZ0QTuDsd0 ncp6qmzx56wbL9rmRwgNHFCPxlEv1zHmGDoGS/h1CVLsOXpEKqmyyCysYygp+Fc6N5aXIlCm lBj4xEnjz3aSdA0T6RAUOJRLDvmH0hs3guPsJ5Ic12+WekkgqXrNPKoI8PEa1MVFB8RT/49+ SZp28zTk951LXFy2Gte+r/FmNIoKCgMvyBJ5y+vRDIERZhA3S/U9w66zflpBhSRco9VG2fZX Pe2Y5OiC9sLJoHHce7QLIsMbepzGDWIDyIkveMDHPByJL2i3+ajQvv4mRl/WFOUXQJ+HgtA4 o7ul8KSPghmkXJBPTc1nb4U6yPE+cJgx1PhAkc6pcHOo3bf9tnozr4IdkiG/1bvInLqTqm30 nJOloNLVLt6WhhWEt9tUJrcXMSZwhuABgxzz+HvvE19XFzvCCm9xU0dh2kgQ2PAnmK8QsH4b h2M9bkH+WEgMZdh4tNcJdj4UtH/OL8R22+E198lq4C9SMj5DEocllshIVpXRJb2wz91rgP+t dYfjGV/nlnQDKCK1S/+rjSnu4Li3dzTrcNS2rewlVuyUeM5gCnmp6vVZh9xiF/HvYPhKr68J heuo7mq9EJeeuMOcedf5d/zC5fNcdmalYbM8Ow5BT0ZLveIzuQARAQABtCNNYXR0IFRyYXVk dCA8cGFzdGx5QHRvcnByb2plY3Qub3JnPokCVAQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgID AQIeAQIXgBYhBLfhBfxObZN3+Jy6TIO8qVKU+7sKBQJesAkyBQkSA1qMAAoJEIO8qVKU+7sK YG4P+wQqPnb+1Vovw9x4SNKXcwUmb2P/52MG/DP3irIOgl+txPYDXn7zOalR5ArWQeCECDDD sj9eK7OWES02o10tzVUJy6whTqkvvSKHydvPd3mbjjiwxfwEzHfmdfW6bYK6zM/zvvsoJpon hJgTi1A81yltuUsHq9ZQPPMbjSWeO2fpjr2+nzUVVF/AhnvfGh0d3kOlbKFuPTZGA655uX0e TQw1WYrg7yA7fyuIZ5WhdEludH4Xy/ue3MMoTU3BPerUTUaonXjmimS0VHFXIMoP4U++TbgG Crs7Sc8/tAbN6g2IVkw0ro7pIyTtTa2KejYvFkelHdEUoDb9IGQeyqmMxzzv6HqKYvD/Ovum XPwRQhI7OuPVoMjRKdo1NUyT0d45YG3Vs4xCllRx82NTmGvPFxMYa+ox3VGTs9Etos9zwuze eWPatbG+0c6Msd/2lAVRCqNEJAxxE3l6OEHSioNNkQZFU88OJl7d2LPYomC+P7lELFd2hk3V d86QrquqHzOGGOdpizt88JKboFJ9e3tOiNxmmCLS0RzPDXSovZVSZHmelcG8qpRKJE5JYC3H yimbK+poKCTv1gC2iaNk8Pf+ESsSrFKtALoEHCXK+IQII8IbIUgOE71CHPsCQpo0GuQhrkk1 GDQHyXN/yWy8Od23cZt3OZB77Yu3wI1Ww2+lIKMIuQINBFYSsCYBEACqS7ebFvWcarIc2pAb BFAcgdZvS5uHCV4eq23adCQbg1xBMNXDVzq7WU2jc7Cu0HwPJ9OoUUcPuf/EgwiF+a0A/IrZ C2zjVyzvdLZ7+MqPje8ff2/HjxZs7G5Ss1auISFqOO67wPh4jRcy/M91U+JBgFZH2SAsDNgc GxK2T6nFWiEXd8Y+ntEUJhXsMrakq+opidtYMRkK5PxW3InQFP9y52SXR77S5jzmpZc0pVg+ e4Euletz26yGTM2piwd4jbY0rM34oeHNN8w2MEo0krYla7NhK3dmAKoHu7kSUymp//KdJi6R dO7P0meBS4HS+sapQUJz+pQf+4yuHJFPyAVFDXbkJg+QCZhENuq4zmJPi8g/4V/E9K1NrL8d NxhWwQ43ZeS33Ts6FAFAPhdde3QVSa59u/tKF4sqMAlitzypRobVJmjnok87jMVxislfiZL3 LbZUTV2jxMwEXdRzNsyKUoAfVOc2ePFfFwsv7lNK9ED0vdOoStOzpRGRgb0AFOJAjALQhUS3 3ORQSeIvYze1KIf9wX3VGXIIq4mXY7k02Xv2tFpefu03fd1jcCbWnz7N+HvM7xiV4+hCTaaA ZQ78t4PuMPr0Rq7jCWP8ft4CDI+xQaaqfTmdbxezx9oVpwT6AbAgOAkaiY3UY6zXUtN7vez+ SGxiVYf84XUsMWUPAQARAQABiQI8BBgBCAAmAhsMFiEEt+EF/E5tk3f4nLpMg7ypUpT7uwoF Al6wCVsFCRIDWrUACgkQg7ypUpT7uwpVJxAAqGPr68c4FZ6vEqL0nl4VGcxQPURxHzFnD0Bq +Fp7vPJZa2TpQhkvw+Jwzi+IECm4zq3QjyU/0clncXp+7H1FcSQO+/5HCB0Wh4YpFzlhzTes POxo28TKky0QH8JOqNItS2zdR/Wnl62Yglo63VRpoOzddy1/PMccyNO5YkuLnKAQgnwNgyM6 1wtP8BJYUeRuHVwprl1jr7jAvo4m5ABXBrzzWO+oLEPdQt5wEVNigdDyGxCiwc9+NBRbO4jW bPuJxV1CSKX+FbkJXxN3oYcTx8LQg2gxvElNMbgbmggEpZx2QWBmpnl28AKWXUIXYc/Uvfyb kAifdIyffYU7mXlxRDB75UDdDml5AvoQdrJCm5P/IgaYenWJ3mDb8jFIZSENsWYsbdt6bYBW 2j/6XLyVjprO5SehB3QQPteuTSMcI6G4Fu5wrkayZRtzSA4D/NUlhbezMr4YvcS1H96H7VV7 oTKPg23yC75uX3GXW+KiBc5+CoeIte4wcSIvZHs7wgX7hTJzOOcw7WpE415oZ42iIkyrQkUR gd5xWWtnDhXSS6GA974MVNk7P+Cd/84bKpUquEPMXanWZOGFqGRNBvEy5XcnHnLS8gycNVBx eKkjmfWV7rQS46sLmy/DZAVMs+Ubzy0N7oi13G3ehJyi0UIRU6nbLZ2HelIpOM2qv36yUlk=
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Tue, 02 Jun 2020 16:20:43 -0400
- In-reply-to: <CAKDKvuxycfxbZaD+BFa=FL=uTUAUkQhUcpb_uxDFgzZ+1XhxrA@mail.gmail.com>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- References: <15b4b3ec-cb75-4bf0-d9ac-951a70d4eb7f@torproject.org> <CAKDKvuxycfxbZaD+BFa=FL=uTUAUkQhUcpb_uxDFgzZ+1XhxrA@mail.gmail.com>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
On 6/2/20 3:01 PM, Nick Mathewson wrote:
> On Thu, Apr 23, 2020 at 2:48 PM Matt Traudt <pastly@xxxxxxxxxxxxxx> wrote:
>>
>
> Hi! I've got some comments on the FlashFlow proposal; I'll start with
> the ones that I think are most important, so that we can try to get
> them out of the way.
>
> First off, I'm concerned about the approach where measurers get to
> consume a certain amount of bandwidth, with only a set fraction left
> to devote to the background traffic. It seems like a hostile set of
> measurers could use this authority to introduce traffic patterns on
> the network to assist in traffic analysis. In general, having regular
> scheduled and visible changes in relay capacity seem to me like they'd
> help out traffic analysis a good deal.
>
> Second, the "MSM_BG" information type also seems like a serious
> traffic analysis risk. It is, literally, telling the measurers a
> report of how much traffic was sent each second on other connections.
> Previously we decided that a much coarser summary than this was too
> much information to publish in bandwidth-history lines, and I'm
> worried not to see any analysis here.
>
> {In both of the above cases we might say, "well, an attacker could do
> that anyway!" But to get the traffic information, an attacker would
> need to compromise the upstream connection, and to introduce traffic
> spikes the attacker would need to risk detection. This proposal as
> written would make both of these traffic analysis opportunities an
> expected part of the infrastructure, which seems not-so-good to me.}
>
Not just anyone can be a measurer. A bandwidth authority runs a
coordinator and chooses to trust some small number of measurers. In
practice, knowing the humans behind the dirauths today, I'd expect each
would only trust measurers they run themself.
> Third, I don't understand why we're using cell crypto here but we
> aren't using RELAY cells or (apparently?) circuits. Since TLS is
> already in play, we'll already be measuring the relays' encryption
> performance. But if we do decide that cell crypto is needed, then
> it's way easier to get that crypto happening if there are circuits
> involved. I think there's been some discussion of that on IRC; I'd
> suggest that we try to make that work if we can.
>
Yes the outcome of some IRC discussion with asn is that we should start
with MSM_ECHO cells being RELAY cells until we discover that is
untenable. The proposal will be updated to state this as well as clarify
that we'll be building circuits on which to send measurement traffic.
> Fourth, this approach to authenticating echo cell contents seems
> needlessly complicated. Instead of using random contents and
> remembering a fraction of cells, it would make more sense for
> measurers to use a keyed pseudorandom stream function to generate the
> cells, and to verify the contents of all the cells as they come back
> in. (AES128-CTR and ChaCha8 and SHAKE128 all have nice properties
> here.)
>
The motivation here is to do everything possible to prevent measurers
from being a bottleneck before the relay, which was a problem for us in
prototyping. This final transition-able FlashFlow is starting out with
verifying all cells the normal way so we can see if this can of worms is
even necessary. I'm not optimistic.
> Fifth, using IP addresses for identification is NOT something we do on
> the production network. I think we should authenticate measurers by
> identity key, not by IPv4 address (as is happening here, unless I
> misunderstand.)
>
It's the short term deployment that we propose use IP addresses for
identification. At this point there's 1 FlashFlow deployment being
operated by us and measuring relays that have opted in to running our
patches (realistically: just us, but hopefully some adventurous
operators too). In the medium/long term coords/measurers will use proper
TLS identities that will be checked by the relays.
Maybe that's still unacceptable, but I just wanted to make that clear.
Matt
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev