[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: System time in anonymity oriented LiveCDs



Without understanding details of the tor design, did you mention that tor knows the "real" time? So why dont you let tor set the right time. There could be a torrc setting like "when connecting to tor set system time according what tor says". This would enforce to run tor as root, not as unprivileged user, but this is a Live system, so this might be no problem(?).

Would this be a nice tor extension to help the LiveCD users?

Kind Regards

Thomas

Am Montag 03 Januar 2011 schrieb anonym:
> Hi list,
> 
> One issue for anonymity-oriented LiveCDs (such as T(A)ILS[1] and Liberté
> Linux[2]) is the system time. Tor requires a reasonably correct system
> time, otherwise no circuits will be opened. This is a major problem for
> these LiveCDs since they generally route all traffic through Tor
> transparently (using netfilter/iptables and the like) so no Tor circuits
> implies no network access for the user.
> 
> The obvious fix might seem to be to run something like NTP before Tor
> starts, but since NTP isn't authenticated at the moment[3] an adversary
> could intercept the NTP sync and force a crafted time on the user which
> later can be used to fingerprint the user if s/he uses some
> protocol/application which leaks system time. Hence NTP is out of the
> question.
> 
> Liberté Linux has a novel solution to this problem[4] -- it sets the
> system time according to the Tor consensus' valid-after/until values,
> which essentially removes Tor's time skew check. We T(A)ILS developers
> are tempted to implement the same solution, but first we'd like to ask
> here if this is safe, or if it opens up for any unexpected type of
> attacks or problems.
> 
> If any one has a completely different solution for the system time issue
> we're very interested in hearing that out as well.
> 
> Cheers!

Attachment: signature.asc
Description: This is a digitally signed message part.