[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Secure way to set time using Hidden Service descriptors



Hi. As you may already know, NTP doesn't work over Tor and even if it did its untrusted and unauthenticated design leaves systems open to clock skew attacks that could unmask hidden services. What are your thoughts on having an anonymity distro, that Torrifies all traffic, depend on Hidden Service descriptors for secure timesyncing purposes?

N.B. I have suggested a mechanism that Tor itself incorporate a mechanism to broadcast time from relays to clients, but until this is realized I'm thinking that the proposed alternative is a good drop in.


The only weakness identified is that if a Hidden service forges its descriptor timestamp deliberately, it could perform a time replay attack within an 18 hour window. How serious is this?


Proposal:

My proposal is to have the time synchronizer daemon query the DHT for specific Hidden Service descriptors from the HSDir Authorities without actually connecting to them and calculate a more finegrained time to set. Here is why I think its a good idea:

* Descriptors contain a timestamp field which shows the time they are generated.Time reported is number of microseconds since 1970. * Descriptors are signed by the HS and cannot be spoofed by the HSDirAuth.
* Descriptors are refreshed hourly.
* A "malicious" HS that want to fool our time check has to go out of its way and forge the timestamp in its descriptor. If they are doing this by just running with a wrong clock, they will make themselves inaccessible. * According to rend-spec, the damage is much limited (only and 18 hour window) before HSDir Authorities reject these forgeries. * There does exist stable, available and friendly HS besides the TPO one that was taken down. The only addresses that will be used are those of trusted organizations that will not carry out the forging attacks described above. These will be Whistleblowing and Freedom friendly sites. Some suggestions: Wikileaks, RiseUp (each service they provide has a unique HS address assigned), TheNewyorker's SecureDrop service and probably more. * The way to go about this is to fetch descriptors without connecting. (how? please describe if it can be done. Its probably best so we don't overload these organization's hidden servers)
* The timestamps will be averaged to get a more accurate reading.

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk