[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #18552 [Tor Browser]: timing oracle for rendezvouz circuits
#18552: timing oracle for rendezvouz circuits
-----------------------------+--------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Very Low | Milestone:
Component: Tor Browser | Version:
Severity: Trivial | Keywords: timing performance
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------+--------------------------------
The ''performance'' and ''XMLHTTPRequest'' javascript APIs provide a
toolset sufficient enough to measure for the existence of previously
established rendezvous circuits.
Since CORS headers can only be determined after a request is performed, by
measuring the time to failure on a series of cross-domain requests and
observing the difference between the time-to-failure on the first and
subsequent requests we could determine if a user has an already
established circuit with a given rendezvous website.
While the timing on ''performance'' is quite coarse, it is sufficient to
detect the build time of a rendezvous circuit. If the subsequent requests
consistently take the same time as the initial request it could be
inferred that the user already had a circuit established to the onion
address being tested by the ''XMLHTTPRequest''.
The measurement capabilities are very weak given that the sample set of
the initial connection can only be 1, as such this attack is not very
reliable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18552>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs