[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Uptime Sanity Checking



Filename: uptime_sanity_checking.txt
Title: Uptime Sanity Checking
Version:
Last-Modified:
Author: Kevin Buaer & Damon McCoy
Created: 8-March-2007
Status: Open

Overview:

   This document describes how to cap the uptime that
   is used when computing which routers are maked as stable   
   such that highly stable routers cannot be displaced by
   malicious routers that report extremely high uptime 
   values.

   This is similar to how bandwidth is capped at 1.5MB/s.

Motivation:

   It has been pointed out that an attacker can
   displace all stable nodes and entry guard nodes by
   reporting high uptimes. This is an easy fix that
   will prevent highly stable nodes from being
   displaced.

Security implications:

   It should decrease the effectiveness of routing
   attacks that report high uptimes while not impacting
   the normal routing algorithms.

Specification:

   We propose that uptime be capped at two months.
   Currently there are approximetly 50 nodes with this
   amount of uptime, and the average uptime is around 9
   days. This cap would prevent these 50 nodes from
   being displaced by an attacker.

Compatibility:

   There should be no compatiblity issues due to uptime
   capping.

Implementation:

   #define MAX_BELIEVABLE_UPTIME 60*24*60*60
  dirserv.c
  1448: *up = (uint32_t) real_uptime(ri, now);
        if(*up > MAX_BELIEVABLE_UPTIME) {
          *up = MAX_BELIEVABLE_UPTIME;
        }
Filename: uptime_sanity_checking.txt
Title: Uptime Sanity Checking
Version:
Last-Modified:
Author: Kevin Buaer & Damon McCoy
Created: 8-March-2007
Status: Open

Overview:

   This document describes how to cap the uptime that
   is used when computing which routers are maked as stable   
   such that highly stable routers cannot be displaced by
   malicious routers that report extremely high uptime 
   values.

   This is similar to how bandwidth is capped at 1.5MB/s.

Motivation:

   It has been pointed out that an attacker can
   displace all stable nodes and entry guard nodes by
   reporting high uptimes. This is an easy fix that
   will prevent highly stable nodes from being
   displaced.

Security implications:

   It should decrease the effectiveness of routing
   attacks that report high uptimes while not impacting
   the normal routing algorithms.

Specification:

   We propose that uptime be capped at two months.
   Currently there are approximetly 50 nodes with this
   amount of uptime, and the average uptime is around 9
   days. This cap would prevent these 50 nodes from
   being displaced by an attacker.

Compatibility:

   There should be no compatiblity issues due to uptime
   capping.

Implementation:

   #define MAX_BELIEVABLE_UPTIME 60*24*60*60
  dirserv.c
  1448: *up = (uint32_t) real_uptime(ri, now);
        if(*up > MAX_BELIEVABLE_UPTIME) {
          *up = MAX_BELIEVABLE_UPTIME;
        }