HulaHoopWhonix
commented
7 years ago After discussing this with the Tor developers it turns out the specific fingerprinting attack I pointed out before still remains. [1] Can you please consider patching the secure_seq.c:seq_scale() timer out of the ISN code to close up this risk?
[0] https://lists.torproject.org/pipermail/tor-dev/2017-January/011788.html - my original question
[1] https://lists.torproject.org/pipermail/tor-dev/2017-January/011789.html
chris-wood
@chris-wood
Excuse the "bug report" I tried sending this message to your uni mail but it was blocked because of over zealous IP filters.
I came across your blog post on TCP ISNs and SipHash. Also one of the problems with using MD5 was that attacker induced CPU activity caused a predictable skew in ISNs [1] for fingerprinting and unmasking Tor Hidden service traffic. The skew was calculated with the steps in paper [2]. With SipHash now accepted in Linux 4.11 does this kill this attack technique?
It seems to me that the timer value added to F as per section 3 in RFC-6528 "should" no longer be distinguishable from the SipHash values since its good at what it does. I am by no means knowledgeable enough to confirm though. Besides that I think leaking timer values or system clock in network protocols is awful protocol design because the amount of privacy harm it causes but changing RFCs is out of my power.
PS. I am a Whonix (anonymity OS) dev and I've been interested in foiling such privacy leaks for a long time.
[1] http://sec.cs.ucl.ac.uk/users/smurdoch/papers/ccs06hotornot.pdf
[2] http://sec.cs.ucl.ac.uk/users/smurdoch/papers/ih05coverttcp.pdf (pages 7-8)
[3] https://tools.ietf.org/html/rfc6528