tor  0.4.2.0-alpha-dev
Macros | Functions
circuitpadding_machines.c File Reference
#include "core/or/or.h"
#include "feature/nodelist/networkstatus.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitpadding_machines.h"
#include "core/or/circuitpadding.h"

Go to the source code of this file.

Functions

void circpad_machine_client_hide_intro_circuits (smartlist_t *machines_sl)
 
void circpad_machine_relay_hide_intro_circuits (smartlist_t *machines_sl)
 
void circpad_machine_client_hide_rend_circuits (smartlist_t *machines_sl)
 
void circpad_machine_relay_hide_rend_circuits (smartlist_t *machines_sl)
 

Detailed Description

Circuit padding state machines.

\detail

Introduce circuit padding machines that will be used by Tor circuits, as specified by proposal 302 "Hiding onion service clients using padding".

Right now this file introduces two machines that aim to hide the client-side of onion service circuits against naive classifiers like the ones from the "Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services" paper from USENIX. By naive classifiers we mean classifiers that use basic features like "circuit construction circuits" and "incoming and outgoing cell counts" and "duration of activity".

In particular, these machines aim to be lightweight and protect against these basic classifiers. They don't aim to protect against more advanced attacks that use deep learning or even correlate various circuit construction events together. Machines that fool such advanced classifiers are also possible, but they can't be so lightweight and might require more WTF-PAD features. So for now we opt for the following two machines:

Client-side introduction circuit hiding machine:

This machine hides client-side introduction circuits by making their circuit consruction sequence look like normal general circuits that download directory information. Furthermore, the circuits are kept open until all the padding has been sent, since intro circuits are usually very short lived and this act as a distinguisher. For more info see circpad_machine_client_hide_intro_circuits() and the sec.

Client-side rendezvous circuit hiding machine:

This machine hides client-side rendezvous circuits by making their circuit construction sequence look like normal general circuits. For more details see circpad_machine_client_hide_rend_circuits() and the spec.

TODO: These are simple machines that carefully manipulate the cells of the initial circuit setup procedure to make them look like general circuits. In the future, more states can be baked into their state machine to do more advanced obfuscation.

Definition in file circuitpadding_machines.c.

Function Documentation

◆ circpad_machine_client_hide_intro_circuits()

void circpad_machine_client_hide_intro_circuits ( smartlist_t machines_sl)

Create a client-side padding machine that aims to hide IP circuits. In particular, it keeps intro circuits alive until a bunch of fake traffic has been pushed through.

Definition at line 65 of file circuitpadding_machines.c.

◆ circpad_machine_client_hide_rend_circuits()

void circpad_machine_client_hide_rend_circuits ( smartlist_t machines_sl)

Create a client-side padding machine that aims to hide rendezvous circuits.

Definition at line 260 of file circuitpadding_machines.c.

◆ circpad_machine_relay_hide_intro_circuits()

void circpad_machine_relay_hide_intro_circuits ( smartlist_t machines_sl)

Create a relay-side padding machine that aims to hide IP circuits. See comments on the function above for more details on the workings of the machine.

Definition at line 150 of file circuitpadding_machines.c.

◆ circpad_machine_relay_hide_rend_circuits()

void circpad_machine_relay_hide_rend_circuits ( smartlist_t machines_sl)

Create a relay-side padding machine that aims to hide IP circuits.

This is meant to follow the client-side machine.

Definition at line 379 of file circuitpadding_machines.c.