From 385cc92bc91e1a6c3724085c060e76bf40c13ed3 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 15 Oct 2024 16:08:16 +0200 Subject: Import PhD thesis --- summary/src/tlwo/main.tex | 69 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 summary/src/tlwo/main.tex (limited to 'summary/src/tlwo/main.tex') diff --git a/summary/src/tlwo/main.tex b/summary/src/tlwo/main.tex new file mode 100644 index 0000000..09110c4 --- /dev/null +++ b/summary/src/tlwo/main.tex @@ -0,0 +1,69 @@ +\begin{kaupaper}[ + author={% + \textbf{Rasmus Dahlberg} and + Tobias Pulls + }, + title={% + Timeless Timing Attacks and Preload Defenses in Tor's DNS Cache + }, + reference={% + USENIX Security (2023) + }, + summary={% + Tor relays cache resolved domains with constant time-to-live values not to + reveal information about past exit traffic while boosting performance. We + show that this caching strategy and its implementation in the live Tor + network can be exploited by a \emph{timeless timing attack} that leaks if a + domain is (not) cached. Further, the time that a domain was inserted into + the cache can be inferred by repeated probes. Our attack prototype's + experimental evaluation in real conditions shows that there are neither + false positives nor false negatives (10M~repetitions). Thus, it is useful + for instantiating a real-world website oracle without requiring any special attacker + capabilities or reach (just a modest computer that can create a Tor + circuit). One of our mitigations has been merged in Tor: probabilistic + time-to-live values that make the time-of-insertion fuzzy. Long-term, + Tor's DNS cache could be redesigned to \emph{preload} the same domains at all + exits. Such preloading would eliminate all (timeless) timing attacks in + Tor's DNS cache because the same domains would always be (un)cached across + different circuits. To retain performance within the same circuit, we + propose that the preloaded domains should be complemented by a dynamic + same-circuit cache that is not shared across circuits. Our + four-month-long DNS cache measurement at two 100~Mbit/s exit relays + informs on today's baseline performance. It is compared to a preloaded + DNS cache based on different variations of three popularity lists: Alexa, + Tranco, and Umbrella. A preloaded DNS cache can be as performant as today + with similar resource usage or significantly improve cache-hit ratios by + 2-3x. However, the increased cache-hit ratios have the cost of modest + increases in memory and resolver load. + }, + participation={\vspace{-.25cm} + Tobias and I collaborated closely from start to finish with the following + exceptions. I did most implementation work. Volunteers from DFRI---a + Swedish non-profit and non-partisan organization that promotes digital + rights---operated our exit relays. Tobias did most DNS cache data + analysis. Tobias also had the initial idea, which was refined with + feedback~from~Roger~Dingledine. + }, + label={ + paper:tlwo + }, +] + \maketitle + \begin{abstract} + \input{src/tlwo/src/abstract} + \end{abstract} + + \input{src/tlwo/src/introduction} + \input{src/tlwo/src/background} + \input{src/tlwo/src/tor-cache} + \input{src/tlwo/src/attack} + \input{src/tlwo/src/short} + \input{src/tlwo/src/long} + \input{src/tlwo/src/related} + \input{src/tlwo/src/conclusion} + \input{src/tlwo/src/acknowledgements} + \input{src/tlwo/src/availability} + + \bibliographystyle{plain} + \bibliography{src/tlwo/src/ref} +\end{kaupaper} -- cgit v1.2.3