From 21eac1e8d8a116f2dd8dd0a7d150916646ee9120 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Wed, 12 Oct 2022 20:29:11 +0200 Subject: dns: Make TTLs fuzzy at exit relays This change mitigates DNS-based website oracles by making the time that a domain name is cached uncertain (+- 4 minutes of what's measurable). Resolves TROVE-2021-009. Fixes #40674 --- src/core/or/connection_edge.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'src/core/or/connection_edge.c') diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index d071bf8937..7bed089449 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -102,6 +102,7 @@ #include "feature/stats/predict_ports.h" #include "feature/stats/rephist.h" #include "lib/buf/buffers.h" +#include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" #include "core/or/cell_st.h" @@ -484,6 +485,21 @@ clip_dns_ttl(uint32_t ttl) return MAX_DNS_TTL; } +/** Given a TTL (in seconds), determine what TTL an exit relay should use by + * first clipping as usual and then adding some randomness which is sampled + * uniformly at random from [-FUZZY_DNS_TTL, FUZZY_DNS_TTL]. This facilitates + * fuzzy TTLs, which makes it harder to infer when a website was visited via + * side-channels like DNS (see "Website Fingerprinting with Website Oracles"). + * + * Note that this can't underflow because FUZZY_DNS_TTL < MIN_DNS_TTL. + */ +uint32_t +clip_dns_fuzzy_ttl(uint32_t ttl) +{ + return clip_dns_ttl(ttl) + + crypto_rand_uint(1 + 2*FUZZY_DNS_TTL) - FUZZY_DNS_TTL; +} + /** Send a relay end cell from stream conn down conn's circuit, and * remember that we've done so. If this is not a client connection, set the * relay end cell's reason for closing as reason. -- cgit v1.2.3-54-g00ecf