diff options
Diffstat (limited to 'spec/padding-spec/circuit-level-padding.md')
-rw-r--r-- | spec/padding-spec/circuit-level-padding.md | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/spec/padding-spec/circuit-level-padding.md b/spec/padding-spec/circuit-level-padding.md index 5f821ca..575f248 100644 --- a/spec/padding-spec/circuit-level-padding.md +++ b/spec/padding-spec/circuit-level-padding.md @@ -1,4 +1,5 @@ <a id="padding-spec.txt-3"></a> + # Circuit-level padding The circuit padding system in Tor is an extension of the WTF-PAD @@ -21,6 +22,7 @@ operation. For full details on using the circuit padding system to develop future padding defenses, see the research developer documentation[17]. <a id="padding-spec.txt-3.1"></a> + ## Circuit Padding Negotiation Circuit padding machines are advertised as "Padding" subprotocol versions @@ -93,6 +95,7 @@ If the machine_ctr does not match the current machine instance count on the circuit, the command is ignored. <a id="padding-spec.txt-3.2"></a> + ## Circuit Padding Machine Message Management Clients MAY send padding cells towards the relay before receiving the @@ -108,6 +111,7 @@ from unexpected relay sources are protocol violations, and clients MAY immediately tear down such circuits to avoid side channel risk. <a id="padding-spec.txt-3.3"></a> + ## Obfuscating client-side onion service circuit setup The circuit padding currently deployed in Tor attempts to hide client-side @@ -124,6 +128,7 @@ of general circuits. Note that inter-arrival timing is not obfuscated by this defense. <a id="padding-spec.txt-3.3.1"></a> + ### Common general circuit construction sequences Most general Tor circuits used to surf the web or download directory @@ -150,6 +155,7 @@ depend on the type of guard used and are not an effective fingerprint for a network/guard-level adversary. <a id="padding-spec.txt-3.3.2"></a> + ### Client-side onion service introduction circuit obfuscation Two circuit padding machines work to hide client-side introduction circuits: @@ -192,6 +198,7 @@ the same duration as normal web circuits before they expire (usually 10 minutes). <a id="padding-spec.txt-3.3.3"></a> + ### Client-side rendezvous circuit hiding Following a similar argument as for intro circuits, we are aiming for padded @@ -232,6 +239,7 @@ general circuits (their purpose is to surf the web), we can expect that they will look alike. <a id="padding-spec.txt-3.3.4"></a> + ### Circuit setup machine overhead For the intro circuit case, we see that the origin-side machine just sends a @@ -243,6 +251,7 @@ For the rend circuit case, this machine is quite light. Both sides send 2 padding cells, for a total of 4 padding cells. <a id="padding-spec.txt-3.4"></a> + ## Circuit padding consensus parameters The circuit padding system has a handful of consensus parameters that can @@ -278,4 +287,3 @@ at relays and clients. before padding stops being sent on that circuit. - Default: CIRCWINDOW_START_MAX (1000) ``` - |