Author: firstname.lastname@example.org Date: To: tails-dev, Sirus Sh, Patrick Schleizer Subject: [Tails-dev] Induced Inter-Packet Latency, Countermeasures
Reposting here for more exposure as intrigeri advised. Updated with new
Hi Whonix dev here. We are currently working on tackling multiple side
and covert channels of TCP which was inspired by your previous research
and solution for TCP Timestamps. I would appreciate your help in
thinking about and testing the suggested mitigation for an attack
related to CPU load effect on inter-packet timing.
A Tor user posted an attack he discovered about possibility of
influencing packet latency (ping in this case) by manipulating CPU load
thanks to CPU powersaving features (C-states). An attacker would easily
use this as a covert channel to deanonymize users:
Fast forward years later, I am revisiting this with a fresh
perspective and manage to find a utility on Linux and that’s packaged in
Debian that readily induces package delays on a chosen interface.
tc-netem part of the iproute2 suite does what we need using Kernel
Turns out the Tor Project had this same attack on their radar, but they
are swamped with lots of more urgent tasks. What remains is to come up
with the right parameters for tc that provide measurable protection
against this attack while not disrupting network performance. The math
behind the defenses and testing that they work is admittedly above my
pay grade. I hope to kickstart the conversation here with capable minds
who can collaborate with them and fix this.