Hot or Not: Revealing Hidden Services by their Clock Skew

Location-hidden services, as offered by anonymity systems such as Tor, allow servers to be operated under a pseudonym. As Tor is an overlay network, servers hosting hidden services are accessible both directly and over the anonymous chan- nel. Traffic patterns through one channel have observable effects on the other, thus allowing a service's pseudonymous identity and IP address to be linked. One proposed solution to this vulnerability is for Tor nodes to provide fixed qual- ity of service to each connection, regardless of other traf- fic, thus reducing capacity but resisting such interference attacks. However, even if each connection does not influ- ence the others, total throughput would still affect the load on the CPU, and thus its heat output. Unfortunately for anonymity, the result of temperature on clock skew can be remotely detected through observing timestamps. This at- tack works because existing abstract models of anonymity- network nodes do not take into account the inevitable im- perfections of the hardware they run on. Furthermore, we suggest the same technique could be exploited as a classical covert channel and can even provide geolocation.

http://www.lightbluetouchpaper.org/2006/09/04/hot-or-not-revealing-hidden-services-by-their-clock-skew/

http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf


Comments


[1 Points] ciphersexual:

How would an attacker get the set of IP addresses to compare to the hidden service under the clock skew attack?


[1 Points] wormsely100:

The threat of this attack is non-existent.


[1 Points] None:

Wut bout clock jitter?

Separating read clock "skew" into spatial clock skew and jitter is quite difficult.