Silk Road forums

Discussion => Security => Topic started by: weedhead on April 02, 2012, 03:58 am

Title: TOR timing attacks
Post by: weedhead on April 02, 2012, 03:58 am
About 3 or 4 days ago, I noticed my system time was acting funny.  I had noticed how tails adjusted the time to UTC since it had no way to tell what timezone I am in, and that's cool.  One day however, after tails would set the system time, it would not remain across boots.  Furthermore, I noticed that after initially connecting to the internet, tails would ALWAYS set my time to 1:30AM for a small amount of time, and then to the correct UTC time.

I'm concerned that LEO may be trying some timing attacks as described below:

"TLS attacks

Various deviations of system time can be detected in TLS traffic (e.g. HTTPS traffic). Attacker can modify system time of the target computer (or group of them) via NTP and easily trace TLS connections from anonymous network. "

from : http://www.forensicswiki.org/wiki/The_Onion_Router

Seems like an NTP Man in the Middle attack would be able to accomplish this..?
Title: Re: TOR timing attacks
Post by: What-A-deaL on April 02, 2012, 04:32 am
I noticed the same thing on my computer as well but I had/have no idea this was a security concern. Im a pretty paranoid person and this place is the shit, but scary at the same time.

Any more info on this would be appreciated by me as well.
Title: Re: TOR timing attacks
Post by: envious on April 02, 2012, 04:38 am
or the more logical explanation... tails is a piece of shit.
Title: Re: TOR timing attacks
Post by: ProudCannabian on April 02, 2012, 05:23 am
I don't use tails either... if it will save settings, turn off automatic time updates.
Title: Re: TOR timing attacks
Post by: QTC on April 02, 2012, 02:12 pm
This is normal behavior for amnesia. https://tails.boum.org/contribute/design/Time_syncing/ Authority consensus can't be validated if there's too much clock skew so Tor will shit a brick.
Title: Re: TOR timing attacks
Post by: lex on April 02, 2012, 02:16 pm
Guys please, it's "Tor", not "TOR", you can even check on the official Tor website or Wikipedia.
Title: Re: TOR timing attacks
Post by: Prawl42 on April 02, 2012, 03:28 pm
or the more logical explanation... tails is a piece of shit.

haha made me laugh :)
Title: Re: TOR timing attacks
Post by: Addy on April 03, 2012, 04:52 pm
Guys please, it's "Tor", not "TOR", you can even check on the official Tor website or Wikipedia.
It's an abbreviation for the name of something, so it's understandable why people like to capitalize it. Sure, it's technically "Tor," but it's also technically "Lego bricks" and not "Legos," yet tons of people use the latter. It's not a big deal.
Title: Re: TOR timing attacks
Post by: mdmamail on April 03, 2012, 05:15 pm
Tails has problems with time setting if riseup servers or the tails servers are down, no big deal
More likley a timing attack would be somebody in control of this site, or your email noting the time when you logged in, then getting your ISP records showing you connecting to Tor at that same time, over a period of six months. If you had a shitty lawyer that didn't know anything about Tor could be a problem.

Use a bridge, press tab and boot tails in bridge mode or if extremely paranoid use Obfsproxy though it's mainly reserved for democracy activists. Can also use a Tor socks proxy there's plenty you can buy for bitcoins

Title: Re: TOR timing attacks
Post by: kmfkewm on April 03, 2012, 05:31 pm
or the more logical explanation... tails is a piece of shit.

haha made me laugh :)

It's funny because its true
Title: Re: TOR timing attacks
Post by: sourman on April 03, 2012, 05:40 pm
Timing attacks don't rely on your system time. All they have to do is watch the server they suspect you of connecting to while simultaneously monitoring your internet connection. If they see an incoming connection to the server at around the same time your internet connection shows corresponding activity on the Tor network, they now have one more reason to raid your ass.

The best defense is driving around a big city in a car while hoping onto random hotspots using a different local MAC address each time. Combine this with (relatively) private Tor bridges and you should be good.