Logo image
Back
An improved clock-skew measurement technique for revealing hidden services
Conference paper   Open access

An improved clock-skew measurement technique for revealing hidden services

S. Zander and S.J. Murdoch
17th conference on Security symposium (SS '08) (San Jose, CA, 28/07/2008–01/08/2008)
2008
pdf
usenix08clockskew.pdfDownloadView
Open Access
url
Link to Published Version *Subscription may be requiredView

Abstract

The Tor anonymisation network allows services, such as web servers, to be operated under a pseudonym. In previous work Murdoch described a novel attack to reveal such hidden services by correlating clock skew changes with times of increased load, and hence temperature. Clock skew measurement suffers from two main sources of noise: network jitter and timestamp quantisation error. Depending on the target's clock frequency the quantisation noise can be orders of magnitude larger than the noise caused by typical network jitter. Quantisation noise limits the previous attacks to situations where a high frequency clock is available. It has been hypothesised that by synchronising measurements to the clock ticks, quantisation noise can be reduced. We show how such synchronisation can be achieved and maintained, despite network jitter. Our experiments show that synchronised sampling significantly reduces the quantisation error and the remaining noise only depends on the network jitter (but not clock frequency). Our improved skew estimates are up to two magnitudes more accurate for low-resolution timestamps and up to one magnitude more accurate for high-resolution timestamps, when compared to previous random sampling techniques. The improved accuracy not only allows previous attacks to be executed faster and with less network traffic but also opens the door to previously infeasible attacks on low-resolution clocks, including measuring skew of a HTTP server over the anonymous channel.

Details

Metrics

41 File views/ downloads
47 Record Views
Logo image