Feature #6581

Write bits about TCP timestamps in Tails design documentation

Added by intrigeri 2014-01-07 15:11:03 . Updated 2014-07-28 19:47:00 .

Status:
Resolved
Priority:
Normal
Assignee:
intrigeri
Category:
Target version:
Start date:
2014-01-07
Due date:
% Done:

100%

Feature Branch:
feature/6579-disable-tcp-timestamps
Type of work:
Research
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

As discussed in the “Risks of enabled/disabled TCP timestamps?” thread on tails-dev, we might want to disable TCP timestamps just to be on the safe side, but stating exactly what kind of attacks this would protect against is not that clear.

As intrigeri put it:

> I’m still not convinced we can put statements as bold as “tracking the
> clock down to the millisecond” in there, without thinking a bit about
> how an attacker is affected by the network lag between the time a TCP
> timestamp was created, and the time when they get to see the packet.
>
> I mean, I’m weak at stats and all and you probably know better, but
> learning that “some unknown time ago, the system clock was T with
> a millisecond precision” does not really give me the current system
> clock with a millisecond precision, does it?

Hence, marking as a research task to start with, and we can turn it into a documentation one once we’ve got the needed data.


Subtasks


Related issues

Blocked by Tails - Feature #6580: Build and test Tails ISO with TCP timestamps disabled Resolved 2014-01-07

History

#1 Updated by ioerror 2014-07-27 14:40:55

intrigeri wrote:
> As discussed in the “Risks of enabled/disabled TCP timestamps?” thread on tails-dev, we might want to disable TCP timestamps just to be on the safe side, but stating exactly what kind of attacks this would protect against is not that clear.

OK.

>
> As intrigeri put it:
>
> > I’m still not convinced we can put statements as bold as “tracking the
> > clock down to the millisecond” in there, without thinking a bit about
> > how an attacker is affected by the network lag between the time a TCP
> > timestamp was created, and the time when they get to see the packet.
> >

I think we should say something like the following:
“TCP time stamps allow for tracking clock information with millisecond resolution. This may or may not allow an attacker to learn information about the system clock at such a resolution, depending on various issues such as network lag.”

> > I mean, I’m weak at stats and all and you probably know better, but
> > learning that “some unknown time ago, the system clock was T with
> > a millisecond precision” does not really give me the current system
> > clock with a millisecond precision, does it?
>
> Hence, marking as a research task to start with, and we can turn it into a documentation one once we’ve got the needed data.

I think that it leaks that information and that is clear - I don’t think we need to try to model the attacks in depth at this point. Does what I wrote above provide enough for us to ship the changes?

#2 Updated by intrigeri 2014-07-27 15:20:09

  • Assignee set to intrigeri
  • Target version set to Tails_1.2
  • % Done changed from 0 to 20
  • QA Check set to Ready for QA

Thanks! I’ll look at it later and will ask if I need more information.

#3 Updated by intrigeri 2014-07-27 15:21:24

  • Status changed from Confirmed to In Progress

#4 Updated by intrigeri 2014-07-28 18:44:02

  • Feature Branch set to feature/6579-disable-tcp-timestamps

#5 Updated by intrigeri 2014-07-28 19:47:00

  • Status changed from In Progress to Resolved
  • % Done changed from 20 to 100
  • QA Check changed from Ready for QA to Pass