{{Header}}
{{title|title=
TCP ISN CPU Information Leak Protection
}}
{{#seo:
|description=Overview of a Linux TCP Initial Sequence Number (ISN) side-channel information leak and how <code>tirdad</code> helps mitigate it by randomizing TCP ISNs.
}}
{{intro|
This page explains a Linux TCP Initial Sequence Number (ISN) side-channel information leak and introduces <code>tirdad</code>, a kernel module that helps mitigate it by randomizing TCP ISNs.
}}
= TCP ISN CPU Information Leaks =
{{IntroLike|
* <u>Issue summary:</u> The Linux kernel has a side-channel information leak bug that can leak information through outgoing TCP traffic. This can allow side-channel attacks because sensitive information about a system's CPU activity may be inferred remotely.
}}

* <u>Why it matters:</u> This may be particularly dangerous for long-running cryptographic operations.
* <u>Real-world impact:</u> Research has demonstrated that related techniques can be used for de-anonymization of location-hidden services. <ref>
* <u>Research paper:</u> {{ExtLink
|https://murdoch.is/papers/ccs06hotornot.pdf
|text=Hot or Not: Revealing Hidden Services by their Clock Skew (ccs06hotornot.pdf)
|https://web.archive.org/web/20130205021944/https://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf
}}
* <u>Slides:</u> {{ExtLink
|https://web.archive.org/web/20130429084306/http://caia.swin.edu.au/talks/CAIA-TALK-080728A.pdf
|text=An Improved Clock-skew Measurement Technique for Revealing Hidden Services (CAIA-TALK-080728A.pdf)
|https://web.archive.org/web/20130429084306/http://caia.swin.edu.au/talks/CAIA-TALK-080728A.pdf
}}
* <u>Research paper:</u> {{ExtLink
|https://murdoch.is/papers/ih05coverttcp.pdf
|text=Embedding Covert Channels into TCP/IP (ih05coverttcp.pdf)
|https://web.archive.org/web/20130326121117/http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf
}}
</ref>
* <u>Clock skew notes:</u>
** <u>Leak source:</u> Clock skew is leaked through TCP ISNs (Initial Sequence Numbers) by the Linux kernel.
** <u>Remote detection:</u> Clock skew can be remotely detected by observing ISNs.
** <u>Attack amplification:</u> Clock skew can be induced by an attacker by producing load on the victim machine.

{{quotation
|quote=What the Linux ISN leaks is the difference between two timestamps, not the timestamp itself. A difference lets you work out drift and skew, which can help someone fingerprint the computer hardware, its environment and load. Of course that only works if you can probe a computer, and maintain the same source/destination port and IP address.
|context=[https://gitlab.torproject.org/legacy/trac/-/issues/16659 Add research idea for Linux TCP Initial Sequence Numbers may aid correlation]: [https://gitlab.torproject.org/legacy/trac/-/issues/16659#note_2196161 comment by Steven J. Murdoch]
}}

{{quotation
|quote=... it is worth complaining to the kernel developers for the simple reason that adding the 64ns timer post-hash probably *does* leak side channels about CPU activity, and that may prove very dangerous for long-running cryptographic operations (along the lines of the hot-or-not issue). Unfortunately, someone probably needs to produce more research papers before they will listen.
|context=[https://gitlab.torproject.org/legacy/trac/-/issues/16659 Add research idea for Linux TCP Initial Sequence Numbers may aid correlation]: [https://gitlab.torproject.org/legacy/trac/-/issues/16659#note_2196153 comment by Mike Perry]
}}

* <u>Further reading:</u>
** <u>Introduction:</u> [https://bitguard.wordpress.com/2019/09/03/an-analysis-of-tcp-secure-sn-generation-in-linux-and-its-privacy-issues/ An analysis of TCP secure sequence number generation in Linux and its privacy issues].
** <u>Background discussion:</u> [https://stackoverflow.com/questions/12231623/initial-sequence-number-generation-in-linux-tcp-stack/12232126 Initial sequence number generation in Linux TCP stack]
** <u>Linux source reference:</u> [https://elixir.bootlin.com/linux/v3.16-rc1/source/net/core/secure_seq.c#L26 Linux source: secure_seq.c (v3.16-rc1)]
** <u>Forum discussion:</u> [https://forums.whonix.org/t/tcp-isns-and-temperature-induced-clock-skews/18862 TCP ISNs and temperature induced clock skews]
** <u>Forum discussion:</u> [https://forums.whonix.org/t/tcp-isn-cpu-information-leak-protection-tirdad/8552 TCP ISN CPU information leak protection (tirdad)]
** <u>IETF tcpm thread:</u> [https://mailarchive.ietf.org/arch/msg/tcpm/FzXQv-QmlQyMi-hbvGpg9uCB5Zs/ IETF: [tcpm] Security concerns with relative timestamp exposure through TCP ISNs - mailing list thread]

= Mitigation =
{{IntroLike|
TCP Initial Sequence Numbers (ISNs) randomization to help prevent TCP ISN based CPU information leaks.

<code>tirdad</code> is a kernel module to hot-patch the Linux kernel to generate random TCP Initial Sequence Numbers for IPv4 and IPv6 TCP connections.
}}

= Footnotes =
<references />

[[Category:Documentation]]
{{Footer}}