How do entry guards protect against a service location attack?
The paper Locating Hidden Servers mentions three attacks that can reveal the location of hidden servers. Among those is the service location attack. The paper states that the Tor network's use of entry guards is an effective countermeasure. How do entry guards prevent such an attack?
The short version is: If you happen to be an entry node for a hidden service, and you connect to that same hidden service, you can tell you're its entry node (and what its IP is) by correlating the traffic you're sending to the hidden service with the traffic you're sending to a client (which is the hidden service).
If hidden services didn't use guards and instead frequently picked new entrance nodes, then to locate a hidden service you'd just need to operate an entrance node and frequently connect to the hidden service you want to locate. Eventually, you would be its entry node, and you could determine which of your clients it was by simply correlating your own traffic to the HS.
Using entry guards means only a small set of not-frequently-changing nodes can perform this kind of attack.
The long version is: read the 2013 paper linked above, and the "hidden services need some love" Tor Project blog post. (And don't rely on hidden services alone in a life or death situation!)
+1 for your simplified explanation. Can you link the two items you mentioned in your final paragraph. I don't seem to have editing ability yet, else I'd do it for you. Thanks!