research-article

Users get routed: traffic correlation on tor by realistic adversaries

Authors:
Aaron Johnson

U.S. Naval Research Laboratory, Washington, D.C., USA

U.S. Naval Research Laboratory, Washington, D.C., USA
View Profile

,
Chris Wacek

Georgetown University, Washington, D.C., USA

Georgetown University, Washington, D.C., USA
View Profile

,
Rob Jansen

U.S. Naval Research Laboratory, Washington, D.C., USA

U.S. Naval Research Laboratory, Washington, D.C., USA
View Profile

,
Micah Sherr

Georgetown University, Washington, D.C., USA

Georgetown University, Washington, D.C., USA
View Profile

,
Paul Syverson

U.S. Naval Research Laboratory, Washington, D.C., USA

U.S. Naval Research Laboratory, Washington, D.C., USA
View Profile

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityNovember 2013Pages 337–348https://doi.org/10.1145/2508859.2516651

Published:04 November 2013Publication History

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 337–348

ABSTRACT

We present the first analysis of the popular Tor anonymity network that indicates the security of typical users against reasonably realistic adversaries in the Tor network or in the underlying Internet. Our results show that Tor users are far more susceptible to compromise than indicated by prior work. Specific contributions of the paper include(1)a model of various typical kinds of users,(2)an adversary model that includes Tor network relays, autonomous systems(ASes), Internet exchange points (IXPs), and groups of IXPs drawn from empirical study,(3) metrics that indicate how secure users are over a period of time,(4) the most accurate topological model to date of ASes and IXPs as they relate to Tor usage and network configuration,(5) a novel realistic Tor path simulator (TorPS), and(6)analyses of security making use of all the above. To show that our approach is useful to explore alternatives and not just Tor as currently deployed, we also analyze a published alternative path selection algorithm, Congestion-Aware Tor. We create an empirical model of Tor congestion, identify novel attack vectors, and show that it too is more vulnerable than previously indicated.

References

0x539 Dev Group. Gobby: A Collaborative Text Editor.http://gobby.0x539.de, 2013.Google Scholar
T. G. Abbott, K. J. Lai, M. R. Lieberman, and E. C. Price. Browser-Based Attacks on Tor. In Privacy Enhancing Technologies Symposium (PETS), 2007. Google ScholarDigital Library
M. Akhoondi, C. Yu, and H. V. Madhyastha. LASTor: A Low-Latency AS-Aware Tor Client. In IEEE Symposium on Security and Privacy (Oakland), 2012. Google ScholarDigital Library
B. Augustin, B. Krishnamurthy, and W. Willinger. IXPs: Mapped? In ACM SIGCOMM Conference on Internet Measurement (IMC), November 2009. Google ScholarDigital Library
S. L. Blond, P. Manils, A. Chaabane, M. A. Kaafar, A. Legout, C. Castellucia, and W. Dabbous. De-anonymizing BitTorrent Users on Tor (poster). In USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2010.Google Scholar
N. Borisov, G. Danezis, P. Mittal, and P. Tabriz. Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity. In ACM Conference on Computer and Communications Security (CCS), 2007. Google ScholarDigital Library
X. Cai, J. Heidemann, B. Krishnamurthy, and W. Willinger. Towards an AS-to-organization Map. In Internet Measurement Conference, 2010. Google ScholarDigital Library
X. Cai, X. C. Zhang, B. Joshi, and R. Johnson. Touching from a Distance: Website Fingerprinting Attacks and Defenses. In ACM Conference on Computer and Communications Security (CCS), 2012. Google ScholarDigital Library
CAIDA. IPv4 Routed /24 Topology Dataset. http://www.caida.org/data/active/ipv4_routed_24_topology_dataset.xml, December 2012.Google Scholar
CAIDA. The CAIDA AS Relationships Dataset. http://www.caida.org/data/active/ as-relationships/, June 2012.Google Scholar
D. L. Chaum. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM, 24(2):84--90, 1981. Google ScholarDigital Library
C. Díaz, S. Seys, J. Claessens, and B. Preneel. Towards Measuring Anonymity. In Privacy Enhancing Technologies (PET), 2003. Google ScholarDigital Library
R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In USENIX Security Symposium (USENIX), 2004. Google ScholarDigital Library
P. Eckersley. How Unique is Your Browser? In Privacy Enhancing Technologies Symposium (PETS), 2010. Google ScholarDigital Library
M. Edman and P. Syverson. AS-Awareness in Tor Path Selection. In ACM Conference on Computer and Communications Security (CCS), 2009. Google ScholarDigital Library
T. Elahi, K. Bauer, M. AlSabah, R. Dingledine, and I. Goldberg. Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor. In ACM Workshop on Privacy in the Electronic Society (WPES), 2012. Google ScholarDigital Library
Equinix. Equinix Internet Exchange Enables Efficient Interconnection between Hundreds of Networks. http://www.equinix.com/solutions/by-services/interconnection/exchanges/equinix-internet-exchange/.Google Scholar
N. S. Evans, R. Dingledine, and C. Grothoff. A Practical Congestion Attack on Tor using Long Paths. In USENIX Security Symposium (USENIX), 2009. Google ScholarDigital Library
N. Feamster and R. Dingledine. Location Diversity in Anonymity Networks. In ACM Workshop on Privacy in the Electronic Society (WPES), 2004. Google ScholarDigital Library
J. Feigenbaum, A. Johnson, and P. Syverson. Probabilistic Analysis of Onion Routing in a Black-box Model. ACM Transactions on Information and System Security (TISSEC), 15(3):14:1--14:28, 2012. Google ScholarDigital Library
L. Gao. On Inferring Autonomous System Relationships in the Internet. In IEEE/ACM Transactions on Networking, volume 9, pages 733--745, December 2001. Google ScholarDigital Library
S. Hahn and K. Loesing. Privacy-preserving Ways to Estimate the Number of Tor Users, November 2010. Available at https://metrics.torproject.org/papers/countingusers-2010--11--30.pdf.Google Scholar
A. Hamel, J.-C. Grégoire, and I. Goldberg. The Misentropists: New Approaches to Measures in Tor. Technical Report 2011--18, Cheriton School of Computer Science, University of Waterloo, 2011.Google Scholar
N. Hopper, E. Y. Vasserman, and E. Chan-Tin. How Much Anonymity Does Network Latency Leak? ACM Transactions on Information and System Security (TISSEC), 13(2):13, 2010. Google ScholarDigital Library
R. Jansen and N. Hopper. Shadow: Running Tor in a Box for Accurate and Efficient Experimentation. In Network and Distributed System Security Symposium (NDSS), 2012.Google Scholar
R. Jansen, K. Bauer, N. Hopper, and R. Dingledine. Methodically modeling the tor network. In USENIX Workshop on Cyber Security Experimentation and Test (CSET), August 2012. Google ScholarDigital Library
A. Johnson, P. Syverson, R. Dingledine, and N. Mathewson. Trust-based anonymous communication: Adversary models and routing algorithms. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), pages 175--186. ACM, 2011. Google ScholarDigital Library
J. P. J. Juen. Protecting Anonymity in the Presence of Autonomous System and Internet Exchange Level Adversaries. Master's thesis, University of Illinois, 2012.Google Scholar
S. J. Murdoch and G. Danezis. Low-Cost Traffic Analysis of Tor. In IEEE Symposium on Security and Privacy (Oakland), 2005. Google ScholarDigital Library
S. J. Murdoch and P. Zielinski. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries. In Privacy Enhancing Technologies (PET), 2007. Google ScholarDigital Library
Office of Engineering and Technology and Consumer and Governmental Affairs Bureau. A Report on Consumer Wireline Broadband Performance in the U.S. Technical report, Federal Communications Commission, February 2013.Google Scholar
L. Øverlier and P. Syverson. Locating Hidden Servers. In IEEE Symposium on Security and Privacy (Oakland), 2006. Google ScholarDigital Library
J. Qiu and L. Gao. AS Path Inference by Exploiting Known AS Paths. In Global Telecommunications Conference, 2006.Google Scholar
A. Serjantov and G. Danezis. Towards an Information Theoretic Metric for Anonymity. In Privacy Enhancing Technologies (PET), 2003. Google ScholarDigital Library
M. Sherr, M. Blaze, and B. T. Loo. Scalable Link-Based Relay Selection for Anonymous Routing. In Privacy Enhancing Technologies Symposium (PETS), August 2009. Google ScholarDigital Library
R. Smits, D. Jain, S. Pidcock, I. Goldberg, and U. Hengartner. BridgeSPA: Improving Tor Bridges with Single Packet Authorization. In ACM Workshop on Privacy in the Electronic Society (WPES), 2011. Google ScholarDigital Library
P. Syverson. Why I'm not an Entropist. In International Workshop on Security Protocols, 2009.Google Scholar
P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an Analysis of Onion Routing Security. In Designing Privacy Enhancing Technologies, 2000. Google ScholarDigital Library
The Tor Project. Changelog Tor 0.2.4.12-alpha. https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=ChangeLog.Google Scholar
Tor Project, Inc. Tor Metrics Portal. https://metrics.torproject.org/, 2013.Google Scholar
Tor Project, Inc. The Tor Project. https://www.torproject.org/, 2013.Google Scholar
TorPS. TorPS: The Tor Path Simulator. http://torps.github.io, 2013.Google Scholar
University of Oregon. RouteViews Project. http://www. routeviews.org/, 2013.Google Scholar
C. Wacek, H. Tan, K. Bauer, and M. Sherr. An Empirical Evaluation of Relay Selection in Tor. In Network and Distributed System Security Symposium (NDSS), 2013.Google Scholar
T. Wang, K. Bauer, C. Forero, and I. Goldberg. Congestionaware Path Selection for Tor. In Financial Cryptography and Security (FC), 2012.Google ScholarCross Ref
L. Wasserman. All of Nonparametric Statistics (Springer Texts in Statistics). Springer-Verlag New York, Inc., Secaucus, NJ, USA, 2006. Google ScholarDigital Library
M. Wright, M. Adler, B. N. Levine, and C. Shields. The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC), 4(7):489--522, November 2004. Google ScholarDigital Library

Index Terms

Users get routed: traffic correlation on tor by realistic adversaries
1. Security and privacy
  1. Network security

Recommendations

How to Find Hidden Users: A Survey of Attacks on Anonymity Networks
Communication privacy has been a growing concern, particularly with the Internet becoming a major hub of our daily interactions. Revelations of government tracking and corporate profiling have resulted in increasing interest in anonymous communication ...
Read More
On Evaluating Anonymity of Onion Routing
Selected Areas in Cryptography
Abstract
Anonymous communication networks (ACNs) aim to thwart an adversary, who controls or observes chunks of the communication network, from determining the respective identities of two communicating parties. We focus on low-latency ACNs such as Tor, ...
Read More
Certificateless onion routing
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Onion routing protocols allow users to establish anonymous channels to preserve their privacy over a public network. Several protocols implementing this primitive have been proposed in recent years, and TOR, a real-life implementation, provides an onion ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
November 2013
1530 pages
ISBN:9781450324779
DOI:10.1145/2508859
General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 4 November 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
anonymity
metrics
onion routing
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '13 Paper Acceptance Rate105of530submissions,20%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 159
  Total Citations
  View Citations
- 1,408
  Total Downloads
- Downloads (Last 12 months)129
- Downloads (Last 6 weeks)16
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Users get routed: traffic correlation on tor by realistic adversaries

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

How to Find Hidden Users: A Survey of Attacks on Anonymity Networks

On Evaluating Anonymity of Onion Routing

Certificateless onion routing