ABSTRACT
We present the first analysis of the popular Tor anonymity network that indicates the security of typical users against reasonably realistic adversaries in the Tor network or in the underlying Internet. Our results show that Tor users are far more susceptible to compromise than indicated by prior work. Specific contributions of the paper include(1)a model of various typical kinds of users,(2)an adversary model that includes Tor network relays, autonomous systems(ASes), Internet exchange points (IXPs), and groups of IXPs drawn from empirical study,(3) metrics that indicate how secure users are over a period of time,(4) the most accurate topological model to date of ASes and IXPs as they relate to Tor usage and network configuration,(5) a novel realistic Tor path simulator (TorPS), and(6)analyses of security making use of all the above. To show that our approach is useful to explore alternatives and not just Tor as currently deployed, we also analyze a published alternative path selection algorithm, Congestion-Aware Tor. We create an empirical model of Tor congestion, identify novel attack vectors, and show that it too is more vulnerable than previously indicated.
- 0x539 Dev Group. Gobby: A Collaborative Text Editor.http://gobby.0x539.de, 2013.Google Scholar
- T. G. Abbott, K. J. Lai, M. R. Lieberman, and E. C. Price. Browser-Based Attacks on Tor. In Privacy Enhancing Technologies Symposium (PETS), 2007. Google ScholarDigital Library
- M. Akhoondi, C. Yu, and H. V. Madhyastha. LASTor: A Low-Latency AS-Aware Tor Client. In IEEE Symposium on Security and Privacy (Oakland), 2012. Google ScholarDigital Library
- B. Augustin, B. Krishnamurthy, and W. Willinger. IXPs: Mapped? In ACM SIGCOMM Conference on Internet Measurement (IMC), November 2009. Google ScholarDigital Library
- S. L. Blond, P. Manils, A. Chaabane, M. A. Kaafar, A. Legout, C. Castellucia, and W. Dabbous. De-anonymizing BitTorrent Users on Tor (poster). In USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2010.Google Scholar
- N. Borisov, G. Danezis, P. Mittal, and P. Tabriz. Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity. In ACM Conference on Computer and Communications Security (CCS), 2007. Google ScholarDigital Library
- X. Cai, J. Heidemann, B. Krishnamurthy, and W. Willinger. Towards an AS-to-organization Map. In Internet Measurement Conference, 2010. Google ScholarDigital Library
- X. Cai, X. C. Zhang, B. Joshi, and R. Johnson. Touching from a Distance: Website Fingerprinting Attacks and Defenses. In ACM Conference on Computer and Communications Security (CCS), 2012. Google ScholarDigital Library
- CAIDA. IPv4 Routed /24 Topology Dataset. http://www.caida.org/data/active/ipv4_routed_24_topology_dataset.xml, December 2012.Google Scholar
- CAIDA. The CAIDA AS Relationships Dataset. http://www.caida.org/data/active/ as-relationships/, June 2012.Google Scholar
- D. L. Chaum. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM, 24(2):84--90, 1981. Google ScholarDigital Library
- C. Díaz, S. Seys, J. Claessens, and B. Preneel. Towards Measuring Anonymity. In Privacy Enhancing Technologies (PET), 2003. Google ScholarDigital Library
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In USENIX Security Symposium (USENIX), 2004. Google ScholarDigital Library
- P. Eckersley. How Unique is Your Browser? In Privacy Enhancing Technologies Symposium (PETS), 2010. Google ScholarDigital Library
- M. Edman and P. Syverson. AS-Awareness in Tor Path Selection. In ACM Conference on Computer and Communications Security (CCS), 2009. Google ScholarDigital Library
- T. Elahi, K. Bauer, M. AlSabah, R. Dingledine, and I. Goldberg. Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor. In ACM Workshop on Privacy in the Electronic Society (WPES), 2012. Google ScholarDigital Library
- Equinix. Equinix Internet Exchange Enables Efficient Interconnection between Hundreds of Networks. http://www.equinix.com/solutions/by-services/interconnection/exchanges/equinix-internet-exchange/.Google Scholar
- N. S. Evans, R. Dingledine, and C. Grothoff. A Practical Congestion Attack on Tor using Long Paths. In USENIX Security Symposium (USENIX), 2009. Google ScholarDigital Library
- N. Feamster and R. Dingledine. Location Diversity in Anonymity Networks. In ACM Workshop on Privacy in the Electronic Society (WPES), 2004. Google ScholarDigital Library
- J. Feigenbaum, A. Johnson, and P. Syverson. Probabilistic Analysis of Onion Routing in a Black-box Model. ACM Transactions on Information and System Security (TISSEC), 15(3):14:1--14:28, 2012. Google ScholarDigital Library
- L. Gao. On Inferring Autonomous System Relationships in the Internet. In IEEE/ACM Transactions on Networking, volume 9, pages 733--745, December 2001. Google ScholarDigital Library
- S. Hahn and K. Loesing. Privacy-preserving Ways to Estimate the Number of Tor Users, November 2010. Available at https://metrics.torproject.org/papers/countingusers-2010--11--30.pdf.Google Scholar
- A. Hamel, J.-C. Grégoire, and I. Goldberg. The Misentropists: New Approaches to Measures in Tor. Technical Report 2011--18, Cheriton School of Computer Science, University of Waterloo, 2011.Google Scholar
- N. Hopper, E. Y. Vasserman, and E. Chan-Tin. How Much Anonymity Does Network Latency Leak? ACM Transactions on Information and System Security (TISSEC), 13(2):13, 2010. Google ScholarDigital Library
- R. Jansen and N. Hopper. Shadow: Running Tor in a Box for Accurate and Efficient Experimentation. In Network and Distributed System Security Symposium (NDSS), 2012.Google Scholar
- R. Jansen, K. Bauer, N. Hopper, and R. Dingledine. Methodically modeling the tor network. In USENIX Workshop on Cyber Security Experimentation and Test (CSET), August 2012. Google ScholarDigital Library
- A. Johnson, P. Syverson, R. Dingledine, and N. Mathewson. Trust-based anonymous communication: Adversary models and routing algorithms. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), pages 175--186. ACM, 2011. Google ScholarDigital Library
- J. P. J. Juen. Protecting Anonymity in the Presence of Autonomous System and Internet Exchange Level Adversaries. Master's thesis, University of Illinois, 2012.Google Scholar
- S. J. Murdoch and G. Danezis. Low-Cost Traffic Analysis of Tor. In IEEE Symposium on Security and Privacy (Oakland), 2005. Google ScholarDigital Library
- S. J. Murdoch and P. Zielinski. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries. In Privacy Enhancing Technologies (PET), 2007. Google ScholarDigital Library
- Office of Engineering and Technology and Consumer and Governmental Affairs Bureau. A Report on Consumer Wireline Broadband Performance in the U.S. Technical report, Federal Communications Commission, February 2013.Google Scholar
- L. Øverlier and P. Syverson. Locating Hidden Servers. In IEEE Symposium on Security and Privacy (Oakland), 2006. Google ScholarDigital Library
- J. Qiu and L. Gao. AS Path Inference by Exploiting Known AS Paths. In Global Telecommunications Conference, 2006.Google Scholar
- A. Serjantov and G. Danezis. Towards an Information Theoretic Metric for Anonymity. In Privacy Enhancing Technologies (PET), 2003. Google ScholarDigital Library
- M. Sherr, M. Blaze, and B. T. Loo. Scalable Link-Based Relay Selection for Anonymous Routing. In Privacy Enhancing Technologies Symposium (PETS), August 2009. Google ScholarDigital Library
- R. Smits, D. Jain, S. Pidcock, I. Goldberg, and U. Hengartner. BridgeSPA: Improving Tor Bridges with Single Packet Authorization. In ACM Workshop on Privacy in the Electronic Society (WPES), 2011. Google ScholarDigital Library
- P. Syverson. Why I'm not an Entropist. In International Workshop on Security Protocols, 2009.Google Scholar
- P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an Analysis of Onion Routing Security. In Designing Privacy Enhancing Technologies, 2000. Google ScholarDigital Library
- The Tor Project. Changelog Tor 0.2.4.12-alpha. https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=ChangeLog.Google Scholar
- Tor Project, Inc. Tor Metrics Portal. https://metrics.torproject.org/, 2013.Google Scholar
- Tor Project, Inc. The Tor Project. https://www.torproject.org/, 2013.Google Scholar
- TorPS. TorPS: The Tor Path Simulator. http://torps.github.io, 2013.Google Scholar
- University of Oregon. RouteViews Project. http://www. routeviews.org/, 2013.Google Scholar
- C. Wacek, H. Tan, K. Bauer, and M. Sherr. An Empirical Evaluation of Relay Selection in Tor. In Network and Distributed System Security Symposium (NDSS), 2013.Google Scholar
- T. Wang, K. Bauer, C. Forero, and I. Goldberg. Congestionaware Path Selection for Tor. In Financial Cryptography and Security (FC), 2012.Google ScholarCross Ref
- L. Wasserman. All of Nonparametric Statistics (Springer Texts in Statistics). Springer-Verlag New York, Inc., Secaucus, NJ, USA, 2006. Google ScholarDigital Library
- M. Wright, M. Adler, B. N. Levine, and C. Shields. The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC), 4(7):489--522, November 2004. Google ScholarDigital Library
Index Terms
- Users get routed: traffic correlation on tor by realistic adversaries
Recommendations
How to Find Hidden Users: A Survey of Attacks on Anonymity Networks
Communication privacy has been a growing concern, particularly with the Internet becoming a major hub of our daily interactions. Revelations of government tracking and corporate profiling have resulted in increasing interest in anonymous communication ...
On Evaluating Anonymity of Onion Routing
Selected Areas in CryptographyAbstractAnonymous communication networks (ACNs) aim to thwart an adversary, who controls or observes chunks of the communication network, from determining the respective identities of two communicating parties. We focus on low-latency ACNs such as Tor, ...
Certificateless onion routing
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityOnion routing protocols allow users to establish anonymous channels to preserve their privacy over a public network. Several protocols implementing this primitive have been proposed in recent years, and TOR, a real-life implementation, provides an onion ...
Comments