1 / 20

Attacks on Low-Latency Anonymous Network: TOR

Attacks on Low-Latency Anonymous Network: TOR. Overview. Basic concepts of anonymous network Tor Principals “ Low-Cost Traffic Analysis of Tor ” Steven J.Murdoch, George Danezis, May 2005 IEEE Symposium on Security and Privacy

Download Presentation

Attacks on Low-Latency Anonymous Network: TOR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Attacks on Low-Latency Anonymous Network: TOR

  2. Overview • Basic concepts of anonymous network • Tor Principals • “Low-Cost Traffic Analysis of Tor” Steven J.Murdoch, George Danezis, May 2005 IEEE Symposium on Security and Privacy • “Low-Resource Routing Attacks against Anonymous Systems” Kevin Bauer, Damon McCoy, Dirk Grundwald, Tadayaoshi Konho, Douglas Sicker. University of Colorado at Boulder. Technical Report, Feb 2007

  3. Basic concepts of Anonymous Network • What do we want to hide? • sender anonymity: attacker cannot determine who the sender of a particular message is • receiver anonymity: attacker cannot determine who the intended receiver of a particular message is • Unlinkability: attacker may determine senders and receivers but not the associations between them (attacker doesn’t know who communicates with whom) • From whom do we want to hide this? • communication partner (sender anonymity) • external attackers: local eavesdropper (sniffing on a particular link (e.g., LAN)), global eavesdropper (observing traffic in the whole network) • internal attackers

  4. Types of Anonymous Network • Mix-Based Anonymous Network • Anonymizer • Crowds • Onion Routing and Tor • Etc • DC Network(Dining Cryptographers) • Herbivore • P5

  5. The Onion Routing R2 R4 Alice R3 Bob R1 {M}pk(B) {B,k4}pk(R4),{ }k4 {R4,k3}pk(R3),{ }k3 {R3,k2}pk(R2),{ }k2 {R2,k1}pk(R1),{ }k1 Routing info for each link encrypted with router’s public key Each router learns only the identity of the next router

  6. Overview of architecture long-term socket connections application (initiator) onion router application (responder) exit funnel - demultiplexes connections from the OR network - opens connection to responder application and reports a one byte status msg back to the application proxy onion proxy - opens the anonymous connection via the OR network - encrypts/decrypts data entry funnel - multiplexes connections from onion proxies

  7. Low-Cost Traffic Analysis of Tor • Vulnerable Point • Not using batching strategy due to low-latency requirement(no mixing) • Cells are sent out round robin fashion(the higher load on the node, the higher the latency ) • Attack on Vulnerable Point • Use corrupted Tor node • By using corrupted Tor node, create a connection passing through another node Tor node whose traffic will be measured • Send data modulated very specific traffic pattern • Correlate the latency at destination with traffic pattern

  8. Low-Cost Traffic Analysis of Tor • Correlation Calculation • Template function from corrupted server: • Correlation: where L(t) is measured latency of the target Tor node(microsec). L’(t) is normalized version of latency calculated by dividing L(t) by means of all samples

  9. Attack Setup application (initiator) onion router Corrupted application (responder) Traffic measurement long-term socket connections corrupted router • Corrupted node(router) generates very specific traffic pattern • Corrupted responder correlates the latency with that specific traffic pattern

  10. Experimental Result

  11. Low Resource Routing Attack Against Anonymous Systems • Vulnerable Point on Tor • Attack on Vulnerable Point • Experimental setup • Experimental result

  12. Vulnerable Point • Circuit(path) contains three onion routers(by default) through the Tor network from onion proxy to desired destination server • Due to requirement of low-latency • In previous version, 5-8 routers are selected randomly to built the circuit • Algorithm to choose onion routers in the path • Entrance Router Selection Algorithm • Non-Entrance Router Selection Algorithm

  13. Algorithm to choose onion routers in the path • Entrance Router Selection Algorithm works by automatically selecting set of routers that are marked by the trusted directory servers as being “fast” and “stable”. • Definition for “fast”: bandwidth above median of all bandwidth of all routers • Definition for “stable”: uptime above median of all uptime of all routers

  14. Algorithm to choose onion routers in the path • Non-Entrance Router Selection Algorithm • Select non-entrance node with higher bandwidth and higher uptime to optimize onion routing, while not always choosing best node every time • More bandwidth and higher stability are used most often • The probability that i’th router is chosen is approximately: where bi is the bandwidth advertised by node i

  15. Attack on Vulnerable Point • Compromise a number of high-bandwidth, high-uptime Tor servers • If possible, advertise those nodes with unrestricted exit policy • Or using malicious nodes and reporting incorrect uptime and bandwidth advertisement • Tor does not have checking mechanism for advertisement • Malicious router logs following information for each cell received • Its location in the path(by checking if IP exist in routing advertisement) • Local time stamp • Previous circuit ID • Previous IP address • Previous connection’s port • Next hop’s IP address • Next hop’s port • Next hop’s ID

  16. Experimental setup • Isolated Tor network on PlanetLab, consisting of 40 and 60 nodes, each running exactly one onion router per node and three directory server • In 40 node network, two different type of experiments are conducted by adding two(2/42) and four (4/44) malicious nodes • In 60 node network, two different type of experiments are conducted by adding three(3/63) and six (6/66) malicious nodes • Traffic was generated for 2 hours • All Tor routers advertise unrestricted exit policy

  17. Experimental setup

  18. Experimental result

  19. Thank you

  20. B: total amount of bandwidth all known onion routers C: random number between 1 and B

More Related