Tor and timing attacks
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

Tor and Timing Attacks PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on
  • Presentation posted in: General

Tor and Timing Attacks. An attack within the accepted attacker model. Onion Routing 2 A real system for users Only true antecedent was ZKS’s Freedom Network A variety of system enhancements PFS, congestion control, directory servers, etc. Onion Routing. Initiator-chosen paths

Download Presentation

Tor and Timing Attacks

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Tor and timing attacks

Tor and Timing Attacks

An attack within the accepted attacker model


Tor and timing attacks

  • Onion Routing 2

    • A real system for users

      • Only true antecedent was ZKS’s Freedom Network

    • A variety of system enhancements

      • PFS, congestion control, directory servers, etc.


Onion routing

Onion Routing

  • Initiator-chosen paths

    • Instead of flipping a coin, the Initiator chooses the entire path and builds an onion. IàXàYàZàR

    • Layered encryption of data using the public key of each proxy in the path.

{Z,{R,data}Kz+}Ky+

{Y,{Z,{R,data}Kz+}Ky+}Kx+

{R,data}Kz+

data

  • Sending the onion

  • I àX: {Y,{Z,{R,data}Kz+}Ky+}Kx+

  • XàY: {Z,{R,data}Kz+}Ky+

  • YàZ: {R,data}Kz+

  • ZàR: data


Tor goals

Tor Goals

  • Deployability

    • Cannot be too expensive

    • Cannot be too troublesome or risky

    • Cannot require websites to run something different

  • Usability

  • Flexibility (& Good Specs)

  • Simple Design


Attack model

Attack Model

  • What is the Tor Attack Model?

  • Why is the model important?


Timing attacks

17 ms

12 ms

Timing Attacks

  • Timings say if they’re on the same path

  • “Firstness” & “Lastness” can be determined

    • Why?

R

X

Y

I

A1

A2


A timing attack

A Timing Attack

  • Danezis 2004

  • Model: Global Passive Eavesdropper

  • Idea

    • Gather timings of packets at all end points (entry and exit points)

    • Given a set of entry timings, produce a model of the exit timings. Look for a match.

  • Result: Attacker obtains many correct matches


Another timing attack

Another Timing Attack

  • Levine, et al., 2004

  • Model: Substantial % of Tor servers (e.g. 10%)

    • Passive, in a sense

  • Idea

    • See 2 slides ago

    • Handle errors gracefully

    • Repeat for many rounds

  • Result: Attacker can get many good matches over time


A note on the tor paper

A Note On the Tor Paper

  • A Gold Mine!

    • 28 different attacks

    • 15 Open Questions

    • 9 Future Directions

  • Problem Selection

    • Is it interesting?

    • How hard a question?

    • Rough guesses?


Low cost traffic analysis of tor

Low-Cost Traffic Analysis of Tor

  • Murdoch & Danezis, Oakland ‘05

  • A novel attack

    • within Tor’s attack model

  • Key features under attack

    • Low-latency communication

    • Ease of entry & ability to use the system


M d attack model

M&D Attack Model

  • What is it?

  • How does it compare to prior models we have discussed?

  • Is it realistic?

  • Can it be stopped?


The attack setup

The Attack Setup

Init.

Resp.

T1

T2

T3

A


The attack idea

The Attack Idea

  • Tor uses Round Robin sending

    • each stream gets a turn

    • If a stream has no packets, it gets skipped

  • Imagine node T2 has just two streams

    • A and Initiator

    • A is always on

    • What happens when Initiator sends a pkt?


Testing the attack

Testing the Attack

  • Set up a “victim”

  • Set up the attack server

  • Probes

  • Correlation?


Results

Results

  • Some success

    • Usually higher correlation w/ pattern

  • Limits

    • Some failure

    • Not clear where to set a dividing line

  • Enhancements Possible


Defenses

Defenses

  • Cover traffic

    • Just filling the links is no good

    • Lots of traffic required?

  • Delay

    • perfect interference

    • non-interference


  • Login