Tor and timing attacks
Download
1 / 16

Tor and Timing Attacks - PowerPoint PPT Presentation


  • 84 Views
  • Uploaded on

Tor and Timing Attacks. An attack within the accepted attacker model. Onion Routing 2 A real system for users Only true antecedent was ZKS’s Freedom Network A variety of system enhancements PFS, congestion control, directory servers, etc. Onion Routing. Initiator-chosen paths

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Tor and Timing Attacks' - conan-ashley


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Tor and timing attacks

Tor and Timing Attacks

An attack within the accepted attacker model


  • Onion Routing 2

    • A real system for users

      • Only true antecedent was ZKS’s Freedom Network

    • A variety of system enhancements

      • PFS, congestion control, directory servers, etc.


Onion routing
Onion Routing

  • Initiator-chosen paths

    • Instead of flipping a coin, the Initiator chooses the entire path and builds an onion. IàXàYàZàR

    • Layered encryption of data using the public key of each proxy in the path.

{Z,{R,data}Kz+}Ky+

{Y,{Z,{R,data}Kz+}Ky+}Kx+

{R,data}Kz+

data

  • Sending the onion

  • I àX: {Y,{Z,{R,data}Kz+}Ky+}Kx+

  • XàY: {Z,{R,data}Kz+}Ky+

  • YàZ: {R,data}Kz+

  • ZàR: data


Tor goals
Tor Goals

  • Deployability

    • Cannot be too expensive

    • Cannot be too troublesome or risky

    • Cannot require websites to run something different

  • Usability

  • Flexibility (& Good Specs)

  • Simple Design


Attack model
Attack Model

  • What is the Tor Attack Model?

  • Why is the model important?


Timing attacks

17 ms

12 ms

Timing Attacks

  • Timings say if they’re on the same path

  • “Firstness” & “Lastness” can be determined

    • Why?

R

X

Y

I

A1

A2


A timing attack
A Timing Attack

  • Danezis 2004

  • Model: Global Passive Eavesdropper

  • Idea

    • Gather timings of packets at all end points (entry and exit points)

    • Given a set of entry timings, produce a model of the exit timings. Look for a match.

  • Result: Attacker obtains many correct matches


Another timing attack
Another Timing Attack

  • Levine, et al., 2004

  • Model: Substantial % of Tor servers (e.g. 10%)

    • Passive, in a sense

  • Idea

    • See 2 slides ago

    • Handle errors gracefully

    • Repeat for many rounds

  • Result: Attacker can get many good matches over time


A note on the tor paper
A Note On the Tor Paper

  • A Gold Mine!

    • 28 different attacks

    • 15 Open Questions

    • 9 Future Directions

  • Problem Selection

    • Is it interesting?

    • How hard a question?

    • Rough guesses?


Low cost traffic analysis of tor
Low-Cost Traffic Analysis of Tor

  • Murdoch & Danezis, Oakland ‘05

  • A novel attack

    • within Tor’s attack model

  • Key features under attack

    • Low-latency communication

    • Ease of entry & ability to use the system


M d attack model
M&D Attack Model

  • What is it?

  • How does it compare to prior models we have discussed?

  • Is it realistic?

  • Can it be stopped?


The attack setup
The Attack Setup

Init.

Resp.

T1

T2

T3

A


The attack idea
The Attack Idea

  • Tor uses Round Robin sending

    • each stream gets a turn

    • If a stream has no packets, it gets skipped

  • Imagine node T2 has just two streams

    • A and Initiator

    • A is always on

    • What happens when Initiator sends a pkt?


Testing the attack
Testing the Attack

  • Set up a “victim”

  • Set up the attack server

  • Probes

  • Correlation?


Results
Results

  • Some success

    • Usually higher correlation w/ pattern

  • Limits

    • Some failure

    • Not clear where to set a dividing line

  • Enhancements Possible


Defenses
Defenses

  • Cover traffic

    • Just filling the links is no good

    • Lots of traffic required?

  • Delay

    • perfect interference

    • non-interference


ad