attacks on low latency anonymous network tor n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Attacks on Low-Latency Anonymous Network: TOR PowerPoint Presentation
Download Presentation
Attacks on Low-Latency Anonymous Network: TOR

Loading in 2 Seconds...

play fullscreen
1 / 20

Attacks on Low-Latency Anonymous Network: TOR - PowerPoint PPT Presentation


  • 159 Views
  • Uploaded on

Attacks on Low-Latency Anonymous Network: TOR. Overview. Basic concepts of anonymous network Tor Principals “ Low-Cost Traffic Analysis of Tor ” Steven J.Murdoch, George Danezis, May 2005 IEEE Symposium on Security and Privacy

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Attacks on Low-Latency Anonymous Network: TOR' - carlos-delaney


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
overview
Overview
  • Basic concepts of anonymous network
  • Tor Principals
  • “Low-Cost Traffic Analysis of Tor” Steven J.Murdoch, George Danezis, May 2005 IEEE Symposium on Security and Privacy
  • “Low-Resource Routing Attacks against Anonymous Systems” Kevin Bauer, Damon McCoy, Dirk Grundwald, Tadayaoshi Konho, Douglas Sicker. University of Colorado at Boulder. Technical Report, Feb 2007
basic concepts of anonymous network
Basic concepts of Anonymous Network
  • What do we want to hide?
    • sender anonymity: attacker cannot determine who the sender of a particular message is
    • receiver anonymity: attacker cannot determine who the intended receiver of a particular message is
    • Unlinkability: attacker may determine senders and receivers but not the associations between them (attacker doesn’t know who communicates with whom)
  • From whom do we want to hide this?
    • communication partner (sender anonymity)
    • external attackers: local eavesdropper (sniffing on a particular link (e.g., LAN)), global eavesdropper (observing traffic in the whole network)
    • internal attackers
types of anonymous network
Types of Anonymous Network
  • Mix-Based Anonymous Network
    • Anonymizer
    • Crowds
    • Onion Routing and Tor
    • Etc
  • DC Network(Dining Cryptographers)
    • Herbivore
    • P5
the onion routing
The Onion Routing

R2

R4

Alice

R3

Bob

R1

{M}pk(B)

{B,k4}pk(R4),{ }k4

{R4,k3}pk(R3),{ }k3

{R3,k2}pk(R2),{ }k2

{R2,k1}pk(R1),{ }k1

Routing info for each link encrypted with router’s public key

Each router learns only the identity of the next router

overview of architecture
Overview of architecture

long-term socket

connections

application

(initiator)

onion router

application

(responder)

exit funnel

- demultiplexes connections

from the OR network

- opens connection to responder

application and reports a one

byte status msg back to the

application proxy

onion proxy

- opens the anonymous

connection via the OR

network

- encrypts/decrypts data

entry funnel

- multiplexes connections

from onion proxies

low cost traffic analysis of tor
Low-Cost Traffic Analysis of Tor
  • Vulnerable Point
    • Not using batching strategy due to low-latency requirement(no mixing)
    • Cells are sent out round robin fashion(the higher load on the node, the higher the latency )
  • Attack on Vulnerable Point
    • Use corrupted Tor node
    • By using corrupted Tor node, create a connection passing through another node Tor node whose traffic will be measured
    • Send data modulated very specific traffic pattern
    • Correlate the latency at destination with traffic pattern
low cost traffic analysis of tor1
Low-Cost Traffic Analysis of Tor
  • Correlation Calculation
    • Template function from corrupted server:
    • Correlation:

where L(t) is measured latency of the target Tor

node(microsec).

L’(t) is normalized version of latency calculated by

dividing L(t) by means of all samples

attack setup
Attack Setup

application

(initiator)

onion router

Corrupted

application

(responder)

Traffic

measurement

long-term socket

connections

corrupted router

  • Corrupted node(router) generates very specific traffic pattern
  • Corrupted responder correlates the latency with that specific traffic pattern
low resource routing attack against anonymous systems
Low Resource Routing Attack Against Anonymous Systems
  • Vulnerable Point on Tor
  • Attack on Vulnerable Point
  • Experimental setup
  • Experimental result
vulnerable point
Vulnerable Point
  • Circuit(path) contains three onion routers(by default) through the Tor network from onion proxy to desired destination server
    • Due to requirement of low-latency
    • In previous version, 5-8 routers are selected randomly to built the circuit
  • Algorithm to choose onion routers in the path
    • Entrance Router Selection Algorithm
    • Non-Entrance Router Selection Algorithm
algorithm to choose onion routers in the path
Algorithm to choose onion routers in the path
  • Entrance Router Selection Algorithm works by automatically selecting set of routers that are marked by the trusted directory servers as being “fast” and “stable”.
      • Definition for “fast”: bandwidth above median of all bandwidth of all routers
      • Definition for “stable”: uptime above median of all uptime of all routers
algorithm to choose onion routers in the path1
Algorithm to choose onion routers in the path
  • Non-Entrance Router Selection Algorithm
      • Select non-entrance node with higher bandwidth and higher uptime to optimize onion routing, while not always choosing best node every time
      • More bandwidth and higher stability are used most often
      • The probability that i’th router is chosen is approximately:

where bi is the bandwidth

advertised by node i

attack on vulnerable point
Attack on Vulnerable Point
  • Compromise a number of high-bandwidth, high-uptime Tor servers
    • If possible, advertise those nodes with unrestricted exit policy
  • Or using malicious nodes and reporting incorrect uptime and bandwidth advertisement
    • Tor does not have checking mechanism for advertisement
  • Malicious router logs following information for each cell received
    • Its location in the path(by checking if IP exist in routing advertisement)
    • Local time stamp
    • Previous circuit ID
    • Previous IP address
    • Previous connection’s port
    • Next hop’s IP address
    • Next hop’s port
    • Next hop’s ID
experimental setup
Experimental setup
  • Isolated Tor network on PlanetLab, consisting of 40 and 60 nodes, each running exactly one onion router per node and three directory server
  • In 40 node network, two different type of experiments are conducted by adding two(2/42) and four (4/44) malicious nodes
  • In 60 node network, two different type of experiments are conducted by adding three(3/63) and six (6/66) malicious nodes
  • Traffic was generated for 2 hours
  • All Tor routers advertise unrestricted exit policy