memory based dos and deanonymization attacks on tor n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Memory-based DoS and Deanonymization Attacks on Tor PowerPoint Presentation
Download Presentation
Memory-based DoS and Deanonymization Attacks on Tor

Loading in 2 Seconds...

play fullscreen
1 / 67

Memory-based DoS and Deanonymization Attacks on Tor - PowerPoint PPT Presentation


  • 104 Views
  • Uploaded on

Memory-based DoS and Deanonymization Attacks on Tor. DCAPS Seminar October 11 th , 2013. Rob Jansen U.S. Naval Research Laboratory rob.g.jansen@nrl.navy.mil. *Joint with Aaron Johnson, Florian Tschorsch , Björn Scheuermann. The Tor Anonymity Network. t orproject.org. How Tor Works.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Memory-based DoS and Deanonymization Attacks on Tor


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11th, 2013 Rob Jansen U.S. Naval Research Laboratory rob.g.jansen@nrl.navy.mil *Joint with Aaron Johnson, Florian Tschorsch, BjörnScheuermann

    2. The Tor Anonymity Network torproject.org

    3. How Tor Works

    4. How Tor Works

    5. How Tor Works

    6. How Tor Works

    7. How Tor Works Tor protocol aware

    8. Tor Flow Control exit entry

    9. Tor Flow Control One TCP Connection Between Each Relay,Multiple Circuits exit entry

    10. Tor Flow Control One TCP Connection Between Each Relay,Multiple Circuits exit entry Multiple Application Streams

    11. Tor Flow Control exit entry No end-to-end TCP!

    12. Tor Flow Control Tor protocol aware exit entry

    13. Tor Flow Control Delivery End Packaging End exit entry

    14. Tor Flow Control Delivery End Packaging End exit entry

    15. Tor Flow Control SENDME Signal Every 100 Cells 1000 Cell Limit exit entry

    16. Outline • The Sniper Attack • Low-cost memory consumption attack that disables arbitrary Tor relays • Deanonymizing Hidden Services • Using DoS attacks for deanonymization • Countermeasures

    17. The Sniper Attack Start Download exit entry Request

    18. The Sniper Attack Reply DATA exit entry

    19. The Sniper Attack Package and Relay DATA DATA DATA exit entry

    20. The Sniper Attack R Stop Reading from Connection DATA DATA DATA entry exit

    21. The Sniper Attack R Flow Window Closed DATA DATA DATA DATA DATA DATA exit entry

    22. The Sniper Attack R DATA DATA DATA DATA DATA DATA exit entry Periodically Send SENDME SENDME

    23. The Sniper Attack R DATA DATA DATA DATA Flow Window Opened DATA DATA DATA DATA DATA DATA DATA DATA DATA exit entry Periodically Send SENDME SENDME

    24. DATA DATA The Sniper Attack DATA DATA DATA DATA DATA R DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA exit entry Out of Memory, Killed by OS

    25. DATA DATA The Sniper Attack DATA DATA DATA DATA DATA R DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA exit entry Use Tor to Hide

    26. Memory Consumed over Time

    27. Mean RAM Consumed, 50 Relays

    28. Mean BW Consumed, 50 Relays

    29. Speed of Sniper Attack Path Selection Probability ≈ Network Capacity

    30. Speed of Sniper Attack Time (hours:minutes) to Consume RAM

    31. Speed of Sniper Attack Time (hours:minutes) to Consume RAM

    32. Speed of Sniper Attack Time (hours:minutes) to Consume RAM

    33. Outline • The Sniper Attack • Low-cost memory consumption attack that disables arbitrary Tor relays • Deanonymizing Hidden Services • Using DoS attacks for deanonymization • Countermeasures

    34. Hidden Services HS User wants to hide service

    35. Hidden Services HS HS chooses and publishes introduction point IP entry IP

    36. Hidden Services HS Learns about HS on web entry IP

    37. Hidden Services HS Builds Circuit to Chosen Rendezvous Point RP entry entry IP RP

    38. Hidden Services HS RP Notifies HS of RP through IP entry entry entry RP IP

    39. Hidden Services HS RP entry entry RP IP

    40. Hidden Services HS RP Build New Circuit to RP entry entry entry RP IP

    41. Hidden Services HS RP Communicate! entry entry entry RP IP

    42. DeanonymizingHidden Services HS entry RP

    43. DeanonymizingHidden Services HS Also runs a guard relay entry RP

    44. Deanonymizing Hidden Services HS RP Build New Circuit to RP entry entry RP

    45. Deanonymizing Hidden Services HS RP entry entry RP S&P 2006, S&P 2013

    46. Deanonymizing Hidden Services HS RP Send 50 Padding Cells PADDING entry entry RP S&P 2013

    47. Deanonymizing Hidden Services HS RP Identify HS entry if cell count = 52 entry entry RP S&P 2013

    48. Deanonymizing Hidden Services HS Sniper Attack, or any other DoS entry entry RP

    49. Deanonymizing Hidden Services HS Choose new Entry Guard entry RP

    50. Deanonymizing Hidden Services HS RP entry RP