1 / 20

Anonymity Defense in Tor: Low-Resource Routing Attack Analysis

This study delves into low-resource routing attacks on the Tor system, analyzing its router selection algorithms, attack model, and defense mechanisms. It examines the impact on anonymity metrics and compares with previous attacks. The research focuses on minimizing adversary requirements to compromise anonymity and strengthening Tor against such attacks, showcasing experimental results and implications for the system's security.

xannon
Download Presentation

Anonymity Defense in Tor: Low-Resource Routing Attack Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNIVERSITY OF CRETE Department of Computer Science Low –Resource Routing Attacks Against Anonymous Systems Fragkiadaki Georgia AM681

  2. Outline • A short overview of the Tor system • Analysis of Tor’s router selection algorithms • A description of Tor’s envisioned attack model • A overview of the common anonymity metrics • Attack and description attack model • Experiments about attack and which the results • A detailed analysis of proposed defenses • Comparison attack with previous attacks against Tor

  3. Overlay mix-networks • used widely • provide low-latency anonymous communication services • provide perfect anonymity • Tor is one of the most popular privacy enhancing systems • provide optimal performance for interactive application • Goal: the system provide anonymity against non-global adversaries

  4. Introduction • Research Themes: • how can we minimize the requirements necessary for any adversary to compromise the anonymity of a flow • how can we harden Tor against our attacks. • Attack Overview: • The adversary need few malicious nodes to break the anonymity of clients. • Context • Additional Improvements and Other Attacks • Prevention • Broader Implications

  5. Tor System contain : • Onion router (OR) : the server component of the network – is responsible for traffic • Onion proxy (OP) : is the client part of the network • A circuit : is a path of three onion routers through the Tor from OP • entrance router • mix router • exit router

  6. Understanding Tor at a High Level • There is a circuit switched network at the core of Tor • The originator of the circuit knows the complete path • Uses standard cryptographic methods , like TLS (Transport Layer Security) • Onion routing: encrypted cells use a layered scheme. Each hop removes a layer until the last node, so it is fully decrypted. • Onion proxy: forward a local user’ s traffic through the network

  7. Selection Algorithms (SA) Which onion router select Tor to include in a circuit? • Entrance Router SA: • select a set of onion routers that are marked by servers as fast and stable • protect the first hop of a circuit and use more reliable and trustworthy nodes • Non-Entrance Router SA • select non-entrance nodes, which optimize onion router selection for bandwidth and uptime • not always choose the best nodes every time

  8. Common Anonymity Metrics • We define entropy , a metric to measure the amount of anonymity • p(xi) : probability i-th node being including on path • N : the number of routers in the Tor network

  9. Attack Model • We focus on : • Attacking the anonymity of clients, running default configurations • attacking clients, which join the network, after first phase of attack • Phases: • Setting Up • Linking Paths

  10. Phase One: Setting Up • The basic Attack: the adversary’s setup procedure is to enroll or compromise a number of high-bandwidth, high-uptime Tor servers • Resource Reduction: decrease the resource requirements for the malicious nodes • low bandwidth connections • What Happens Next: a goal is to provide a low-latency service about a new client joins the network

  11. Phase Two: Linking Paths • When the full path has been populated with malicious nodes • Each malicious router logs information for each cell received, according to • location of circuit path, • timestamp, • circuit ID, • IP address (previous, next) and • ports

  12. Experiments (1/2) • Experimental Setup • We set up an isolated Tor deployment • not run in real environment, due to probably destructive effects. • determine test with real sizes about Bandwidth Class • create two isolated Tor networks, with 40 and 60 nodes, each running

  13. Experiments • Traffic Generation • would make it more realistic ,but there are not much data available • Malicious Node Configuration • an attacker can correlate, each malicious router advertises a read and write bandwidth capability of 1.5 MB/s and a high uptime

  14. Results of Experiment • There is difference between the analytical expectation and the experimental results • The attack is effective in influencing Tor’s routing mechanisms • Entropy decrease in network when we added malicious nodes • shows the global impact that our attack has on decreasing Tor’s anonymity

  15. Attack Extension • Compromising Existing Clients • Improving Performance Under the Resource-Reduced Attack • Selective Path Disruption • Displacing Honest Entry Guards. • Compromising Only the Entry Node

  16. Previous Attacks Against Tor • There have been published three attacks in the past parts of the Tor protocol: • Murdoch and Danezis: a low cost traffic – analysis technique • Overlier and Syverson : attack located hidden servers inside the Tor network • Murdoch: the key to this attack is the observation that when a server is idle, its CPU runs at a cooler temperature

  17. Conclusion (1/2) • We introduce a low-resource traffic analysis attack , which is highly practical • an attacker can compromise the anonymity of a large amount of the communication channels through the network • Tor is vulnerable to attacks from non-global adversaries that control only a few high-resource nodes, or nodes that are perceived to be high-resource. • the system utilizes a preferential routing algorithm that attempts to optimize for performance and this fact exploits the attack

  18. Conclusion (2/2) • an adversary can, with high probability, compromise the entrance and exit servers on a route for new clients

  19. Questions? Thank you for attention

More Related