nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

DigesTor: Comparing Passive Traffic Analysis Attacks on Tor

verfasst von : Katharina Kohls, Christina Pöpper

Erschienen in: Computer Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The Tor anonymity network represents a rewarding target for de-anonymization attacks, in particular by large organizations and governments. Tor is vulnerable to confirmation attacks, in which powerful adversaries compromise user anonymity by correlating transmissions between entry and exit nodes. As the experimental evaluation of such attacks is challenging, a fair comparison of passive traffic analysis techniques is hardly possible. In this work, we provide a first comparative evaluation of confirmation attacks and assess their impact on the real world. For this purpose, we release DigesTor, an analysis framework that delivers a foundation for comparability to support future research in this context. The framework runs a virtual private Tor network to generate traffic for representative scenarios, on which arbitrary attacks can be evaluated. Our results show the effects of recent and novel attack techniques and we demonstrate the capabilities of DigesTor using the example of mixing as a countermeasure against traffic analysis attacks.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Efficiently Deciding Equivalence for Standard Primitives and Phases

Nächstes Kapitel Deriving a Cost-Effective Digital Twin of an ICS to Facilitate Security Evaluation

Biryukov, A., Pustogarov, I., Weinmann, R.-P.: Trawling for Tor hidden services: detection, measurement, deanonymization. In: Symposium on Security and Privacy, pp. 80–94. IEEE (2013)

Chakravarty, S., Barbera, M.V., Portokalidis, G., Polychronakis, M., Keromytis, A.D.: On the effectiveness of traffic analysis against anonymity networks using flow records. In: Faloutsos, M., Kuzmanovic, A. (eds.) PAM 2014. LNCS, vol. 8362, pp. 247–257. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04918-2_24CrossRef

Danezis, G.: Statistical disclosure attacks. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds.) SEC 2003. ITIFIP, vol. 122, pp. 421–426. Springer, Boston, MA (2003). https://doi.org/10.1007/978-0-387-35691-4_40CrossRef

Danezis, G., Diaz, C., Troncoso, C.: Two-sided statistical disclosure attack. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 30–44. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75551-7_3CrossRef

Diaz, C., Preneel, B.: Taxonomy of mixes and dummy traffic. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds.) SEC 2004. IIFIP, vol. 148, pp. 217–232. Springer, Boston, MA (2004). https://doi.org/10.1007/1-4020-8145-6_18CrossRef

Fu, X., Ling, Z., Luo, J., Yu, W., Jia, W., Zhao, W.: One cell is enough to break Tor’s anonymity. In: Proceedings of Black Hat Technical Security Conference, pp. 578–589 (2009)

Houmansadr, A., Borisov, N.: SWIRL: a scalable watermark to detect correlated network flows. In: NDSS (2011)

Houmansadr, A., Borisov, N.: The need for flow fingerprints to link correlated network flows. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 205–224. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39077-7_11CrossRef

Houmansadr, A., Brubaker, C., Shmatikov, V.: The parrot is dead: observing unobservable network communications. In: Symposium on Security and Privacy, pp. 65–79. IEEE (2013)

10.

icons8. Figure Icons. https://icons8.com. Accessed 23 Apr 2018

11.

Jansen, R., Hopper, N.: Shadow: running Tor in a box for accurate and efficient experimentation. In: Symposium on Network and Distributed System Security, ser. NDSS 2012. Internet Society, San Diego, February 2012

12.

Jansen, R., Johnson, A.: Safely measuring Tor. In: Conference on Computer and Communications Security, pp. 1553–1567. ACM (2016)

13.

Kedogan, D., Agrawal, D., Penz, S.: Limits of anonymity in open environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36415-3_4CrossRef

14.

Kwon, A., AlSabah, M., Lazar, D., Dacier, M., Devadas, S.: Circuit fingerprinting attacks: passive deanonymization of tor hidden services. In: USENIX Security Symposium (2015)

15.

Levine, B.N., Reiter, M.K., Wang, C., Wright, M.: Timing attacks in low-latency mix systems. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 251–265. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27809-2_25CrossRef

16.

Ling, Z., Fu, X., Jia, W., Yu, W., Xuan, D., Luo, J.: Novel packet size-based covert channel attacks against anonymizer. IEEE Trans. Comput. 62(12), 2411–2426 (2013)MathSciNetCrossRef

17.

Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell counter based attack against Tor. In: Conference on Computer and Communications Security, pp. 578–589. ACM (2009)

18.

Mathewson, N., Dingledine, R.: Practical traffic analysis: extending and resisting statistical disclosure. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 17–34. Springer, Heidelberg (2005). https://doi.org/10.1007/11423409_2CrossRef

19.

Mittal, P., Khurshid, A., Juen, J., Caesar, M., Borisov, N.: Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In: Conference on Computer and Communications Security, ser. CCS 2011, pp. 215–226. ACM, Chicago, October 2011

20.

Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: Symposium on Security and Privacy, ser. SP 2005, pp. 183–195. IEEE, Oakland, May 2005

21.

Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 167–183. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75551-7_11CrossRef

22.

Nithyanand, R., Starov, O., Zair, A., Gill, P., Schapira, M.: Measuring and mitigating as-level adversaries against Tor. In: Symposium on Network and Distributed System Security, ser. NDSS 2016. Internet Society, San Diego, February 2016

23.

O’Connor, L.: On blending attacks for mixes with memory. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 39–52. Springer, Heidelberg (2005). https://doi.org/10.1007/11558859_4CrossRef

24.

Sengar, H., Ren, Z., Wang, H., Wijesekera, D., Jajodia, S.: Tracking Skype VoIP calls over the internet. in International Conference on Computer Communications, pp. 1–5. IEEE (2010)

25.

Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36415-3_3CrossRef

26.

Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006). https://doi.org/10.1007/11863908_2CrossRef

27.

Sun, Y., et al.: RAPTOR: routing attacks on privacy in Tor. In: USENIX Security Symposium, ser. USENIX 2016, pp. 271–286. USENIX, Washington, D.C., August 2015

28.

The Tor Project. The Onion Router. https://www.torproject.org. Accessed 23 Apr 2018

29.

The Tor Project. Tor Metrics. https://metrics.torproject.org. Accessed 23 Apr 2018

30.

The Tor Project. Tor Security Advisory: “Relay Early” Traffic Confirmation Attack, July 2014. https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack. Accessed 23 Apr 2018

31.

The Tor Project. Ethical Tor Research: Guidelines, November 2015. https://blog.torproject.org/blog/ethical-tor-research-guidelines. Accessed 23 Apr 2018

32.

Wang, X., Chen, S., Jajodia, S.: Network flow watermarking attack on low-latency anonymous communication systems. In: Symposium on Security and Privacy, pp. 116–130. IEEE (2007)

33.

Wang, X., Reeves, D.S.: Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In: Conference on Computer and Communications Security. ACM, pp. 20–29 (2003)

34.

Yu, W., Fu, X., Graham, S., Xuan, D., Zhao, W.: DSSS-based flow marking technique for invisible traceback. In: Symposium on Security and Privacy. IEEE, pp. 18–32 (2007)

35.

Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 207–225. Springer, Heidelberg (2005). https://doi.org/10.1007/11423409_13CrossRef

Titel: DigesTor: Comparing Passive Traffic Analysis Attacks on Tor
verfasst von: Katharina Kohls
Christina Pöpper
Verlag: Springer International Publishing
Buch: Computer Security
Print ISBN: 978-3-319-99072-9

Electronic ISBN: 978-3-319-99073-6

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-99073-6_25

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"