Top

Published in:

2018 | OriginalPaper | Chapter

DigesTor: Comparing Passive Traffic Analysis Attacks on Tor

Authors : Katharina Kohls, Christina Pöpper

Published in: Computer Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The Tor anonymity network represents a rewarding target for de-anonymization attacks, in particular by large organizations and governments. Tor is vulnerable to confirmation attacks, in which powerful adversaries compromise user anonymity by correlating transmissions between entry and exit nodes. As the experimental evaluation of such attacks is challenging, a fair comparison of passive traffic analysis techniques is hardly possible. In this work, we provide a first comparative evaluation of confirmation attacks and assess their impact on the real world. For this purpose, we release DigesTor, an analysis framework that delivers a foundation for comparability to support future research in this context. The framework runs a virtual private Tor network to generate traffic for representative scenarios, on which arbitrary attacks can be evaluated. Our results show the effects of recent and novel attack techniques and we demonstrate the capabilities of DigesTor using the example of mixing as a countermeasure against traffic analysis attacks.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Efficiently Deciding Equivalence for Standard Primitives and Phases

next chapter Deriving a Cost-Effective Digital Twin of an ICS to Facilitate Security Evaluation

Biryukov, A., Pustogarov, I., Weinmann, R.-P.: Trawling for Tor hidden services: detection, measurement, deanonymization. In: Symposium on Security and Privacy, pp. 80–94. IEEE (2013)

Chakravarty, S., Barbera, M.V., Portokalidis, G., Polychronakis, M., Keromytis, A.D.: On the effectiveness of traffic analysis against anonymity networks using flow records. In: Faloutsos, M., Kuzmanovic, A. (eds.) PAM 2014. LNCS, vol. 8362, pp. 247–257. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04918-2_24CrossRef

Danezis, G.: Statistical disclosure attacks. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds.) SEC 2003. ITIFIP, vol. 122, pp. 421–426. Springer, Boston, MA (2003). https://doi.org/10.1007/978-0-387-35691-4_40CrossRef

Danezis, G., Diaz, C., Troncoso, C.: Two-sided statistical disclosure attack. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 30–44. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75551-7_3CrossRef

Diaz, C., Preneel, B.: Taxonomy of mixes and dummy traffic. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds.) SEC 2004. IIFIP, vol. 148, pp. 217–232. Springer, Boston, MA (2004). https://doi.org/10.1007/1-4020-8145-6_18CrossRef

Fu, X., Ling, Z., Luo, J., Yu, W., Jia, W., Zhao, W.: One cell is enough to break Tor’s anonymity. In: Proceedings of Black Hat Technical Security Conference, pp. 578–589 (2009)

Houmansadr, A., Borisov, N.: SWIRL: a scalable watermark to detect correlated network flows. In: NDSS (2011)

Houmansadr, A., Borisov, N.: The need for flow fingerprints to link correlated network flows. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 205–224. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39077-7_11CrossRef

Houmansadr, A., Brubaker, C., Shmatikov, V.: The parrot is dead: observing unobservable network communications. In: Symposium on Security and Privacy, pp. 65–79. IEEE (2013)

10.

icons8. Figure Icons. https://icons8.com. Accessed 23 Apr 2018

11.

Jansen, R., Hopper, N.: Shadow: running Tor in a box for accurate and efficient experimentation. In: Symposium on Network and Distributed System Security, ser. NDSS 2012. Internet Society, San Diego, February 2012

12.

Jansen, R., Johnson, A.: Safely measuring Tor. In: Conference on Computer and Communications Security, pp. 1553–1567. ACM (2016)

13.

Kedogan, D., Agrawal, D., Penz, S.: Limits of anonymity in open environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36415-3_4CrossRef

14.

Kwon, A., AlSabah, M., Lazar, D., Dacier, M., Devadas, S.: Circuit fingerprinting attacks: passive deanonymization of tor hidden services. In: USENIX Security Symposium (2015)

15.

Levine, B.N., Reiter, M.K., Wang, C., Wright, M.: Timing attacks in low-latency mix systems. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 251–265. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27809-2_25CrossRef

16.

Ling, Z., Fu, X., Jia, W., Yu, W., Xuan, D., Luo, J.: Novel packet size-based covert channel attacks against anonymizer. IEEE Trans. Comput. 62(12), 2411–2426 (2013)MathSciNetCrossRef

17.

Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell counter based attack against Tor. In: Conference on Computer and Communications Security, pp. 578–589. ACM (2009)

18.

Mathewson, N., Dingledine, R.: Practical traffic analysis: extending and resisting statistical disclosure. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 17–34. Springer, Heidelberg (2005). https://doi.org/10.1007/11423409_2CrossRef

19.

Mittal, P., Khurshid, A., Juen, J., Caesar, M., Borisov, N.: Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In: Conference on Computer and Communications Security, ser. CCS 2011, pp. 215–226. ACM, Chicago, October 2011

20.

Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: Symposium on Security and Privacy, ser. SP 2005, pp. 183–195. IEEE, Oakland, May 2005

21.

Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 167–183. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75551-7_11CrossRef

22.

Nithyanand, R., Starov, O., Zair, A., Gill, P., Schapira, M.: Measuring and mitigating as-level adversaries against Tor. In: Symposium on Network and Distributed System Security, ser. NDSS 2016. Internet Society, San Diego, February 2016

23.

O’Connor, L.: On blending attacks for mixes with memory. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 39–52. Springer, Heidelberg (2005). https://doi.org/10.1007/11558859_4CrossRef

24.

Sengar, H., Ren, Z., Wang, H., Wijesekera, D., Jajodia, S.: Tracking Skype VoIP calls over the internet. in International Conference on Computer Communications, pp. 1–5. IEEE (2010)

25.

Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36415-3_3CrossRef

26.

Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006). https://doi.org/10.1007/11863908_2CrossRef

27.

Sun, Y., et al.: RAPTOR: routing attacks on privacy in Tor. In: USENIX Security Symposium, ser. USENIX 2016, pp. 271–286. USENIX, Washington, D.C., August 2015

28.

The Tor Project. The Onion Router. https://www.torproject.org. Accessed 23 Apr 2018

29.

The Tor Project. Tor Metrics. https://metrics.torproject.org. Accessed 23 Apr 2018

30.

The Tor Project. Tor Security Advisory: “Relay Early” Traffic Confirmation Attack, July 2014. https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack. Accessed 23 Apr 2018

31.

The Tor Project. Ethical Tor Research: Guidelines, November 2015. https://blog.torproject.org/blog/ethical-tor-research-guidelines. Accessed 23 Apr 2018

32.

Wang, X., Chen, S., Jajodia, S.: Network flow watermarking attack on low-latency anonymous communication systems. In: Symposium on Security and Privacy, pp. 116–130. IEEE (2007)

33.

Wang, X., Reeves, D.S.: Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In: Conference on Computer and Communications Security. ACM, pp. 20–29 (2003)

34.

Yu, W., Fu, X., Graham, S., Xuan, D., Zhao, W.: DSSS-based flow marking technique for invisible traceback. In: Symposium on Security and Privacy. IEEE, pp. 18–32 (2007)

35.

Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 207–225. Springer, Heidelberg (2005). https://doi.org/10.1007/11423409_13CrossRef

Title: DigesTor: Comparing Passive Traffic Analysis Attacks on Tor
Authors: Katharina Kohls
Christina Pöpper
Publisher: Springer International Publishing
Book: Computer Security
Print ISBN: 978-3-319-99072-9

Electronic ISBN: 978-3-319-99073-6

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-99073-6_25

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner