Skip to main content
main-content
Top

Hint

Swipe to navigate through the chapters of this book

2020 | OriginalPaper | Chapter

Security and Performance Implications of BGP Rerouting-Resistant Guard Selection Algorithms for Tor

Authors : Asya Mitseva, Marharyta Aleksandrova, Thomas Engel, Andriy Panchenko

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

share
SHARE

Abstract

Tor is the most popular anonymization system with millions of daily users and, thus, an attractive target for attacks, e.g., by malicious autonomous systems (ASs) performing active routing attacks to become man in the middle and deanonymize users. It was shown that the number of such malicious ASs is significantly larger than previously expected due to the lack of security guarantees in the Border Gateway Protocol (BGP). In response, recent works suggest alternative Tor path selection methods prefering Tor nodes with higher resilience to active BGP attacks.
In this work, we analyze the implications of such proposals. We show that Counter-RAPTOR and DPSelect are not as secure as thought before: for particular users they allow for leakage of user’s location. DPSelect is not as resilient as widely accepted as we show that it achieves only one third of its originally claimed resilience and, hence, does not protect users from routing attacks. We reveal the performance implications of both methods and identify scenarios where their usage leads to significant performance bottlenecks. Finally, we propose a new metric to quantify the user’s location leakage by path selection. Using this metric and performing large-scale analysis, we show to which extent a malicious middle can fingerprint the user’s location and what kind of confidence it can achieve. Our findings shed light on the implications of path selection methods on the users’ anonymity and the need for further research.
Footnotes
3
This metric can be used for other scenarios as well, not only from a middle position.
 
Literature
1.
go back to reference Akhoondi, M., et al.: LASTor: A Low-Latency AS-Aware Tor Client. In: IEEE S&P (2012) Akhoondi, M., et al.: LASTor: A Low-Latency AS-Aware Tor Client. In: IEEE S&P (2012)
2.
go back to reference Barton, A., Wright, M.: DeNASA: Destination-Naive AS-Awareness in anonymous communications. In: PETS (2016) Barton, A., Wright, M.: DeNASA: Destination-Naive AS-Awareness in anonymous communications. In: PETS (2016)
7.
go back to reference Dingledine, R., et al.: Tor: the second-generation onion router. In: USENIX Security (2004) Dingledine, R., et al.: Tor: the second-generation onion router. In: USENIX Security (2004)
8.
go back to reference Dingledine, R., et al.: One fast guard for life (or 9 months). In: HotPETs (2009) Dingledine, R., et al.: One fast guard for life (or 9 months). In: HotPETs (2009)
9.
go back to reference Edman, M., Syverson, P.: AS-awareness in Tor path selection. In: ACM CCS (2009) Edman, M., Syverson, P.: AS-awareness in Tor path selection. In: ACM CCS (2009)
10.
go back to reference Feamster, N., Dingledine, R.: Location diversity in anonymity networks. In: ACM WPES (2004) Feamster, N., Dingledine, R.: Location diversity in anonymity networks. In: ACM WPES (2004)
11.
go back to reference Hanley, H., et al.: DPSelect: a differential privacy based guard relay selection algorithm for Tor. In: PETS (2019) Hanley, H., et al.: DPSelect: a differential privacy based guard relay selection algorithm for Tor. In: PETS (2019)
12.
go back to reference Hopper, N., et al.: How much anonymity does network latency leak? In: ACM CCS (2007) Hopper, N., et al.: How much anonymity does network latency leak? In: ACM CCS (2007)
13.
go back to reference Jansen, R., Hopper, N.: Shadow: running Tor in a box for accurate and efficient experimentation. In: NDSS (2012) Jansen, R., Hopper, N.: Shadow: running Tor in a box for accurate and efficient experimentation. In: NDSS (2012)
14.
go back to reference Jansen, R., et al.: Inside job: applying traffic analysis to measure tor from within. In: NDSS (2018) Jansen, R., et al.: Inside job: applying traffic analysis to measure tor from within. In: NDSS (2018)
15.
go back to reference Johnson, A., et al.: Users get routed: traffic correlation on tor by realistic adversaries. In: ACM CCS (2013) Johnson, A., et al.: Users get routed: traffic correlation on tor by realistic adversaries. In: ACM CCS (2013)
16.
go back to reference Johnson, A., et al.: Avoiding the man on the wire: improving Tor’s security with trust-aware path selection. In: NDSS (2017) Johnson, A., et al.: Avoiding the man on the wire: improving Tor’s security with trust-aware path selection. In: NDSS (2017)
17.
go back to reference Juen, J., et al.: Defending Tor from network adversaries: a case study of network path prediction. In: PETS (2015) Juen, J., et al.: Defending Tor from network adversaries: a case study of network path prediction. In: PETS (2015)
18.
go back to reference Mitseva, A., et al.: The state of affairs in BGP security: a survey of attacks and defenses. Comput. Commun. 124, 45–60 (2018) CrossRef Mitseva, A., et al.: The state of affairs in BGP security: a survey of attacks and defenses. Comput. Commun. 124, 45–60 (2018) CrossRef
19.
go back to reference Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: IEEE S&P (2005) Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: IEEE S&P (2005)
21.
go back to reference Nithyanand, R., et al.: Measuring and mitigating AS-level adversaries against Tor. In: NDSS (2016) Nithyanand, R., et al.: Measuring and mitigating AS-level adversaries against Tor. In: NDSS (2016)
22.
go back to reference Panchenko, A., et al.: Website fingerprinting at internet scale. In: NDSS (2016) Panchenko, A., et al.: Website fingerprinting at internet scale. In: NDSS (2016)
23.
go back to reference Sun, Y., et al.: RAPTOR: routing attacks on privacy in Tor. In: USENIX Security (2015) Sun, Y., et al.: RAPTOR: routing attacks on privacy in Tor. In: USENIX Security (2015)
24.
go back to reference Sun, Y., et al.: Counter-RAPTOR: safeguarding Tor against active routing attacks. In: IEEE S&P (2017) Sun, Y., et al.: Counter-RAPTOR: safeguarding Tor against active routing attacks. In: IEEE S&P (2017)
25.
go back to reference Tan, H., et al.: Data-plane defenses against routing attacks on Tor. In: PETS (2016) Tan, H., et al.: Data-plane defenses against routing attacks on Tor. In: PETS (2016)
26.
go back to reference Tschantz, M.C., et al.: SoK: towards grounding censorship circumvention in empiricism. In: IEEE S&P (2016) Tschantz, M.C., et al.: SoK: towards grounding censorship circumvention in empiricism. In: IEEE S&P (2016)
27.
go back to reference Wacek, C., et al.: An empirical evaluation of relay selection in Tor. In: NDSS (2013) Wacek, C., et al.: An empirical evaluation of relay selection in Tor. In: NDSS (2013)
28.
go back to reference Wails, R., et al.: Tempest: temporal dynamics in anonymity systems. In: PETS (2018) Wails, R., et al.: Tempest: temporal dynamics in anonymity systems. In: PETS (2018)
29.
go back to reference Wan, G., et al.: Guard placement attacks on path selection algorithms for Tor. In: PETS (2019) Wan, G., et al.: Guard placement attacks on path selection algorithms for Tor. In: PETS (2019)
Metadata
Title
Security and Performance Implications of BGP Rerouting-Resistant Guard Selection Algorithms for Tor
Authors
Asya Mitseva
Marharyta Aleksandrova
Thomas Engel
Andriy Panchenko
Copyright Year
2020
DOI
https://doi.org/10.1007/978-3-030-58201-2_15

Premium Partner