Top

Published in:

2020 | OriginalPaper | Chapter

Security and Performance Implications of BGP Rerouting-Resistant Guard Selection Algorithms for Tor

Authors : Asya Mitseva, Marharyta Aleksandrova, Thomas Engel, Andriy Panchenko

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Tor is the most popular anonymization system with millions of daily users and, thus, an attractive target for attacks, e.g., by malicious autonomous systems (ASs) performing active routing attacks to become man in the middle and deanonymize users. It was shown that the number of such malicious ASs is significantly larger than previously expected due to the lack of security guarantees in the Border Gateway Protocol (BGP). In response, recent works suggest alternative Tor path selection methods prefering Tor nodes with higher resilience to active BGP attacks.

In this work, we analyze the implications of such proposals. We show that Counter-RAPTOR and DPSelect are not as secure as thought before: for particular users they allow for leakage of user’s location. DPSelect is not as resilient as widely accepted as we show that it achieves only one third of its originally claimed resilience and, hence, does not protect users from routing attacks. We reveal the performance implications of both methods and identify scenarios where their usage leads to significant performance bottlenecks. Finally, we propose a new metric to quantify the user’s location leakage by path selection. Using this metric and performing large-scale analysis, we show to which extent a malicious middle can fingerprint the user’s location and what kind of confidence it can achieve. Our findings shed light on the implications of path selection methods on the users’ anonymity and the need for further research.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Secure Attestation of Virtualized Environments

next chapter Actively Probing Routes for Tor AS-Level Adversaries with RIPE Atlas

https://metrics.torproject.org/collector.html.

https://dev.maxmind.com/geoip/geoip2/geolite2/.

This metric can be used for other scenarios as well, not only from a middle position.

Akhoondi, M., et al.: LASTor: A Low-Latency AS-Aware Tor Client. In: IEEE S&P (2012)

Barton, A., Wright, M.: DeNASA: Destination-Naive AS-Awareness in anonymous communications. In: PETS (2016)

CAIDA: AS Classification. https://www.caida.org/data/as-classification/

CAIDA: AS Relationships. http://www.caida.org/data/as-relationships/

CAIDA: ASRank. https://asrank.caida.org/

CAIDA: The IPv4 Routed/24 Topology Dataset. https://www.caida.org/data/active/ipv4_routed_24_topology_dataset.xml

Dingledine, R., et al.: Tor: the second-generation onion router. In: USENIX Security (2004)

Dingledine, R., et al.: One fast guard for life (or 9 months). In: HotPETs (2009)

Edman, M., Syverson, P.: AS-awareness in Tor path selection. In: ACM CCS (2009)

10.

Feamster, N., Dingledine, R.: Location diversity in anonymity networks. In: ACM WPES (2004)

11.

Hanley, H., et al.: DPSelect: a differential privacy based guard relay selection algorithm for Tor. In: PETS (2019)

12.

Hopper, N., et al.: How much anonymity does network latency leak? In: ACM CCS (2007)

13.

Jansen, R., Hopper, N.: Shadow: running Tor in a box for accurate and efficient experimentation. In: NDSS (2012)

14.

Jansen, R., et al.: Inside job: applying traffic analysis to measure tor from within. In: NDSS (2018)

15.

Johnson, A., et al.: Users get routed: traffic correlation on tor by realistic adversaries. In: ACM CCS (2013)

16.

Johnson, A., et al.: Avoiding the man on the wire: improving Tor’s security with trust-aware path selection. In: NDSS (2017)

17.

Juen, J., et al.: Defending Tor from network adversaries: a case study of network path prediction. In: PETS (2015)

18.

Mitseva, A., et al.: The state of affairs in BGP security: a survey of attacks and defenses. Comput. Commun. 124, 45–60 (2018)CrossRef

19.

Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: IEEE S&P (2005)

20.

Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 167–183. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75551-7_11CrossRef

21.

Nithyanand, R., et al.: Measuring and mitigating AS-level adversaries against Tor. In: NDSS (2016)

22.

Panchenko, A., et al.: Website fingerprinting at internet scale. In: NDSS (2016)

23.

Sun, Y., et al.: RAPTOR: routing attacks on privacy in Tor. In: USENIX Security (2015)

24.

Sun, Y., et al.: Counter-RAPTOR: safeguarding Tor against active routing attacks. In: IEEE S&P (2017)

25.

Tan, H., et al.: Data-plane defenses against routing attacks on Tor. In: PETS (2016)

26.

Tschantz, M.C., et al.: SoK: towards grounding censorship circumvention in empiricism. In: IEEE S&P (2016)

27.

Wacek, C., et al.: An empirical evaluation of relay selection in Tor. In: NDSS (2013)

28.

Wails, R., et al.: Tempest: temporal dynamics in anonymity systems. In: PETS (2018)

29.

Wan, G., et al.: Guard placement attacks on path selection algorithms for Tor. In: PETS (2019)

Title: Security and Performance Implications of BGP Rerouting-Resistant Guard Selection Algorithms for Tor
Authors: Asya Mitseva
Marharyta Aleksandrova
Thomas Engel
Andriy Panchenko
Publisher: Springer International Publishing
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-030-58200-5

Electronic ISBN: 978-3-030-58201-2

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-58201-2_15

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner