20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables

Aaron D. Jaggard 1 , Aaron Johnson 1 , Sarah Cortes 2 , Paul Syverson 1 ,  and Joan Feigenbaum 3
  • 1 U.S. Naval Research Laboratory
  • 2 Northeastern University
  • 3 Yale University


Motivated by the effectiveness of correlation attacks against Tor, the censorship arms race, and observations of malicious relays in Tor, we propose that Tor users capture their trust in network elements using probability distributions over the sets of elements observed by network adversaries. We present a modular system that allows users to efficiently and conveniently create such distributions and use them to improve their security. To illustrate this system, we present two novel types of adversaries. First, we study a powerful, pervasive adversary that can compromise an unknown number of Autonomous System organizations, Internet Exchange Point organizations, and Tor relay families. Second, we initiate the study of how an adversary might use Mutual Legal Assistance Treaties (MLATs) to enact surveillance. As part of this, we identify submarine cables as a potential subject of trust and incorporate data about these into our MLAT analysis by using them as a proxy for adversary power. Finally, we present preliminary experimental results that show the potential for our trust framework to be used by Tor clients and services to improve security.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] M. Akhoondi, C. Yu, and H. V. Madhyastha, In: S. Jha and W. Lee (Eds.), 2012 IEEE Symposium on Security and Privacy, May 21-23, 2012, San Francisco, USA (IEEE Computer Society, Los Alamitos, 2012) 476-490, DOI:10.1109/SP.2012.35

  • [2] Alcatel-Lucent, http://www.alcatel-lucent.com/press/2013/ 002779, accessed October 22, 2014

  • [3] B. Augustin, B. Krishnamurthy, and W. Willinger, In: A. Feldmann and L. Mathy (Eds.), 9th ACM SIGCOMM Internet Measurement Conference, November 4-6, 2009, Chicago, USA (ACM, New York, 2009) 336-349, DOI:10.1145/1644893.1644934

  • [4] A. Biryukov, I. Pustogarov, and R.-P. Weinmann, In: W. Lee, A. Perrig, and M. Backes (Eds.), 2013 IEEE Symposium on Security and Privacy, May 19-22, 2013, San Francisco, USA (IEEE Computer Society, Los Alamitos, 2013) 80-94, DOI:10.1109/SP.2013.15

  • [5] X. Cai, J. Heidemann, B. Krishnamurthy, and W. Willinger, USC/Information Sciences Institute Technical Report ISITR-2009-679, http://www.isi.edu/~johnh/PAPERS/Cai12b/ index.html

  • [6] X. Cai, X. C. Zhang, B. Joshi, and R. Johnson, In: G. Danezis and V. Gligor (Eds.), 2012 ACM Conference on Computer and Communications Security, October 16-18, 2012, Raleigh, USA (ACM, New York, 2012) 605-616, DOI:10.1145/2382196.2382260

  • [7] CAIDA, http://www.caida.org/data/as-relationships/

  • [8] CAIDA, http://www.caida.org/data/active/ipv4_routed_ 24_topology_dataset.xml

  • [9] S. Cortes, Database supporting http://www.mlat.is, accessed November 3, 2014.

  • [10] S. Cortes, Rich. J.L. & Tech. 22 (2015) (in press) SSRN abstract available at http://ssrn.com/abstract=2564218

  • [11] R. Dingledine and N. Mathewson, https://gitweb.torproject. org/torspec.git/blob_plain/HEAD:/path-spec.txt, accessed February 2014

  • [12] T. Elahi and I. Goldberg, University of Waterloo CACR Technical Report CACR 2012-33, http://cacr.uwaterloo.ca/ techreports/2012/cacr2012-33.pdf

  • [13] ESB Telecoms, http://www.esbtelecoms.ie/emerald_bridge/ overview.htm, accessed October 22, 2014

  • [14] J. Y. Halpern, Reasoning About Uncertainty (MIT Press, Cambridge, 2003)

  • [15] Y. He, M. Faloutsos, S. V. Krishnamurthy, and B. Huffaker, In: S. E. Watikins (Ed.), IEEE Global Telecommunications Conference, November 28-December 2, 2005, St. Louis, USA (IEEE, Piscataway, 2005) 904-909, DOI:10.1109/GLOCOM.2005.1577769

  • [16] Interchange, http://interchange.vu/benefits-for-vanuatu/, accessed October 22, 2014

  • [17] Interchange, http://interchange.vu, accessed October 22, 2014

  • [18] ISO 3166, Country codes

  • [19] A. D. Jaggard, A. Johnson, P. Syverson, and J. Feigenbaum, arXiv:1406.3583v1 [cs.CR], presented at HotPETs 2014

  • [20] A. Johnson and P. Syverson, In: J. Mitchell (Ed.), 22nd IEEE Computer Security Foundations Symposium, July 8-10, 2009, Port Jefferson, USA (IEEE Computer Society, Los Alamitos, 2009) 3-12, DOI:10.1109/CSF.2009.27

  • [21] A. Johnson, P. Syverson, R. Dingledine, and N. Mathewson, In: G. Danezis and V. Shmatikov (Eds.), 18th ACM Conference on Computer and Communications Security, October 17-21, 2011, Chicago, USA (ACM, New York, 2011) 175-186, DOI:10.1145/2046707.2046729

  • [22] A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson, In: V. Gligor and M. Yung (Eds.), 2013 ACM Conference on Computer and Communications Security, November 4-8, 2012, Berlin, Germany (ACM, New York, 2013) 337-348, DOI:10.1145/2508859.2516651

  • [23] J. Juen, A. Das, A. Johnson, N. Borisov, and M. Caesar, arXiv:1410.1823v2 [cs.CR]

  • [24] J. P. J. Juen, M.S. thesis, University of Illinois at Urbana- Champaign (Urbana-Champaign, USA, 2012)

  • [25] G. Mahlknecht, http://cablemap.info, accessed October 8, 2014

  • [26] MaxMind, http://dev.maxmind.com/geoip/legacy/geolite/

  • [27] Submarine Telecoms Forum, Inc., http://subtelforum.com/ Issue11/, accessed October 17, 2014

  • [28] P. Syverson, G. Tsudik, M. Reed, and C. Landwehr, In: H. Federrath (Ed.), Designing Privacy Enhancing Technologies (Springer Verlag, Heidelberg, 2001) 96-114, DOI:10.1007/3-540-44702-4_6

  • [29] TeleGeography, https://github.com/telegeography/www. submarinecablemap.com/

  • [30] The Tor Project, Inc., https://metrics.torproject.org/, accessed April 2014

  • [31] University of Oregon, http://www.routeviews.org/

  • [32] P. Winter and S. Lindskog, Spoiled onions: Exposing malicious Tor exit relays, arXiv:1401.4917v1 [cs.CR]


Journal + Issues