DeNASA: Destination-Naive AS-Awareness in Anonymous Communications

Armon Barton 1  and Matthew Wright 1
  • 1 UT Arlington


Prior approaches to AS-aware path selection in Tor do not consider node bandwidth or the other characteristics that Tor uses to ensure load balancing and quality of service. Further, since the AS path from the client’s exit to her destination can only be inferred once the destination is known, the prior approaches may have problems constructing circuits in advance, which is important for Tor performance. In this paper, we propose and evaluate DeNASA, a new approach to AS-aware path selection that is destination-naive, in that it does not need to know the client’s destination to pick paths, and that takes advantage of Tor’s circuit selection algorithm. To this end, we first identify the most probable ASes to be traversed by Tor streams. We call this set of ASes the Suspect AS list and find that it consists of eight highest ranking Tier 1 ASes. Then, we test the accuracy of Qiu and Gao AS-level path inference on identifying the presence of these ASes in the path, and we show that inference accuracy is 90%. We develop an AS-aware algorithm called DeNASA that uses Qiu and Gao inference to avoid Suspect ASes. DeNASA reduces Tor stream vulnerability by 74%. We also show that DeNASA has performance similar to Tor. Due to the destination-naive property, time to first byte (TTFB) is close to Tor’s, and due to leveraging Tor’s bandwidth-weighted relay selection, time to last byte (TTLB) is also similar to Tor’s.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Masoud Akhoondi, Chu Yu, and Harsha V Madhyastha. LASTor: A low-latency AS-aware Tor client. In IEEE S&P, 2012.

  • [2] Alexa top sites., June 2015.

  • [3] bgpVista. Swordqiu, March 2015.

  • [4] Nikita Borisov, George Danezis, Prateek Mittal, and Parisa Tabriz. Denial of service or denial of security? In CCS, 2007.

  • [5] CAIDA. CAIDA AS ranking, June 2015.

  • [6] CAIDA. The CAIDA UCSD IPv4 routed /24 topology dataset, June 2015.

  • [7] CAIDA. The CAIDA AS relationships, January 2016. http: //

  • [8] Claudia Diaz, Stefaan Seys, Joris Claessens, and Bart Preneel. Towards measuring anonymity. In PETS, 2003.

  • [9] Roger Dingledine, Nicholas Hopper, George Kadianakis, and Nick Mathewson. One fast guard for life (or 9 months). In HotPETs, 2014.

  • [10] Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. In USENIX Security, 2004.

  • [11] Matthew Edman and Paul Syverson. AS-awareness in Tor path selection. In CCS, 2009.

  • [12] Nick Feamster and Roger Dingledine. Location diversity in anonymity networks. In WPES, 2004.

  • [13] Lixin Gao. On inferring autonomous system relationships in the Internet. ACM/IEEE Transactions on Networks (TON), 9(6), 2001.

  • [14] Jamie Hayes and George Danezis. Guard sets for onion routing. In PETS, 2015.

  • [15] Tor Project Inc. Tor Metrics, June 2015.

  • [16] Rob Jansen, Kevin S Bauer, Nicholas Hopper, and Roger Dingledine. Methodically modeling the Tor network. In CSET, 2012.

  • [17] Rob Jansen, John Geddes, Chris Wacek, Micah Sherr, and Paul Syverson. Never been KIST: Tor's congestion man- agement blossoms with kernel-informed socket transport. In USENIX Security, 2014.

  • [18] Rob Jansen and Nicholas Hopper. Shadow: Running Tor in a box for accurate and efficient experimentation. In NDSS, 2012.

  • [19] Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. Users get routed: Traffic correlation on Tor by realistic adversaries. In CCS, 2013.

  • [20] Joshua Juen. Protecting anonymity in the presence of autonomous system and Internet exchange level adversaries. Master's thesis, University of Illinois,, 2012.

  • [21] Joshua Juen, Aaron Johnson, Anupam Das, Nikita Borisov, and Matthew Caesar. Defending Tor from network adver- saries: A case study of network path prediction. In PETS, 2015.

  • [22] Z Morley Mao, Lili Qiu, Jia Wang, and Yin Zhang. On AS- level path inference. In SIGMETRICS, 2005.

  • [23] Zhuoqing Morley Mao, Jennifer Rexford, Jia Wang, and Randy H Katz. Towards an accurate AS-level traceroute tool. In SIGCOMM, 2003.

  • [24] Steven J Murdoch and George Danezis. Low-cost traffic analysis of Tor. In IEEE S&P, 2005.

  • [25] Steven J Murdoch and Piotr Zielinski. Sampled traffic analysis by Internet-exchange-level adversaries. In PETS, 2007.

  • [26] Lasse Overlier and Paul Syverson. Locating hidden servers. In IEEE S&P, 2006.

  • [27] Jian Qiu and Lixin Gao. Cam04-4: AS path inference by exploiting known AS paths. In GLOBECOM, 2006.

  • [28] Oleksii Starov, Rishab Nithyanand, Adva Zair, Phillipa Gill, and Michael Schapira. Measuring and mitigating AS-level adversaries against Tor. In NDSS, 2016.

  • [29] Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, and Prateek Mittal. RAP- TOR: Routing attacks on privacy in Tor. In USENIX Security, 2015.

  • [30] Paul Syverson, Gene Tsudik, Michael Reed, and Carl Landwehr. Towards an analysis of onion routing security. In Designing Privacy Enhancing Technologies, 2001.

  • [31] TorPS. TorPS: The Tor path simulator.

  • [32] Chris Wacek, Henry Tan, Kevin S Bauer, and Micah Sherr. An empirical evaluation of relay selection in Tor. In NDSS, 2013.

  • [33] Matthew Wright, Micah Adler, Brian N Levine, and Clay Shields. Defending anonymous communications against passive logging attacks. In IEEE S&P, 2003.

  • [34] Matthew K Wright, Micah Adler, Brian Neil Levine, and Clay Shields. The predecessor attack: An analysis of a threat to anonymous communications systems. TISSEC, 7(4), 2004.

  • [35] Matthew K Wright, Micah Adler, Brian Neil Levine, and Clay Shields. Passive-logging attacks against anonymous communications systems. TISSEC, 11(2), 2008.


Journal + Issues