Guard Placement Attacks on Path Selection Algorithms for Tor

Open access

Abstract

The popularity of Tor has made it an attractive target for a variety of deanonymization and fingerprinting attacks. Location-based path selection algorithms have been proposed as a countermeasure to defend against such attacks. However, adversaries can exploit the location-awareness of these algorithms by strategically placing relays in locations that increase their chances of being selected as a client’s guard. Being chosen as a guard facilitates website fingerprinting and traffic correlation attacks over extended time periods. In this work, we rigorously define and analyze the guard placement attack. We present novel guard placement attacks and show that three state-of-the-art path selection algorithms—Counter-RAPTOR, DeNASA, and LASTor—are vulnerable to these attacks, overcoming defenses considered by all three systems. For instance, in one attack, we show that an adversary contributing only 0.216% of Tor’s total bandwidth can attain an average selection probability of 18.22%, 84× higher than what it would be under Tor currently. Our findings indicate that existing location-based path selection algorithms allow guards to achieve disproportionately high selection probabilities relative to the cost required to run the guard. Finally, we propose and evaluate a generic defense mechanism that provably defends any path selection algorithm against guard placement attacks. We run our defense mechanism on each of the three path selection algorithms, and find that our mechanism significantly enhances the security of these algorithms against guard placement attacks with only minimal impact to the goals or performance of the original algorithms.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Masoud Akhoondi Curtis Yu and Harsha V. Madhyastha. LASTor: A Low-latency AS-aware Tor Client. IEEE/ACM Transactions on Networking 22(6) 2014.

  • [2] Mashael AlSabah Kevin Bauer Tariq Elahi and Ian Goldberg. The Path Less Travelled: Overcoming Tor’s Bottlenecks with Traffic Splitting. In Privacy Enhancing Technologies 2013.

  • [3] Michael Backes Sebastian Meiser and Marcin Slowik. Your choice mator (s). Proceedings on Privacy Enhancing Technologies 2016(2) 2016.

  • [4] Armon Barton Mohsen Imani Jiang Ming and Matthew Wright. Towards Predicting Efficient and Anonymous Tor Circuits. In Proceedings of the 27th USENIX Conference on Security Symposium 2018.

  • [5] Armon Barton and Matthew Wright. DeNASA: Destination-Naive AS-Awareness in Anonymous Communications. In Proceedings on Privacy Enhancing Technologies 2016.

  • [6] Kevin Bauer Damon McCoy Dirk Grunwald Tadayoshi Kohno and Douglas Sicker. Low-resource Routing Attacks Against Tor. In Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society WPES ’07 2007.

  • [7] Xiang Cai Rishab Nithyanand Tao Wang Rob Johnson and Ian Goldberg. A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. In ACM Conference on Computer and Communications Security (CCS) 2014.

  • [8] CAIDA Data. http://www.caida.org/data.

  • [9] Roger Dingledine and George Kadianakis. One fast guard for life (or 9 months). In HotPETs 2014.

  • [10] Roger Dingledine Nick Mathewson and Paul Syverson. Tor: The Second-generation Onion Router. In Proceedings of the 13th Conference on USENIX Security Symposium 2004.

  • [11] John R. Douceur. The Sybil Attack. In Revised Papers from the First International Workshop on Peer-to-Peer Systems 2002.

  • [12] Kevin P. Dyer Scott E. Coull Thomas Ristenpart and Thomas Shrimpton. Peek-a-Boo I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In Proceedings of the 2012 IEEE Symposium on Security and Privacy SP ’12 2012.

  • [13] Matthew Edman and Paul Syverson. AS-awareness in Tor Path Selection. In Proceedings of the 16th ACM Conference on Computer and Communications Security CCS ’09 2009.

  • [14] Tariq Elahi Kevin Bauer Mashael AlSabah Roger Dingledine and Ian Goldberg. Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society WPES ’12 2012.

  • [15] Nick Feamster and Roger Dingledine. Location Diversity in Anonymity Networks. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society WPES ’04 2004.

  • [16] Lixin Gao and Jennifer Rexford. Stable Internet Routing Without Global Coordination. IEEE/AM Transactions on Networking 9(6) 2001.

  • [17] David M. Goldschlag Michael G. Reed and Paul F. Syverson. Hiding Routing Information. In Proceedings of the First International Workshop on Information Hiding 1996.

  • [18] Jamie Hayes and George Danezis. k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. In 25th USENIX Security Symposium (USENIX Security 16) 2016.

  • [19] Andrew Hintz. Fingerprinting Websites Using Traffic Analysis. In Proceedings of the 2nd International Conference on Privacy Enhancing Technologies 2003.

  • [20] Rob Jansen Tavish Vaidya and Micah Sherr. Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor. In 28th USENIX Security Symposium 2019.

  • [21] Aaron Johnson Chris Wacek Rob Jansen Micah Sherr and Paul Syverson. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries. In ACM Conference on Computer and Communications Security (CCS) CCS ’13 2013.

  • [22] Marc Juarez Sadia Afroz Gunes Acar Claudia Diaz and Rachel Greenstadt. A Critical Evaluation of Website Fingerprinting Attacks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security CCS ’14 2014.

  • [23] Joshua Juen. Protecting anonymity in the presence of Autonomous System and Internet exchange level adversaries. Master’s thesis University of Illinois at Urbana-Champaign 2012.

  • [24] Shuai Li Huajun Guo and Nicholas Hopper. Measuring Information Leakage in Website Fingerprinting Attacks and Defenses. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security 2018.

  • [25] Maxmind GeoLite2 Database. https://dev.maxmind.com/geoip/geoip2/geolite2/.

  • [26] Steven J. Murdoch and George Danezis. Low-Cost Traffic Analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy SP ’05 2005.

  • [27] Steven J. Murdoch and Piotr Zieliński. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries. In Privacy Enhancing Technologies Symposium (PETS) 2007.

  • [28] Milad Nasr Alireza Bahramali and Amir Houmansadr. DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security 2018.

  • [29] Milad Nasr Amir Houmansadr and Arya Mazumdar. Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security CCS ’17 2017.

  • [30] Rishab Nithyanand Oleksii Starov Adva Zair Phillipa Gill and Michael Schapira. Measuring and mitigating AS-level adversaries against Tor. In Symposium on Network and Distributed System Security (NDSS) 2016.

  • [31] Lasse Overlier and Paul Syverson. Locating Hidden Servers. In Proceedings of the 2006 IEEE Symposium on Security and Privacy 2006.

  • [32] Andriy Panchenko Fabian Lanze Jan Pennekamp Thomas Engel Andreas Zinnen Martin Henze and Klaus Wehrle. Website Fingerprinting at Internet Scale. In Symposium on Network and Distributed System Security (NDSS) 2016.

  • [33] Andriy Panchenko Lukas Niessen Andreas Zinnen and Thomas Engel. Website Fingerprinting in Onion Routing Based Anonymization Networks. In Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society WPES ’11 2011.

  • [34] Mike Perry. TorFlow: Tor Network Analysis. In HotPETs 2009.

  • [35] Vera Rimmer Davy Preuveneers Marc Juárez Tom van Goethem and Wouter Joosen. Automated Website Fingerprinting through Deep Learning. In Symposium on Network and Distributed System Security (NDSS) 2018.

  • [36] Florentin Rochet and Olivier Pereira. Waterfilling: Balancing the Tor network with maximum diversity. Proceedings on Privacy Enhancing Technologies 2017(2) 2017.

  • [37] Micah Sherr Matt Blaze and Boon Thau Loo. Scalable Link-Based Relay Selection for Anonymous Routing. In Proceedings of the 9th International Symposium on Privacy Enhancing Technologies 2009.

  • [38] Payap Sirinam Mohsen Imani Marc Juarez and Matthew Wright. Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security 2018.

  • [39] Robin Snader and Nikita Borisov. A Tune-up for Tor: Improving Security and Performance in the Tor Network. In Proceedings of 16th Annual Network and Distributed System Security Symposium 2008.

  • [40] Yixin Sun Anne Edmundson Nick Feamster Mung Chiang and Prateek Mittal. Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks. In IEEE Symposium on Security and Privacy 2017.

  • [41] Yixin Sun Anne Edmundson Laurent Vanbever Oscar Li Jennifer Rexford Mung Chiang and Prateek Mittal. RAPTOR: Routing Attacks on Privacy in Tor. In Proceedings of the 24th USENIX Conference on Security Symposium SEC’15 2015.

  • [42] Paul Syverson Gene Tsudik Michael Reed and Carl Landwehr. Towards an Analysis of Onion Routing Security. In International Workshop on Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobservability 2001.

  • [43] Team-Cymru. http://www.team-cymru.com.

  • [44] CollecTor - Tor Project. https://metrics.torproject.org/collector.html.

  • [45] Tor Directory Protocol. https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt.

  • [46] Tor Guard Specification. https://gitweb.torproject.org/torspec.git/tree/guard-spec.txt.

  • [47] Tor Metrics Portal. https://metrics.torproject.org/.

  • [48] Torflow Protocol Specification. https://gitweb.torproject.org/torflow.git/tree/NetworkScanners/BwAuthority/README.spec.txt.

  • [49] Yves Tillé. An elimination procedure of unequal probability sampling without replacement. Biometrika 83 1996.

  • [50] Thaddeus Vincenty. Direct and Inverse Solutions of Geodesics on the Ellipsoid with Application of Nested Equations. In Survey Review 1975.

  • [51] Ryan Wails Yixin Sun Aaron Johnson Mung Chiang and Prateek Mittal. Tempest: Temporal Dynamics in Anonymity Systems. In Privacy Enhancing Technologies Symposium (PETS) 2018.

  • [52] Tao Wang Kevin Bauer Clara Forero and Ian Goldberg. Congestion-Aware Path Selection for Tor. In International Conference on Financial Cryptography and Data Security 2012.

  • [53] Tao Wang Xiang Cai Rishab Nithyanand Rob Johnson and Ian Goldberg. Effective Attacks and Provable Defenses for Website Fingerprinting. In USENIX Security Symposium 2014.

  • [54] Tao Wang and Ian Goldberg. Improved Website Fingerprinting on Tor. In Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society WPES ’13 2013.

  • [55] Tao Wang and Ian Goldberg. On realistically attacking Tor with website fingerprinting. In Privacy Enhancing Technologies Symposium (PETS) 2016.

  • [56] Tao Wang and Ian Goldberg. Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks. In 26th USENIX Security Symposium (USENIX Security 17) 2017.

  • [57] Philipp Winter Roya Ensafi Karsten Loesing and Nick Feamster. Identifying and Characterizing Sybils in the Tor Network. In 25th USENIX Security Symposium (USENIX Security 16) 2016.

  • [58] Philipp Winter and Stefan Lindskog. Spoiled Onions: Exposing Malicious Tor Exit Relays. In Privacy Enhancing Technologies Symposium (PETS) 2014.

  • [59] Matthew Wright Micah Adler Brian N. Levine and Clay Shields. Defending Anonymous Communications Against Passive Logging Attacks. In Proceedings of the 2003 IEEE Symposium on Security and Privacy SP ’03 2003.

Search
Journal information
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 112 112 32
PDF Downloads 56 56 15