Defending Tor from Network Adversaries: A Case Study of Network Path Prediction

Juen, Joshua; Johnson, Aaron M.; Das, Anupam; Borisov, Nikita; Caesar, Matthew

doi:10.1515/popets-2015-0021

Cited by 33 publications

(35 citation statements)

References 34 publications

(70 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Once routing alternatives are known the question remains: Which route to choose? Thus typically, a centralized server is considered that can "rank" routing options to allow for path optimization with respect to adversaries [2,12,61,86], performance [143,144,159], or with respect to users' reputation [165]. Such a centralized ranking approach has been shown to be vulnerable to attacks [14,22].…”

Section: Centralization Of Network Information and Computationsmentioning

confidence: 99%

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Troncoso

Isaakidis

Danezis

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems.

show abstract

Section: Centralization Of Network Information and Computationsmentioning

confidence: 99%

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Troncoso

Isaakidis

Danezis

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…Similar to several prior works [11,20,21], we use Qiu and Gao's method for AS-level path inference [27]. Comparably to the recent work of Starov et al, we assume that adversaries can perform asymmetric traffic analysis attacks to deanonymize users.…”

Section: Studies Of the Threatmentioning

confidence: 99%

“…The accuracy of Qiu and Gao AS-level path inference with regards to assessing Tor has been recently questioned by Juen et al [21]. They find that only 20% of inferred paths match paths acquired from traceroute measurements and that Qiu and Gao path inference significantly overestimates the number of ASes traversed by Tor traffic.…”

Section: Qiu and Gao Accuracymentioning

confidence: 99%

See 1 more Smart Citation

DeNASA: Destination-Naive AS-Awareness in Anonymous Communications

Barton

Wright

2016

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Prior approaches to AS-aware path selection in Tor do not consider node bandwidth or the other characteristics that Tor uses to ensure load balancing and quality of service. Further, since the AS path from the client's exit to her destination can only be inferred once the destination is known, the prior approaches may have problems constructing circuits in advance, which is important for Tor performance. In this paper, we propose and evaluate DeNASA, a new approach to ASaware path selection that is destination-naive, in that it does not need to know the client's destination to pick paths, and that takes advantage of Tor's circuit selection algorithm. To this end, we first identify the most probable ASes to be traversed by Tor streams. We call this set of ASes the Suspect AS list and find that it consists of eight highest ranking Tier 1 ASes. Then, we test the accuracy of Qiu and Gao AS-level path inference on identifying the presence of these ASes in the path, and we show that inference accuracy is 90%. We develop an AS-aware algorithm called DeNASA that uses Qiu and Gao inference to avoid Suspect ASes. DeNASA reduces Tor stream vulnerability by 74%. We also show that DeNASA has performance similar to Tor. Due to the destination-naive property, time to first byte (TTFB) is close to Tor's, and due to leveraging Tor's bandwidthweighted relay selection, time to last byte (TTLB) is also similar to Tor's.

show abstract

“…We use the routing policies and algorithmic simulations [22] as described above to compute routes between pairs of ASes using the AS-level topology published by CAIDA [23]. AS-level path prediction between a source and destination is a thorny issue, for example the recent work from Juen, et al [26] shows that the paths predicted by BGP-based path prediction vary significantly from traceroute-based path prediction. However, our BGP-based path prediction toolkit makes use of the state-of-the-art in path inference and ASrelationship inference that have both been extensively validated with empirical measurements by Anwar et al [10] and Giotsas et al [23].…”

Section: A Predicting Potential Attacker Asesmentioning

confidence: 99%

Measuring and Mitigating AS-level Adversaries Against Tor

Nithyanand

Starov

Zair

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

The popularity of Tor as an anonymity system has made it a popular target for a variety of attacks. We focus on traffic correlation attacks, which are no longer solely in the realm of academic research with recent revelations about the NSA and GCHQ actively working to implement them in practice.Our first contribution is an empirical study that allows us to gain a high fidelity snapshot of the threat of traffic correlation attacks in the wild. We find that up to 40% of all circuits created by Tor are vulnerable to attacks by traffic correlation from Autonomous System (AS)-level adversaries, 42% from colluding AS-level adversaries, and 85% from statelevel adversaries. In addition, we find that in some regions (notably, China and Iran) there exist many cases where over 95% of all possible circuits are vulnerable to correlation attacks, emphasizing the need for AS-aware relay-selection.To mitigate the threat of such attacks, we build Astoria-an AS-aware Tor client. Astoria leverages recent developments in network measurement to perform path-prediction and intelligent relay selection. Astoria reduces the number of vulnerable circuits to 2% against AS-level adversaries, under 5% against colluding AS-level adversaries, and 25% against state-level adversaries. In addition, Astoria load balances across the Tor network so as to not overload any set of relays.

show abstract

Defending Tor from Network Adversaries: A Case Study of Network Path Prediction

Cited by 33 publications

References 34 publications

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

DeNASA: Destination-Naive AS-Awareness in Anonymous Communications

Measuring and Mitigating AS-level Adversaries Against Tor

Contact Info

Product

Resources

About