Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Similar documents
Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

2 ND GENERATION ONION ROUTER

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

A SIMPLE INTRODUCTION TO TOR

Anonymous communications: Crowds and Tor

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

CE Advanced Network Security Anonymity II

Anonymity. Assumption: If we know IP address, we know identity

CS526: Information security

Low-Cost Traffic Analysis of Tor

0x1A Great Papers in Computer Security

Privacy defense on the Internet. Csaba Kiraly

Tor: The Second-Generation Onion Router

ENEE 459-C Computer Security. Security protocols

Protocols for Anonymous Communication

ENEE 459-C Computer Security. Security protocols (continued)

Tor: An Anonymizing Overlay Network for TCP

Analysing Onion Routing Bachelor-Thesis

Anonymity Analysis of TOR in Omnet++

Onion services. Philipp Winter Nov 30, 2015

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

CS Paul Krzyzanowski

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

Challenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

anonymous routing and mix nets (Tor) Yongdae Kim

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

CS6740: Network security

LINKING TOR CIRCUITS

The New Cell-Counting-Based Against Anonymous Proxy

Pluggable Transports Roadmap

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

A New Replay Attack Against Anonymous Communication Networks

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks

The Loopix Anonymity System

CS 134 Winter Privacy and Anonymity

What's the buzz about HORNET?

Achieving Privacy in Mesh Networks

Analysis on End-to-End Node Selection Probability in Tor Network

Anonymity and Privacy

PrivCount: A Distributed System for Safely Measuring Tor

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Introduction to Network. Topics

Tor: Online anonymity, privacy, and security.

Thinking Different. Assumptions about Operating Environments

Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

Cryptanalysis of a fair anonymity for the tor network

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen. 20 June 2017 EPFL Summer Research Institute

UNIT IV -- TRANSPORT LAYER

Practical Anonymity for the Masses with MorphMix

How Alice and Bob meet if they don t like onions

Computer Networks 57 (2013) Contents lists available at SciVerse ScienceDirect. Computer Networks

Anonymous Communications

ELEC5616 COMPUTER & NETWORK SECURITY

VPN Overview. VPN Types

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Toward Improving Path Selection in Tor

Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks

ANONYMOUS CONNECTIONS AND ONION ROUTING

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Anonymous Connections and Onion Routing

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems

Sample excerpt. Virtual Private Networks. Contents

Share Count Analysis HEADERS

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Performance Evaluation of Tor Hidden Services


CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P

Networking interview questions

RAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with

CSC Network Security

Research Collection. Systematic Testing of Tor. Master Thesis. ETH Library. Author(s): Lazzari, Marco. Publication Date: 2014

Thinking Different. Assumptions about Operating Environments. We always make assumptions about operating environments

Anonymity. With material from: Dave Levin and Michelle Mazurek

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Student ID: CS457: Computer Networking Date: 5/8/2007 Name:

The Onion Routing Performance using Shadowplugin-TOR

A Report on Modified Onion Routing and its Proof of Concept

Locating Hidden Servers

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF

Improving stream correlation attacks on anonymous networks

Mixminion: Design of a Type III Anonymous R er Protocol

Metrics for Security and Performance in Low-Latency Anonymity Systems

Anonymity Tor Overview

Herbivore: An Anonymous Information Sharing System

Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100

BBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1

Transcription:

Anonymity C S 6 8 2 A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L 2 0 1 9

Tor: The Second- Generation Onion Router R. DINGLEDINE N. MATHEWSON P. SYVERSON

So, what is Onion-Routing? A technique for Anonymous communication over a computer network. Encrypting a message like an onion(??) What is Anonymity? Maintaining (real-world) identity hidden while using web services.

Anonymity Systems Chaum s Mix-Net Design Hiding correspondence between sender and receiver by wrapping messages in layers of public key encryption These messages would traverse a series of mixes enroute to the receiver Mixes decrypt, delay and re-order messages before passing the onward High Latency = More Security Max Anonymity ->Large Latencies Network Resist on Global Adversaries Too much lag for some TCP apps Low Latency = Less Security (Tor) Time dependent packets Bidirectional protocols Time dependency is a concern

Why Tor? Perfect forward secrecy Recording of traffic -> Telescoping path-building design Separation of protocol cleaning from anonymity Original routing required separate application proxy -> Tor uses Standard SOCKS proxy Many TCP streams can share one circuit Separate circuits for each TCP app -> Tor multiplexes multiple TCP streams. Leaky-pipe circuit topology Tor initiators can direct traffic nodes partway down circuit Congestion control End-to-end ACKs -> maintain anonymity while allowing edge nodes to detect congestion or flooding

Why Tor? Directory servers Tor uses trusted nodes as Directory Servers to provide network state Variable exit policies Provides a mechanism to advertise policies, describing hosts and ports a node connects End-to-end integrity checking No integrity checking -> Tor verifies data integrity before it leaves Rendezvous points and hidden services Tor clients negotiate rendezvous points to connect to hidden servers

Tor Design: Goals & Non-Goals Goals Deployability: 1. Not expensive to run 2. No heavy liability on operators 3. Not be difficult or expensive to implement 4. Not require non-anonymous parties Usability: (More users -> More security Thus,) 1. Not require modifying familiar application 2. Not introduce prohibitive delays 3. Few configuration decisions as possible 4. Easily implementable on all common platforms Flexibility: 1. Tor serve as a test-bed for future research 2. Future systems will not need to reinvent Tor s design Simple Design: 1. Design and security must be well understood 2. Aim to deploy a simple and stable system that integrates the best accepted approaches to protecting anonymity

Tor Design: Goals & Non-Goals Non - Goals Not peer-to-peer: Decentralizing peer-to-peer environment with thousands of short-lived severs that may be controlled by adversaries. Not secured against end-to-end attacks No protocol normalization: Tor has to be layered with filtering proxy to get anonymity while using complex and variable protocols like HTTP. Not steganographic: No conceal on who is connected to the network.

The Tor Design Each user runs local software called Onion Proxy(OP) that is responsible for Fetching OR directories, establishing circuits, handling connections from applications Onion router (OR) keys: Long-term identity key: signs TLS certificates, OR descriptors and directories if applicable Short-term onion key: used with circuit establishment requests Short-term TLS Key: link level between ORs

The Tor Design: Cells Traffic passes along in fixed-size cells of 512 bytes. Two kind of cells: Control and Relay CircID: Which circuit the cell refers to. Control commands(cmd): Padding (keepalive) Create/ed (set up a circuit) Destroy (tear down a circuit) Relay Cells have additional header: streamid, end-to-end checksum for integrity checking, length of the relay payload, and a relay command Relay commands: Relay data, relay begin, relay end, relay teardown, relay connected, relay extend/ed, relay truncate/ed, relay sendme, relay drop

The Tor Design: Circuits and Streams

The Tor Design: Leaky-Pipe Circuits

The Tor Design: Integrity Checking Check Integrity at the edges of each stream Initial SHA-1 digest set at the time of key negotiation as a derivative of negotiated key Digest added incrementally to all relay cells exchanged First 4 bytes of current digest added to each cell Digest is encrypted as part of the relay header

The Tor Design: Rate Limiting & Fairness Volunteers are more willing to run services that can limit their bandwidth usage (token byte approach) Limit number of incoming bytes not to overwhelm volunteer ORs Preferential treatment of interactive streams Preferential treatment presents a possible end-to-end attack

The Tor Design: Congestion Control Needed in addition to bandwidth rate limiting to prevent circuit congestion Additional to TCP congestion control Two-fold congestion control: Circuit-level throttling & Stream-level throttling Packaging: tracks number of cells packaged by the OR and directed towards the OP Delivery: tracks number of cells OR is willing to deliver outside the network Each window is initialized to maximum allowable value of 1000. When a certain block of cells (100) is packaged or delivered, the window size is decremented The OR sends a relay sendme towards the client s OP The receiving OR increments its window size by the block size (100 in this case)

The Tor Design: Congestion Control

Rendezvous Points & Hidden Services The server advertises a set of ORs as introduction points (IP) The client chooses an OR as a rendezvous point (RP) and builds a circuit to it The client contacts one of service provider s IP and informs it of its RP If the service provider wants to respond to the client, it builds a circuit to the client s RP The RP connects the client s circuit to the service provider s circuit The client send a relay begin cell to the service provider over the established circuit..and they communicate as explained before

Exit Policies & Abuse Anonymity permits abusers to hide the origins of their activity Attackers can implicate exit nodes for their abuse Tor allows each OR to specify an exit policy that describes which external addresses and ports it will connect Open exit nodes will connect to anywhere Middleman nodes only relay traffic to other Tor nodes Private exit nodes only connect to a local host or network Restricted exit nodes prevent access to abuse-prone addresses and services

Directory Servers Directories in Tor are a small group of redundant well-known onion routers to track changes in the topology of the network and the node state Each directory acts as an HTTP server, clients fetch network info ORs post signed statements to the directories They must be synchronized Tor assumes that a threshold of participants agree on the set of directory servers with human administrators resolving problems when consensus cannot be reached

Attacks: Passive Observing User traffic patterns Traffic patterns Yes, Destination or Data No Observing User Content: To responders may not be encrypted Option distinguishability: Clients choose if they want to rotate circuits more often to avoid traceability End-to-End timing correlation: Minimally hides such correlations End-to-End size correlation: Just like timing Website Fingerprinting: Build a database of Fingerprints for a website and use that info to confirm a user s connection

Attacks: Active Compromise Keys Iterated compromise: Adversary has to complete this attack within the lifetime of the circuit. Run a recipient Run an onion proxy: Compromising an onion proxy DoS non observed nodes: Observer DoSes non-observed nodes so that nodes he observes become more busy Run a Hostile OR Tagging attacks Integrity checks prevent this attack

Attacks: Active Replace contents of unauthenticated protocols: Prefer protocols with End-to-End authentication Replay Attack: Replaying one side of the handshake will result in a different negotiated session key Smear Attack: Use the Tor network for socially disapproved acts. Exit policies Distribute Hostile Node: Running subverted Tor software Signing all Tor releases with official public key

Attacks: Directory Destroy directory servers: Other directory servers will decide a valid directory Subvert a directory server: Majority of votes to reach decision Subvert a majority of directory servers: Oh well Encourage directory server dissent: Fight of the directories. Tor does not address this attack Trick the directory servers into listing a hostile OR Operators will filter out most hostiles ORs Convince the directory that a malfunctioning OR is working Directory servers assume that an OR is running correctly if they can start a TLS connection to it.

Attacks: Rendezvous Points Make many introduction requests: Attacker floods Bob s IP. Block requests that lack authorization tokens Attack an IP: Simply re-advertise new. Compromise an IP: Flood Bob with introduction requests or prevent valid ones. Close circuit or periodically send rendezvous requests Compromise a RP: Encrypted

Tor in the wild (of 2004) 32 Nodes Each node has at least 768Kb/768Kb connection Several companies have taken use of Tor Processed 800,000 relay cells per week

Conclusions When designing anonymity preserving systems, the main challenge is striking balance between scalability, decentralization and privacy Tor adds several enhancements to the original Onion Routing system, but there are still many open issues, vulnerabilities and areas of future work More information is needed about the selection of volunteer ORs and circuit establishment.

Low-Cost Traffic Analysis of Tor STEVEN MURDOCH GEORGE DANEZIS

What is this paper about? Attack on Tor, using Tor itself. Traffic Analysis attack as we discussed earlier and linkability.

Traffic Analysis on Tor Using the ability to route over Tor a modest adversary can still detect the path that target connections are using. Due to the low-latency design, Tor does not use any batching strategy. This means that the load on a Tor node affects the latency of all connection streams through that node.

The Attack Setup Adversary controls a network server and a corrupt Tor node The victim uses this network server through the Tor network. The corrupt server sends short bursts of data to the user.

The Attack Setup Goal: Identify which nodes are carrying the traffic with the pattern For each node, they performed a test where the stream went through the target node and one where it s not. Obviously for this to be a success, the traffic modulation and probe latency in the first case should be higher than the second one. If this is not the case, then either the stream was not affected (false negatives) or echos of the victim stream and affected the probe stream (false positives) The was done on a Debian GNU/Linux 3.0 using Tor 0.0.9. OR was setup to be a client only that chooses routes of 1 The corrupt server was simulated by a TCP server that sent pseudorandom generated data for random time periods.

Results

Results

Discussion Timing characteristics of streams are not substantially altered is no surprise. Tor s low latency is a requirement. Interference in timing might be a good solution. Perfect-interference: The output streams all have the same shape, or a random one. BUT, Latency++. Non-interference: Difficult to implement. But will be easier for adversaries Linkability: A variant of this attack can be used to determine if two streams belong to the same initiator. Also more nodes!= Better Anonymity

Variants of the Attacks Detect the effects on request sent from the initiator when modulating traffic into a loop. Alternatively the adversary can probe all nodes and observe the result. This test can be used to eliminate nodes that are NOT on the path. Then repeat until you get 3 nodes. Another attack is to DoS attack the server and watch the load of the victim for correlations. At what cost? O(N)

Understanding the Artifacts If a different stream is relayed will delay the probe stream and leak information on latency. Also the OS, Memory Management, TCP protocol etc. could delay and give information.

Conclusions This kind of attack can be performed by a modest adversary. This attack does not give away the originator of the communication, however, it gives information about the path. All of the strategies involve an increase in latency.

Any questions? I promise you I won t tell anyone.

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback