Sciendo Logo
  1. bookVolume 2015 (2015): Issue 2 (June 2015)
Proceedings on Privacy Enhancing Technologies's Cover Image
Proceedings on Privacy Enhancing Technologies
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Defending Tor from Network Adversaries: A Case Study of Network Path Prediction

Joshua Juen,
Joshua Juen,
Aaron Johnson,
Aaron Johnson,
Anupam Das,
Anupam Das,
Nikita Borisov and
Nikita Borisov and
Matthew Caesar
Matthew Caesar
Published Online: 22 Jun 2015
Volume & Issue: Volume 2015 (2015) - Issue 2 (June 2015)
Page range: 171 - 187
Received: 15 Feb 2015
Accepted: 15 May 2015
Proceedings on Privacy Enhancing Technologies's Cover Image
Proceedings on Privacy Enhancing Technologies
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

The Tor anonymity network has been shown vulnerable to traffic analysis attacks by autonomous systems (ASes) and Internet exchanges (IXes), which can observe different overlay hops belonging to the same circuit. We evaluate whether network path prediction techniques provide an accurate picture of the threat from such adversaries, and whether they can be used to avoid this threat. We perform a measurement study by collecting 17.2 million traceroutes from Tor relays to destinations around the Internet. We compare the collected traceroute paths to predicted paths using state-of-the-art path inference techniques. We find that traceroutes present a very different picture, with the set of ASes seen in the traceroute path differing from the predicted path 80% of the time. We also consider the impact that prediction errors have on Tor security. Using a simulator to choose paths over a week, our traceroutes indicate a user has nearly a 100% chance of at least one compromise in a week with 11% of total paths containing an AS compromise and less than 1% containing an IX compromise when using default Tor selection. We find modifying the path selection to choose paths predicted to be safe lowers total paths with an AS compromise to 0.14% but still presents a 5–11% chance of at least one compromise in a week while making 5% of paths fail, with 96% of failures due to false positives in path inferences. Our results demonstrate more measurement and better path prediction is necessary to mitigate the risk of AS and IX adversaries to Tor.

Keywords

  • Autonomous Systems
  • Internet Exchanges
  • Tor

[1] CollecTor. https://collector.torproject.org/. Accessed 04/27/2015.Search in Google Scholar

[2] GeoLite Autonomous System Number Database, April 2014. http://www.maxmind.com/app/asnum. Accessed 05/07/2014.Search in Google Scholar

[3] The CAIDA UCSD IPv4 Routed /24 Topology Dataset- Jan 02–04, 2014, April 2014. http://www.caida.org/data/active/ipv4_routed_24_topology_dataset.xml. Accessed 05/07/2014.Search in Google Scholar

[4] B. Ager, N. Chatzis, A. Feldmann, N. Sarrar, S. Uhlig, and W. Willinger. Anatomy of a large European IXP. In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication, pages 163–174, 2012.10.1145/2377677.2377714Search in Google Scholar

[5] M. Akhoondi, C. Yu, and H. Madhyastha. LASTor: A Low-Latency AS-Aware Tor Client. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, pages 476–490, 2012.10.1109/SP.2012.35Search in Google Scholar

[6] B. Augustin, X. Cuvellier, B. Orgogozo, F. Viger, T. Friedman, M. Latapy, C. Magnien, and R. Teixeira. Avoiding traceroute anomalies with Paris traceroute. In Proceedings of the 6th ACM SIGCOMM conference on Internet Measurement Conference (IMC), pages 153–158, 2006.10.1145/1177080.1177100Search in Google Scholar

[7] B. Augustin, B. Krishnamurthy, and W. Willinger. IXPs: mapped? In Proceedings of the 9th ACM SIGCOMM conference on Internet Measurement Conference (IMC), pages 336–349, 2009.10.1145/1644893.1644934Search in Google Scholar

[8] K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker. Low-Resource Routing Attacks Against Tor. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES), 2007.10.1145/1314333.1314336Search in Google Scholar

[9] R. Collon. Use of OSI IS-IS for Routing in TCP/IP and Dual Environments accessed 05/14/2015., December 1990. https://www.ietf.org/rfc/rfc1195.txt Accessed 05/14/2015.Search in Google Scholar

[10] Í. Cunha, R. Teixeira, D. Veitch, and C. Diot. Predicting and tracking internet path changes. ACM SIGCOMM Computer Communication Review, 41(4):122–133, 2011.10.1145/2043164.2018451Search in Google Scholar

[11] I. Cunha, R. Teixeira, D. Veitch, and C. Diot. DTrack: A System to Predict and Track Internet Path Changes. IEEE/ACM Transactions on Networking, 22(4):1025–1038, 2014.Search in Google Scholar

[12] G. Danezis and P. Syverson. Bridging and Fingerprinting: Epistemic Attacks on Route Selection. In Proceedings of the 8th International Symposium on Privacy Enhancing Technologies Symposium (PETS), 2008.Search in Google Scholar

[13] R. Dingledine, N. Hopper, G. Kadianakis, and N. Mathewson. One fast guard for life (or 9 months). In 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2014.Search in Google Scholar

[14] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In Proceedings of the 13th USENIX Security Symposium, 2004.10.21236/ADA465464Search in Google Scholar

[15] M. Edman and P. F. Syverson. AS-awareness in Tor Path Selection. In Proceedings of the 2009 ACM Conference on Computer and Communications Security (CCS), 2009.10.1145/1653662.1653708Search in Google Scholar

[16] T. Elahi, K. Bauer, M. AlSabah, R. Dingledine, and I. Goldberg. Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES), pages 43–54, 2012.10.1145/2381966.2381973Search in Google Scholar

[17] N. Feamster and R. Dingledine. Location Diversity in Anonymity Networks. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES), 2004.10.1145/1029179.1029199Search in Google Scholar

[18] L. Gao. On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Transactions on Networking, 9(6), 2001.10.1109/90.974527Search in Google Scholar

[19] A. D. Jaggard, A. Johnson, P. Syverson, and J. Feigenbaum. Representing Network Trust and Using It to Improve Anonymous Communication. In In 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2014.Search in Google Scholar

[20] X. Jin, W.-P. Yiu, S.-H. Chan, and Y. Wang. Network topology inference based on end-to-end measurements. IEEE Journal on Selected Areas in Communications, 24(12):2182–2195, 2006.10.1109/JSAC.2006.884016Search in Google Scholar

[21] A. Johnson, P. Syverson, R. Dingledine, and N. Mathewson. Trust-based Anonymous Communication: Adversary Models and Routing Algorithms. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pages 175–186, 2011.10.1145/2046707.2046729Search in Google Scholar

[22] A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), 2013.10.1145/2508859.2516651Search in Google Scholar

[23] J. P. J. Juen. Protecting Anonymity in the Presence of Autonomous System and Internet Exchange Level Adversaries. Master’s thesis, University of Illinois, 2012. http://hdl.handle.net/2142/34363.Search in Google Scholar

[24] M. Luckie. Scamper: a scalable and extensible packet prober for active measurement of the internet. In Proceedings of the 10th ACM SIGCOMM conference on Internet Measurement Conference (IMC), pages 239–245. ACM, 2010.10.1145/1879141.1879171Search in Google Scholar

[25] M. Luckie, B. Huffaker, k. claffy, A. Dhamdhere, and V. Giotsas. AS Relationships, Customer Cones, and Validation. In Proceedings of the 13th ACM SIGCOMM Conference Internet Measurement Conference (IMC), 2013.10.1145/2504730.2504735Search in Google Scholar

[26] M. Luckie, Y. Hyun, and B. Huffaker. Traceroute Probe Method and Forward IP Path Inference. In Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement Conference (IMC), 2008.10.1145/1452520.1452557Search in Google Scholar

[27] G. Malkin. RIP Version 2, November 1998. https://tools.ietf.org/html/rfc2453.10.17487/rfc2453Search in Google Scholar

[28] Z. M. Mao, J. Rexford, J. Wang, and R. H. Katz. Towards an Accurate AS-level Traceroute Tool. In Proceedings of the ACM SIGCOMM 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, 2003.10.1145/863955.863996Search in Google Scholar

[29] J. Moy. RFC 2328: OSPF Version 2, April 1998. http://www.ietf.org/rfc/rfc2328.txt. Accessed 05/14/2015.10.17487/rfc2328Search in Google Scholar

[30] S. J. Murdoch and P. Zieliński. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries. In Proceedings of the Seventh Workshop on Privacy Enhancing Technologies Symposium (PETS), 2007.Search in Google Scholar

[31] J. Qiu and L. Gao. AS Path Inference by Exploiting Known AS Paths. In In Proceedings of IEEE GLOBECOM, 2006.10.1109/GLOCOM.2006.27Search in Google Scholar

[32] Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4), January 2006. https://www.ietf.org/rfc/rfc4271.txt Accessed 05/14/2015.10.17487/rfc4271Search in Google Scholar

[33] P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an Analysis of Onion Routing Security. In Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pages 96–114, 2000.10.1007/3-540-44702-4_6Search in Google Scholar

[34] L. Vanbever, O. Li, J. Rexford, and P. Mittal. Anonymity on QuickSand: Using BGP to Compromise Tor. In Proceedings of the 13th ACM Workshop on Hot Topics in Networks (HotNet), 2014.10.1145/2670518.2673869Search in Google Scholar

[35] C. Wacek, H. Tan, K. S. Bauer, and M. Sherr. An Empirical Evaluation of Relay Selection in Tor. In Network and Distributed System Security (NDSS), 2013.Search in Google Scholar

[36] Y. Zhang, R. Oliveira, Y. Wang, S. Su, B. Zhang, J. Bi, H. Zhang, and L. Zhang. A framework to quantify the pitfalls of using traceroute in AS-level topology measurement. IEEE Journal on Selected Areas in Communications, 29(9):1822–1836, 2011.10.1109/JSAC.2011.111007Search in Google Scholar

[37] Y. Zhang, V. Paxson, and S. Shenker. The Stationarity of Internet Path Properties: Routing, Loss, and Throughput. Technical report, In ACIRI Technical Report, 2000. https://www.cs.utexas.edu/~yzhang/papers/station-tr00.pdf.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo