Analyzing the Effectiveness of Passive Correlation Attacks on the Tor Anonymity Network

Abstract Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s view of the network, and consequently, improve its ability to perform traffic correlation. This paper explores, in-depth, the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks.

Download Full-text

Analysis of flow-correlation attacks in anonymity network

International Journal of Security and Networks ◽

10.1504/ijsn.2007.012831 ◽

2007 ◽

Vol 2 (1/2) ◽

pp. 137 ◽

Cited By ~ 11

Author(s):

Ye Zhu ◽

Xinwen Fu ◽

Riccardo Bettati ◽

Wei Zhao

Keyword(s):

Anonymity Network ◽

Correlation Attacks

Download Full-text

20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2015-0002 ◽

2015 ◽

Vol 2015 (1) ◽

pp. 4-24 ◽

Cited By ~ 5

Author(s):

Aaron D. Jaggard ◽

Aaron Johnson ◽

Sarah Cortes ◽

Paul Syverson ◽

Joan Feigenbaum

Keyword(s):

Autonomous System ◽

Probability Distributions ◽

Arms Race ◽

Experimental Results ◽

Modular System ◽

Anonymous Communication ◽

Legal Assistance ◽

Correlation Attacks ◽

Submarine Cables ◽

Undersea Cables

Abstract Motivated by the effectiveness of correlation attacks against Tor, the censorship arms race, and observations of malicious relays in Tor, we propose that Tor users capture their trust in network elements using probability distributions over the sets of elements observed by network adversaries. We present a modular system that allows users to efficiently and conveniently create such distributions and use them to improve their security. To illustrate this system, we present two novel types of adversaries. First, we study a powerful, pervasive adversary that can compromise an unknown number of Autonomous System organizations, Internet Exchange Point organizations, and Tor relay families. Second, we initiate the study of how an adversary might use Mutual Legal Assistance Treaties (MLATs) to enact surveillance. As part of this, we identify submarine cables as a potential subject of trust and incorporate data about these into our MLAT analysis by using them as a proxy for adversary power. Finally, we present preliminary experimental results that show the potential for our trust framework to be used by Tor clients and services to improve security.

Download Full-text