MSFA: Multiple System Fingerprint Attack Scheme for IoT Anonymous Communication

For the past few years, Internet of Things (IoT) has developed rapidly and been extensively used. However, its transmission security and privacy protection are insufficient, which limits the development of IoT to a certain extent. As a technology of IoT information transmission, anonymous communication technology comes into being as an important means to ensure the security of healthcare data, which can better protect users’ privacy in some ways. Nowadays, a variety of attack techniques for anonymous communication systems have been proposed by the academic community to track senders and receivers or discover communications between two users. Thus, the MSFA (Multiple System Fingerprint Attack) scheme for anonymous communication systems is presented in this paper where the MSFA scheme architecture, implementation in the Tor environment, and experimental data processing are described. Through a comparative analysis between two traces of visiting the same website based on the edit distance, it is shown that the longer the length of the site traffic data, the greater the edit distance of the site access traffic and the larger the range.

Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing Protocols

The design of Tor includes a feature that is common to most distributed systems: the protocol is flexible. In particular, the Tor protocol requires nodes to ignore messages that are not understood, in order to guarantee the compatibility with future protocol versions. This paper shows how to exploit this flexibility by proposing two new active attacks: one against onion services and the other against Tor clients.Our attack against onion services is a new low-cost side-channel guard discovery attack that makes it possible to retrieve the entry node used by an onion service in one day, without injecting any relay in the network. This attack uses the possibility to send dummy cells that are silently dropped by onion services, in accordance with the flexible protocol design, and the possibility to observe those cells by inspecting public bandwidth measurements, which act as a side channel.Our attack against Tor clients, called the dropmark attack, is an efficient 1-bit conveying active attack that correlates flows. Simulations performed in Shadow show that the attack succeeds with an overwhelming probability and with no noticeable impact on user performance.Finally, we open the discussion regarding a trade-off between flexibility and security in anonymous communication systems, based on what we learned within the scope of our attacks.

Protecting User’s Privacy from Browser-Based Attacks

Recently there has been a new kind of attacks, browser-based attacks, against anonymous communication systems, such as Tor. This kind of attacks exploits JavaScript in the browser or the HTML meta refresh to generate some predefined signals to correlate users and their visited websites. A novel and efficient defense against such attacks is proposed in this paper. Our main observation is that the attacker must generate enough signals from the client site (the browser) to correlate the user and the website while we can detect the attack at the client site. More specifically, when a user is browsing a specific website and a browser-based attack is in progress, the number of outgoing flows and the total byte counts generated by the browser should be much larger compared with the normal browsing behavior. So we can set up fingerprints (number of outgoing flows and total byte counts) for normal browsing of web pages for a period of time and utilize these fingerprints to detect browser-based attacks. We have also found that some JavaScript codes must be executed many times if the attacker uses JavaScript to communicate. We have modified the Mozilla Firefox JavaScript engine to audit execution times of JavaScript code to defend these attacks, including browser-based attacks.