8,468 research outputs found
Are anonymity-seekers just like everybody else? An analysis of contributions to Wikipedia from Tor
User-generated content sites routinely block contributions from users of
privacy-enhancing proxies like Tor because of a perception that proxies are a
source of vandalism, spam, and abuse. Although these blocks might be effective,
collateral damage in the form of unrealized valuable contributions from
anonymity seekers is invisible. One of the largest and most important
user-generated content sites, Wikipedia, has attempted to block contributions
from Tor users since as early as 2005. We demonstrate that these blocks have
been imperfect and that thousands of attempts to edit on Wikipedia through Tor
have been successful. We draw upon several data sources and analytical
techniques to measure and describe the history of Tor editing on Wikipedia over
time and to compare contributions from Tor users to those from other groups of
Wikipedia users. Our analysis suggests that although Tor users who slip through
Wikipedia's ban contribute content that is more likely to be reverted and to
revert others, their contributions are otherwise similar in quality to those
from other unregistered participants and to the initial contributions of
registered users.Comment: To appear in the IEEE Symposium on Security & Privacy, May 202
Measuring and mitigating AS-level adversaries against Tor
The popularity of Tor as an anonymity system has made it a popular target for
a variety of attacks. We focus on traffic correlation attacks, which are no
longer solely in the realm of academic research with recent revelations about
the NSA and GCHQ actively working to implement them in practice.
Our first contribution is an empirical study that allows us to gain a high
fidelity snapshot of the threat of traffic correlation attacks in the wild. We
find that up to 40% of all circuits created by Tor are vulnerable to attacks by
traffic correlation from Autonomous System (AS)-level adversaries, 42% from
colluding AS-level adversaries, and 85% from state-level adversaries. In
addition, we find that in some regions (notably, China and Iran) there exist
many cases where over 95% of all possible circuits are vulnerable to
correlation attacks, emphasizing the need for AS-aware relay-selection.
To mitigate the threat of such attacks, we build Astoria--an AS-aware Tor
client. Astoria leverages recent developments in network measurement to perform
path-prediction and intelligent relay selection. Astoria reduces the number of
vulnerable circuits to 2% against AS-level adversaries, under 5% against
colluding AS-level adversaries, and 25% against state-level adversaries. In
addition, Astoria load balances across the Tor network so as to not overload
any set of relays.Comment: Appearing at NDSS 201
An Empirical Study of the I2P Anonymity Network and its Censorship Resistance
Tor and I2P are well-known anonymity networks used by many individuals to
protect their online privacy and anonymity. Tor's centralized directory
services facilitate the understanding of the Tor network, as well as the
measurement and visualization of its structure through the Tor Metrics project.
In contrast, I2P does not rely on centralized directory servers, and thus
obtaining a complete view of the network is challenging. In this work, we
conduct an empirical study of the I2P network, in which we measure properties
including population, churn rate, router type, and the geographic distribution
of I2P peers. We find that there are currently around 32K active I2P peers in
the network on a daily basis. Of these peers, 14K are located behind NAT or
firewalls.
Using the collected network data, we examine the blocking resistance of I2P
against a censor that wants to prevent access to I2P using address-based
blocking techniques. Despite the decentralized characteristics of I2P, we
discover that a censor can block more than 95% of peer IP addresses known by a
stable I2P client by operating only 10 routers in the network. This amounts to
severe network impairment: a blocking rate of more than 70% is enough to cause
significant latency in web browsing activities, while blocking more than 90% of
peer IP addresses can make the network unusable. Finally, we discuss the
security consequences of the network being blocked, and directions for
potential approaches to make I2P more resistant to blocking.Comment: 14 pages, To appear in the 2018 Internet Measurement Conference
(IMC'18
RAPTOR: Routing Attacks on Privacy in Tor
The Tor network is a widely used system for anonymous communication. However,
Tor is known to be vulnerable to attackers who can observe traffic at both ends
of the communication path. In this paper, we show that prior attacks are just
the tip of the iceberg. We present a suite of new attacks, called Raptor, that
can be launched by Autonomous Systems (ASes) to compromise user anonymity.
First, AS-level adversaries can exploit the asymmetric nature of Internet
routing to increase the chance of observing at least one direction of user
traffic at both ends of the communication. Second, AS-level adversaries can
exploit natural churn in Internet routing to lie on the BGP paths for more
users over time. Third, strategic adversaries can manipulate Internet routing
via BGP hijacks (to discover the users using specific Tor guard nodes) and
interceptions (to perform traffic analysis). We demonstrate the feasibility of
Raptor attacks by analyzing historical BGP data and Traceroute data as well as
performing real-world attacks on the live Tor network, while ensuring that we
do not harm real users. In addition, we outline the design of two monitoring
frameworks to counter these attacks: BGP monitoring to detect control-plane
attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our
work motivates the design of anonymity systems that are aware of the dynamics
of Internet routing
Hang With Your Buddies to Resist Intersection Attacks
Some anonymity schemes might in principle protect users from pervasive
network surveillance - but only if all messages are independent and unlinkable.
Users in practice often need pseudonymity - sending messages intentionally
linkable to each other but not to the sender - but pseudonymity in dynamic
networks exposes users to intersection attacks. We present Buddies, the first
systematic design for intersection attack resistance in practical anonymity
systems. Buddies groups users dynamically into buddy sets, controlling message
transmission to make buddies within a set behaviorally indistinguishable under
traffic analysis. To manage the inevitable tradeoffs between anonymity
guarantees and communication responsiveness, Buddies enables users to select
independent attack mitigation policies for each pseudonym. Using trace-based
simulations and a working prototype, we find that Buddies can guarantee
non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for
both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure
One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users
Tor is a popular low-latency anonymity network. However, Tor does not protect
against the exploitation of an insecure application to reveal the IP address
of, or trace, a TCP stream. In addition, because of the linkability of Tor
streams sent together over a single circuit, tracing one stream sent over a
circuit traces them all. Surprisingly, it is unknown whether this linkability
allows in practice to trace a significant number of streams originating from
secure (i.e., proxied) applications. In this paper, we show that linkability
allows us to trace 193% of additional streams, including 27% of HTTP streams
possibly originating from "secure" browsers. In particular, we traced 9% of Tor
streams carried by our instrumented exit nodes. Using BitTorrent as the
insecure application, we design two attacks tracing BitTorrent users on Tor. We
run these attacks in the wild for 23 days and reveal 10,000 IP addresses of Tor
users. Using these IP addresses, we then profile not only the BitTorrent
downloads but also the websites visited per country of origin of Tor users. We
show that BitTorrent users on Tor are over-represented in some countries as
compared to BitTorrent users outside of Tor. By analyzing the type of content
downloaded, we then explain the observed behaviors by the higher concentration
of pornographic content downloaded at the scale of a country. Finally, we
present results suggesting the existence of an underground BitTorrent ecosystem
on Tor
- …