1,471 research outputs found
Guard Sets for Onion Routing
“Entry” guards protect the Tor onion routing system from variants of the “predecessor” attack, that would allow an adversary with control of a fraction of routers to eventually de-anonymize some users. Research has however shown the three guard scheme has drawbacks and Dingledine et al. proposed in 2014 for each user to have a single long-term guard. We first show that such a guard selection strategy would be optimal if the Tor network was failure-free and static. However under realistic failure conditions the one guard proposal still suffers from the classic fingerprinting attacks, uniquely identifying users. Furthermore, under dynamic network conditions using single guards offer smaller anonymity sets to users of fresh guards. We propose and analyze an alternative guard selection scheme by way of grouping guards together to form shared guard sets. We compare the security and performance of guard sets with the three guard scheme and the one guard proposal. We show guard sets do provide increased resistance to a number of attacks, while foreseeing no significant degradation in performance or bandwidth utilization
Defending Tor from Network Adversaries: A Case Study of Network Path Prediction
The Tor anonymity network has been shown vulnerable to traffic analysis
attacks by autonomous systems and Internet exchanges, which can observe
different overlay hops belonging to the same circuit. We aim to determine
whether network path prediction techniques provide an accurate picture of the
threat from such adversaries, and whether they can be used to avoid this
threat. We perform a measurement study by running traceroutes from Tor relays
to destinations around the Internet. We use the data to evaluate the accuracy
of the autonomous systems and Internet exchanges that are predicted to appear
on the path using state-of-the-art path inference techniques; we also consider
the impact that prediction errors have on Tor security, and whether it is
possible to produce a useful overestimate that does not miss important threats.
Finally, we evaluate the possibility of using these predictions to actively
avoid AS and IX adversaries and the challenges this creates for the design of
Tor
Representing Network Trust and Using It to Improve Anonymous Communication
Motivated by the effectiveness of correlation attacks against Tor, the
censorship arms race, and observations of malicious relays in Tor, we propose
that Tor users capture their trust in network elements using probability
distributions over the sets of elements observed by network adversaries. We
present a modular system that allows users to efficiently and conveniently
create such distributions and use them to improve their security. The major
components of this system are (i) an ontology of network-element types that
represents the main threats to and vulnerabilities of anonymous communication
over Tor, (ii) a formal language that allows users to naturally express trust
beliefs about network elements, and (iii) a conversion procedure that takes the
ontology, public information about the network, and user beliefs written in the
trust language and produce a Bayesian Belief Network that represents the
probability distribution in a way that is concise and easily sampleable. We
also present preliminary experimental results that show the distribution
produced by our system can improve security when employed by users; further
improvement is seen when the system is employed by both users and services.Comment: 24 pages; talk to be presented at HotPETs 201
- …