Defending Tor from Network Adversaries: A Case Study of Network Path Prediction

The Tor anonymity network has been shown vulnerable to traffic analysis attacks by autonomous systems and Internet exchanges, which can observe different overlay hops belonging to the same circuit. We aim to determine whether network path prediction techniques provide an accurate picture of the threat from such adversaries, and whether they can be used to avoid this threat. We perform a measurement study by running traceroutes from Tor relays to destinations around the Internet. We use the data to evaluate the accuracy of the autonomous systems and Internet exchanges that are predicted to appear on the path using state-of-the-art path inference techniques; we also consider the impact that prediction errors have on Tor security, and whether it is possible to produce a useful overestimate that does not miss important threats. Finally, we evaluate the possibility of using these predictions to actively avoid AS and IX adversaries and the challenges this creates for the design of Tor

Assessing the geographic resolution of exhaustive tabulation for geolocating Internet hosts

peer reviewedGeolocation of Internet hosts relies mainly on exhaustive tabulation techniques. Those techniques consist in building a database, that keeps the mapping between IP blocks and a geographic location. Relying on a single location for a whole IP block requires using a coarse enough geographic resolution. As this geographic resolution is not made explicit in databases, we try in this paper to better understand it by comparing the location estimates of databases with a well-established active measurements-based geolocation technique. We show that the geographic resolution of geolocation databases is far coarser than the resolution provided by active measurements for individual IP addresses. Given the lack of information in databases about the expected location error within each IP block, one cannot havemuch confidence in the accuracy of their location estimates. Geolocation databases should either provide information about the expected accuracy of the location estimates within each block, or reveal information about how their location estimates have been built, unless databases have to be trusted blindly.FP6-FET ANA (FP6-IST- 27489

Is Explicit Congestion Notification usable with UDP?

We present initial measurements to determine if ECN is usable with UDP traffic in the public Internet. This is interesting because ECN is part of current IETF proposals for congestion control of UDPbased interactive multimedia, and due to the increasing use of UDP as a substrate on which new transport protocols can be deployed. Using measurements from the author’s homes, their workplace, and cloud servers in each of the nine EC2 regions worldwide, we test reachability of 2500 servers from the public NTP server pool, using ECT(0) and not-ECT marked UDP packets. We show that an average of 98.97% of the NTP servers that are reachable using not-ECT marked packets are also reachable using ECT(0) marked UDP packets, and that ~98% of network hops pass ECT(0) marked packets without clearing the ECT bits. We compare reachability of the same hosts using ECN with TCP, finding that 82.0% of those reachable with TCP can successfully negotiate and use ECN. Our findings suggest that ECN is broadly usable with UDP traffic, and that support for use of ECN with TCP has increased

An Overview of Internet Measurements:Fundamentals, Techniques, and Trends

The Internet presents great challenges to the characterization of its structure and behavior. Different reasons contribute to this situation, including a huge user community, a large range of applications, equipment heterogeneity, distributed administration, vast geographic coverage, and the dynamism that are typical of the current Internet. In order to deal with these challenges, several measurement-based approaches have been recently proposed to estimate and better understand the behavior, dynamics, and properties of the Internet. The set of these measurement-based techniques composes the Internet Measurements area of research. This overview paper covers the Internet Measurements area by presenting measurement-based tools and methods that directly influence other conventional areas, such as network design and planning, traffic engineering, quality of service, and network management

Jumps: Enhancing hop-count positioning in sensor networks using multiple coordinates

Positioning systems in self-organizing networks generally rely on measurements such as delay and received signal strength, which may be difficult to obtain and often require dedicated equipment. An alternative to such approaches is to use simple connectivity information, that is, the presence or absence of a link between any pair of nodes, and to extend it to hop-counts, in order to obtain an approximate coordinate system. Such an approximation is sufficient for a large number of applications, such as routing. In this paper, we propose Jumps, a positioning system for those self-organizing networks in which other types of (exact) positioning systems cannot be used or are deemed to be too costly. Jumps builds a multiple coordinate system based solely on nodes neighborhood knowledge. Jumps is interesting in the context of wireless sensor networks, as it neither requires additional embedded equipment nor relies on any nodes capabilities. While other approaches use only three hop-count measurements to infer the position of a node, Jumps uses an arbitrary number. We observe that an increase in the number of measurements leads to an improvement in the localization process, without requiring a high dense environment. We show through simulations that Jumps, when compared with existing approaches, reduces the number of nodes sharing the same coordinates, which paves the way for functions such as position-based routing