25 research outputs found
Content and popularity analysis of Tor hidden services
Tor hidden services allow running Internet services while protecting the
location of the servers. Their main purpose is to enable freedom of speech even
in situations in which powerful adversaries try to suppress it. However,
providing location privacy and client anonymity also makes Tor hidden services
an attractive platform for every kind of imaginable shady service. The ease
with which Tor hidden services can be set up has spurred a huge growth of
anonymously provided Internet services of both types. In this paper we analyse
the landscape of Tor hidden services. We have studied Tor hidden services after
collecting 39824 hidden service descriptors on 4th of Feb 2013 by exploiting
protocol and implementation flaws in Tor: we scanned them for open ports; in
the case of HTTP services, we analysed and classified their content. We also
estimated the popularity of hidden services by looking at the request rate for
hidden service descriptors by clients. We found that while the content of Tor
hidden services is rather varied, the most popular hidden services are related
to botnets.Comment: 6 pages, 3 figures, 2 table
ATTACK AGAINST ANONYMITY USING CELL COUNTING
Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-sized cells. Via extensive experiments on Tor, we found that the size of IP packets in the Tor network can be very dynamic because a cell is an application concept and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the number of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then, an accomplice of the attacker at themalicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor, and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective, and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect
Octopus: A Secure and Anonymous DHT Lookup
Distributed Hash Table (DHT) lookup is a core technique in structured
peer-to-peer (P2P) networks. Its decentralized nature introduces security and
privacy vulnerabilities for applications built on top of them; we thus set out
to design a lookup mechanism achieving both security and anonymity, heretofore
an open problem. We present Octopus, a novel DHT lookup which provides strong
guarantees for both security and anonymity. Octopus uses attacker
identification mechanisms to discover and remove malicious nodes, severely
limiting an adversary's ability to carry out active attacks, and splits lookup
queries over separate anonymous paths and introduces dummy queries to achieve
high levels of anonymity. We analyze the security of Octopus by developing an
event-based simulator to show that the attacker discovery mechanisms can
rapidly identify malicious nodes with low error rate. We calculate the
anonymity of Octopus using probabilistic modeling and show that Octopus can
achieve near-optimal anonymity. We evaluate Octopus's efficiency on Planetlab
with 207 nodes and show that Octopus has reasonable lookup latency and
manageable communication overhead
HORNET: High-speed Onion Routing at the Network Layer
We present HORNET, a system that enables high-speed end-to-end anonymous
channels by leveraging next generation network architectures. HORNET is
designed as a low-latency onion routing system that operates at the network
layer thus enabling a wide range of applications. Our system uses only
symmetric cryptography for data forwarding yet requires no per-flow state on
intermediate nodes. This design enables HORNET nodes to process anonymous
traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal
processing overhead per additional anonymous channel. We discuss design and
implementation details, as well as a performance and security evaluation.Comment: 14 pages, 5 figure
Information Leakage as a Model for Quality of Anonymity Networks
Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. Such systems are heterogeneous, as are the ways they are used, the deployed anonymity measures, and finally the possible attack methods. Implementation quality and topologies of the anonymity measures must be considered as well. We therefore propose a new measure for the anonymity degree, that takes into account these various. We model the effectiveness of single mixes or of mix networks in terms of information leakage, and we measure it in terms of covert channel capacity. The relationship between the anonymity degree and information leakage is described, and an example is shown
Information Leakage as a Model for Quality of Anonymity Networks
Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. Such systems are heterogeneous, as are the ways they are used, the deployed anonymity measures, and finally the possible attack methods. Implementation quality and topologies of the anonymity measures must be considered as well. We therefore propose a new measure for the anonymity degree, that takes into account these various. We model the effectiveness of single mixes or of mix networks in terms of information leakage, and we measure it in terms of covert channel capacity. The relationship between the anonymity degree and information leakage is described, and an example is shown
Extracting Association Patterns in Network Communications
In network communications, mixes provide protection against observers hiding the appearance of messages, patterns, length and links between senders and receivers. Statistical disclosure attacks aim to reveal the identity of senders and receivers in a communication network setting when it is protected by standard techniques based on mixes. This work aims to develop a global statistical disclosure attack to detect relationships between users. The only information used by the attacker is the number of messages sent and received by each user for each round, the batch of messages grouped by the anonymity system. A new modeling framework based on contingency tables is used. The assumptions are more flexible than those used in the literature, allowing to apply the method to multiple situations automatically, such as email data or social networks data. A classification scheme based on combinatoric solutions of the space of rounds retrieved is developed. Solutions about relationships between users are provided for all pairs of users simultaneously, since the dependence of the data retrieved needs to be addressed in a global sense