Jump to ContentJump to Main Navigation
Show Summary Details

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
Online
ISSN
2299-0984
See all formats and pricing

20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables

Aaron D. Jaggard
  • Corresponding author
  • U.S. Naval Research Laboratory
  • Email:
/ Aaron Johnson
  • U.S. Naval Research Laboratory
  • Email:
/ Sarah Cortes
  • Northeastern University
  • Email:
/ Paul Syverson
  • U.S. Naval Research Laboratory
  • Email:
/ Joan Feigenbaum
  • Yale University
  • Email:
Published Online: 2015-04-18 | DOI: https://doi.org/10.1515/popets-2015-0002

Abstract

Motivated by the effectiveness of correlation attacks against Tor, the censorship arms race, and observations of malicious relays in Tor, we propose that Tor users capture their trust in network elements using probability distributions over the sets of elements observed by network adversaries. We present a modular system that allows users to efficiently and conveniently create such distributions and use them to improve their security. To illustrate this system, we present two novel types of adversaries. First, we study a powerful, pervasive adversary that can compromise an unknown number of Autonomous System organizations, Internet Exchange Point organizations, and Tor relay families. Second, we initiate the study of how an adversary might use Mutual Legal Assistance Treaties (MLATs) to enact surveillance. As part of this, we identify submarine cables as a potential subject of trust and incorporate data about these into our MLAT analysis by using them as a proxy for adversary power. Finally, we present preliminary experimental results that show the potential for our trust framework to be used by Tor clients and services to improve security.

Keywords: Tor; Trust; Bayesian Belief Network; MLAT; submarine cable

References

  • [1] M. Akhoondi, C. Yu, and H. V. Madhyastha, In: S. Jha and W. Lee (Eds.), 2012 IEEE Symposium on Security and Privacy, May 21-23, 2012, San Francisco, USA (IEEE Computer Society, Los Alamitos, 2012) 476-490, DOI:10.1109/SP.2012.35 [Crossref]

  • [2] Alcatel-Lucent, http://www.alcatel-lucent.com/press/2013/ 002779, accessed October 22, 2014

  • [3] B. Augustin, B. Krishnamurthy, and W. Willinger, In: A. Feldmann and L. Mathy (Eds.), 9th ACM SIGCOMM Internet Measurement Conference, November 4-6, 2009, Chicago, USA (ACM, New York, 2009) 336-349, DOI:10.1145/1644893.1644934 [Crossref]

  • [4] A. Biryukov, I. Pustogarov, and R.-P. Weinmann, In: W. Lee, A. Perrig, and M. Backes (Eds.), 2013 IEEE Symposium on Security and Privacy, May 19-22, 2013, San Francisco, USA (IEEE Computer Society, Los Alamitos, 2013) 80-94, DOI:10.1109/SP.2013.15 [Crossref]

  • [5] X. Cai, J. Heidemann, B. Krishnamurthy, and W. Willinger, USC/Information Sciences Institute Technical Report ISITR-2009-679, http://www.isi.edu/~johnh/PAPERS/Cai12b/ index.html

  • [6] X. Cai, X. C. Zhang, B. Joshi, and R. Johnson, In: G. Danezis and V. Gligor (Eds.), 2012 ACM Conference on Computer and Communications Security, October 16-18, 2012, Raleigh, USA (ACM, New York, 2012) 605-616, DOI:10.1145/2382196.2382260 [Crossref]

  • [7] CAIDA, http://www.caida.org/data/as-relationships/

  • [8] CAIDA, http://www.caida.org/data/active/ipv4_routed_ 24_topology_dataset.xml

  • [9] S. Cortes, Database supporting http://www.mlat.is, accessed November 3, 2014.

  • [10] S. Cortes, Rich. J.L. & Tech. 22 (2015) (in press) SSRN abstract available at http://ssrn.com/abstract=2564218

  • [11] R. Dingledine and N. Mathewson, https://gitweb.torproject. org/torspec.git/blob_plain/HEAD:/path-spec.txt, accessed February 2014

  • [12] T. Elahi and I. Goldberg, University of Waterloo CACR Technical Report CACR 2012-33, http://cacr.uwaterloo.ca/ techreports/2012/cacr2012-33.pdf

  • [13] ESB Telecoms, http://www.esbtelecoms.ie/emerald_bridge/ overview.htm, accessed October 22, 2014

  • [14] J. Y. Halpern, Reasoning About Uncertainty (MIT Press, Cambridge, 2003)

  • [15] Y. He, M. Faloutsos, S. V. Krishnamurthy, and B. Huffaker, In: S. E. Watikins (Ed.), IEEE Global Telecommunications Conference, November 28-December 2, 2005, St. Louis, USA (IEEE, Piscataway, 2005) 904-909, DOI:10.1109/GLOCOM.2005.1577769 [Crossref]

  • [16] Interchange, http://interchange.vu/benefits-for-vanuatu/, accessed October 22, 2014

  • [17] Interchange, http://interchange.vu, accessed October 22, 2014

  • [18] ISO 3166, Country codes

  • [19] A. D. Jaggard, A. Johnson, P. Syverson, and J. Feigenbaum, arXiv:1406.3583v1 [cs.CR], presented at HotPETs 2014

  • [20] A. Johnson and P. Syverson, In: J. Mitchell (Ed.), 22nd IEEE Computer Security Foundations Symposium, July 8-10, 2009, Port Jefferson, USA (IEEE Computer Society, Los Alamitos, 2009) 3-12, DOI:10.1109/CSF.2009.27 [Crossref]

  • [21] A. Johnson, P. Syverson, R. Dingledine, and N. Mathewson, In: G. Danezis and V. Shmatikov (Eds.), 18th ACM Conference on Computer and Communications Security, October 17-21, 2011, Chicago, USA (ACM, New York, 2011) 175-186, DOI:10.1145/2046707.2046729 [Crossref]

  • [22] A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson, In: V. Gligor and M. Yung (Eds.), 2013 ACM Conference on Computer and Communications Security, November 4-8, 2012, Berlin, Germany (ACM, New York, 2013) 337-348, DOI:10.1145/2508859.2516651 [Crossref]

  • [23] J. Juen, A. Das, A. Johnson, N. Borisov, and M. Caesar, arXiv:1410.1823v2 [cs.CR]

  • [24] J. P. J. Juen, M.S. thesis, University of Illinois at Urbana- Champaign (Urbana-Champaign, USA, 2012)

  • [25] G. Mahlknecht, http://cablemap.info, accessed October 8, 2014

  • [26] MaxMind, http://dev.maxmind.com/geoip/legacy/geolite/

  • [27] Submarine Telecoms Forum, Inc., http://subtelforum.com/ Issue11/, accessed October 17, 2014

  • [28] P. Syverson, G. Tsudik, M. Reed, and C. Landwehr, In: H. Federrath (Ed.), Designing Privacy Enhancing Technologies (Springer Verlag, Heidelberg, 2001) 96-114, DOI:10.1007/3-540-44702-4_6 [Crossref]

  • [29] TeleGeography, https://github.com/telegeography/www. submarinecablemap.com/

  • [30] The Tor Project, Inc., https://metrics.torproject.org/, accessed April 2014

  • [31] University of Oregon, http://www.routeviews.org/

  • [32] P. Winter and S. Lindskog, Spoiled onions: Exposing malicious Tor exit relays, arXiv:1401.4917v1 [cs.CR]

About the article

Received: 2014-11-22

Revised: 2015-02-15

Accepted: 2015-02-15

Published Online: 2015-04-18

Published in Print: 2015-04-01


Citation Information: Proceedings on Privacy Enhancing Technologies, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2015-0002. Export Citation

© 2015. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. (CC BY-NC-ND 3.0)

Comments (0)

Please log in or register to comment.
Log in