Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables

Aaron D. Jaggard / Aaron Johnson / Sarah Cortes / Paul Syverson / Joan Feigenbaum
Published Online: 2015-04-18 | DOI: https://doi.org/10.1515/popets-2015-0002


Motivated by the effectiveness of correlation attacks against Tor, the censorship arms race, and observations of malicious relays in Tor, we propose that Tor users capture their trust in network elements using probability distributions over the sets of elements observed by network adversaries. We present a modular system that allows users to efficiently and conveniently create such distributions and use them to improve their security. To illustrate this system, we present two novel types of adversaries. First, we study a powerful, pervasive adversary that can compromise an unknown number of Autonomous System organizations, Internet Exchange Point organizations, and Tor relay families. Second, we initiate the study of how an adversary might use Mutual Legal Assistance Treaties (MLATs) to enact surveillance. As part of this, we identify submarine cables as a potential subject of trust and incorporate data about these into our MLAT analysis by using them as a proxy for adversary power. Finally, we present preliminary experimental results that show the potential for our trust framework to be used by Tor clients and services to improve security.

Keywords: Tor; Trust; Bayesian Belief Network; MLAT; submarine cable


  • [1] M. Akhoondi, C. Yu, and H. V. Madhyastha, In: S. Jha and W. Lee (Eds.), 2012 IEEE Symposium on Security and Privacy, May 21-23, 2012, San Francisco, USA (IEEE Computer Society, Los Alamitos, 2012) 476-490, DOI:10.1109/SP.2012.35CrossrefGoogle Scholar

  • [2] Alcatel-Lucent, http://www.alcatel-lucent.com/press/2013/ 002779, accessed October 22, 2014Google Scholar

  • [3] B. Augustin, B. Krishnamurthy, and W. Willinger, In: A. Feldmann and L. Mathy (Eds.), 9th ACM SIGCOMM Internet Measurement Conference, November 4-6, 2009, Chicago, USA (ACM, New York, 2009) 336-349, DOI:10.1145/1644893.1644934CrossrefGoogle Scholar

  • [4] A. Biryukov, I. Pustogarov, and R.-P. Weinmann, In: W. Lee, A. Perrig, and M. Backes (Eds.), 2013 IEEE Symposium on Security and Privacy, May 19-22, 2013, San Francisco, USA (IEEE Computer Society, Los Alamitos, 2013) 80-94, DOI:10.1109/SP.2013.15CrossrefGoogle Scholar

  • [5] X. Cai, J. Heidemann, B. Krishnamurthy, and W. Willinger, USC/Information Sciences Institute Technical Report ISITR-2009-679, http://www.isi.edu/~johnh/PAPERS/Cai12b/ index.htmlGoogle Scholar

  • [6] X. Cai, X. C. Zhang, B. Joshi, and R. Johnson, In: G. Danezis and V. Gligor (Eds.), 2012 ACM Conference on Computer and Communications Security, October 16-18, 2012, Raleigh, USA (ACM, New York, 2012) 605-616, DOI:10.1145/2382196.2382260CrossrefGoogle Scholar

  • [7] CAIDA, http://www.caida.org/data/as-relationships/Google Scholar

  • [8] CAIDA, http://www.caida.org/data/active/ipv4_routed_ 24_topology_dataset.xmlGoogle Scholar

  • [9] S. Cortes, Database supporting http://www.mlat.is, accessed November 3, 2014.Google Scholar

  • [10] S. Cortes, Rich. J.L. & Tech. 22 (2015) (in press) SSRN abstract available at http://ssrn.com/abstract=2564218Google Scholar

  • [11] R. Dingledine and N. Mathewson, https://gitweb.torproject. org/torspec.git/blob_plain/HEAD:/path-spec.txt, accessed February 2014Google Scholar

  • [12] T. Elahi and I. Goldberg, University of Waterloo CACR Technical Report CACR 2012-33, http://cacr.uwaterloo.ca/ techreports/2012/cacr2012-33.pdfGoogle Scholar

  • [13] ESB Telecoms, http://www.esbtelecoms.ie/emerald_bridge/ overview.htm, accessed October 22, 2014Google Scholar

  • [14] J. Y. Halpern, Reasoning About Uncertainty (MIT Press, Cambridge, 2003)Google Scholar

  • [15] Y. He, M. Faloutsos, S. V. Krishnamurthy, and B. Huffaker, In: S. E. Watikins (Ed.), IEEE Global Telecommunications Conference, November 28-December 2, 2005, St. Louis, USA (IEEE, Piscataway, 2005) 904-909, DOI:10.1109/GLOCOM.2005.1577769CrossrefGoogle Scholar

  • [16] Interchange, http://interchange.vu/benefits-for-vanuatu/, accessed October 22, 2014Google Scholar

  • [17] Interchange, http://interchange.vu, accessed October 22, 2014Google Scholar

  • [18] ISO 3166, Country codesGoogle Scholar

  • [19] A. D. Jaggard, A. Johnson, P. Syverson, and J. Feigenbaum, arXiv:1406.3583v1 [cs.CR], presented at HotPETs 2014Google Scholar

  • [20] A. Johnson and P. Syverson, In: J. Mitchell (Ed.), 22nd IEEE Computer Security Foundations Symposium, July 8-10, 2009, Port Jefferson, USA (IEEE Computer Society, Los Alamitos, 2009) 3-12, DOI:10.1109/CSF.2009.27CrossrefGoogle Scholar

  • [21] A. Johnson, P. Syverson, R. Dingledine, and N. Mathewson, In: G. Danezis and V. Shmatikov (Eds.), 18th ACM Conference on Computer and Communications Security, October 17-21, 2011, Chicago, USA (ACM, New York, 2011) 175-186, DOI:10.1145/2046707.2046729CrossrefGoogle Scholar

  • [22] A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson, In: V. Gligor and M. Yung (Eds.), 2013 ACM Conference on Computer and Communications Security, November 4-8, 2012, Berlin, Germany (ACM, New York, 2013) 337-348, DOI:10.1145/2508859.2516651CrossrefGoogle Scholar

  • [23] J. Juen, A. Das, A. Johnson, N. Borisov, and M. Caesar, arXiv:1410.1823v2 [cs.CR]Google Scholar

  • [24] J. P. J. Juen, M.S. thesis, University of Illinois at Urbana- Champaign (Urbana-Champaign, USA, 2012)Google Scholar

  • [25] G. Mahlknecht, http://cablemap.info, accessed October 8, 2014Google Scholar

  • [26] MaxMind, http://dev.maxmind.com/geoip/legacy/geolite/Google Scholar

  • [27] Submarine Telecoms Forum, Inc., http://subtelforum.com/ Issue11/, accessed October 17, 2014Google Scholar

  • [28] P. Syverson, G. Tsudik, M. Reed, and C. Landwehr, In: H. Federrath (Ed.), Designing Privacy Enhancing Technologies (Springer Verlag, Heidelberg, 2001) 96-114, DOI:10.1007/3-540-44702-4_6CrossrefGoogle Scholar

  • [29] TeleGeography, https://github.com/telegeography/www. submarinecablemap.com/Google Scholar

  • [30] The Tor Project, Inc., https://metrics.torproject.org/, accessed April 2014Google Scholar

  • [31] University of Oregon, http://www.routeviews.org/Google Scholar

  • [32] P. Winter and S. Lindskog, Spoiled onions: Exposing malicious Tor exit relays, arXiv:1401.4917v1 [cs.CR] Google Scholar

About the article

Received: 2014-11-22

Revised: 2015-02-15

Accepted: 2015-02-15

Published Online: 2015-04-18

Published in Print: 2015-04-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2015, Issue 1, Pages 4–24, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2015-0002.

Export Citation

© 2015. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. BY-NC-ND 3.0

Comments (0)

Please log in or register to comment.
Log in