Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
Online
ISSN
2299-0984
See all formats and pricing
More options …

Defending Tor from Network Adversaries: A Case Study of Network Path Prediction

Joshua Juen / Aaron Johnson / Anupam Das / Nikita Borisov / Matthew Caesar
Published Online: 2015-06-22 | DOI: https://doi.org/10.1515/popets-2015-0021

Abstract

The Tor anonymity network has been shown vulnerable to traffic analysis attacks by autonomous systems (ASes) and Internet exchanges (IXes), which can observe different overlay hops belonging to the same circuit. We evaluate whether network path prediction techniques provide an accurate picture of the threat from such adversaries, and whether they can be used to avoid this threat. We perform a measurement study by collecting 17.2 million traceroutes from Tor relays to destinations around the Internet. We compare the collected traceroute paths to predicted paths using state-of-the-art path inference techniques. We find that traceroutes present a very different picture, with the set of ASes seen in the traceroute path differing from the predicted path 80% of the time. We also consider the impact that prediction errors have on Tor security. Using a simulator to choose paths over a week, our traceroutes indicate a user has nearly a 100% chance of at least one compromise in a week with 11% of total paths containing an AS compromise and less than 1% containing an IX compromise when using default Tor selection. We find modifying the path selection to choose paths predicted to be safe lowers total paths with an AS compromise to 0.14% but still presents a 5–11% chance of at least one compromise in a week while making 5% of paths fail, with 96% of failures due to false positives in path inferences. Our results demonstrate more measurement and better path prediction is necessary to mitigate the risk of AS and IX adversaries to Tor.

Keywords: Autonomous Systems; Internet Exchanges; Tor

References

  • [1] CollecTor. https://collector.torproject.org/. Accessed 04/27/2015.

  • [2] GeoLite Autonomous System Number Database, April 2014. http://www.maxmind.com/app/asnum. Accessed 05/07/2014.

  • [3] The CAIDA UCSD IPv4 Routed /24 Topology Dataset- Jan 02–04, 2014, April 2014. http://www.caida.org/data/active/ipv4_routed_24_topology_dataset.xml. Accessed 05/07/2014.

  • [4] B. Ager, N. Chatzis, A. Feldmann, N. Sarrar, S. Uhlig, and W. Willinger. Anatomy of a large European IXP. In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication, pages 163–174, 2012.Google Scholar

  • [5] M. Akhoondi, C. Yu, and H. Madhyastha. LASTor: A Low-Latency AS-Aware Tor Client. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, pages 476–490, 2012.Google Scholar

  • [6] B. Augustin, X. Cuvellier, B. Orgogozo, F. Viger, T. Friedman, M. Latapy, C. Magnien, and R. Teixeira. Avoiding traceroute anomalies with Paris traceroute. In Proceedings of the 6th ACM SIGCOMM conference on Internet Measurement Conference (IMC), pages 153–158, 2006.Google Scholar

  • [7] B. Augustin, B. Krishnamurthy, and W. Willinger. IXPs: mapped? In Proceedings of the 9th ACM SIGCOMM conference on Internet Measurement Conference (IMC), pages 336–349, 2009.Google Scholar

  • [8] K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker. Low-Resource Routing Attacks Against Tor. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES), 2007.Google Scholar

  • [9] R. Collon. Use of OSI IS-IS for Routing in TCP/IP and Dual Environments accessed 05/14/2015., December 1990. https://www.ietf.org/rfc/rfc1195.txt Accessed 05/14/2015.

  • [10] Í. Cunha, R. Teixeira, D. Veitch, and C. Diot. Predicting and tracking internet path changes. ACM SIGCOMM Computer Communication Review, 41(4):122–133, 2011.Web of ScienceGoogle Scholar

  • [11] I. Cunha, R. Teixeira, D. Veitch, and C. Diot. DTrack: A System to Predict and Track Internet Path Changes. IEEE/ACM Transactions on Networking, 22(4):1025–1038, 2014.CrossrefWeb of ScienceGoogle Scholar

  • [12] G. Danezis and P. Syverson. Bridging and Fingerprinting: Epistemic Attacks on Route Selection. In Proceedings of the 8th International Symposium on Privacy Enhancing Technologies Symposium (PETS), 2008.Google Scholar

  • [13] R. Dingledine, N. Hopper, G. Kadianakis, and N. Mathewson. One fast guard for life (or 9 months). In 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2014.Google Scholar

  • [14] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In Proceedings of the 13th USENIX Security Symposium, 2004.Google Scholar

  • [15] M. Edman and P. F. Syverson. AS-awareness in Tor Path Selection. In Proceedings of the 2009 ACM Conference on Computer and Communications Security (CCS), 2009.Google Scholar

  • [16] T. Elahi, K. Bauer, M. AlSabah, R. Dingledine, and I. Goldberg. Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES), pages 43–54, 2012.Google Scholar

  • [17] N. Feamster and R. Dingledine. Location Diversity in Anonymity Networks. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES), 2004.Google Scholar

  • [18] L. Gao. On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Transactions on Networking, 9(6), 2001.Google Scholar

  • [19] A. D. Jaggard, A. Johnson, P. Syverson, and J. Feigenbaum. Representing Network Trust and Using It to Improve Anonymous Communication. In In 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2014.Google Scholar

  • [20] X. Jin, W.-P. Yiu, S.-H. Chan, and Y. Wang. Network topology inference based on end-to-end measurements. IEEE Journal on Selected Areas in Communications, 24(12):2182–2195, 2006.Google Scholar

  • [21] A. Johnson, P. Syverson, R. Dingledine, and N. Mathewson. Trust-based Anonymous Communication: Adversary Models and Routing Algorithms. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pages 175–186, 2011.Google Scholar

  • [22] A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), 2013.Google Scholar

  • [23] J. P. J. Juen. Protecting Anonymity in the Presence of Autonomous System and Internet Exchange Level Adversaries. Master’s thesis, University of Illinois, 2012. http://hdl.handle.net/2142/34363.

  • [24] M. Luckie. Scamper: a scalable and extensible packet prober for active measurement of the internet. In Proceedings of the 10th ACM SIGCOMM conference on Internet Measurement Conference (IMC), pages 239–245. ACM, 2010.Google Scholar

  • [25] M. Luckie, B. Huffaker, k. claffy, A. Dhamdhere, and V. Giotsas. AS Relationships, Customer Cones, and Validation. In Proceedings of the 13th ACM SIGCOMM Conference Internet Measurement Conference (IMC), 2013.Google Scholar

  • [26] M. Luckie, Y. Hyun, and B. Huffaker. Traceroute Probe Method and Forward IP Path Inference. In Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement Conference (IMC), 2008.Google Scholar

  • [27] G. Malkin. RIP Version 2, November 1998. https://tools.ietf.org/html/rfc2453.

  • [28] Z. M. Mao, J. Rexford, J. Wang, and R. H. Katz. Towards an Accurate AS-level Traceroute Tool. In Proceedings of the ACM SIGCOMM 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, 2003.Google Scholar

  • [29] J. Moy. RFC 2328: OSPF Version 2, April 1998. http://www.ietf.org/rfc/rfc2328.txt. Accessed 05/14/2015.

  • [30] S. J. Murdoch and P. Zieliński. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries. In Proceedings of the Seventh Workshop on Privacy Enhancing Technologies Symposium (PETS), 2007.Google Scholar

  • [31] J. Qiu and L. Gao. AS Path Inference by Exploiting Known AS Paths. In In Proceedings of IEEE GLOBECOM, 2006.Google Scholar

  • [32] Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4), January 2006. https://www.ietf.org/rfc/rfc4271.txt Accessed 05/14/2015.

  • [33] P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an Analysis of Onion Routing Security. In Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pages 96–114, 2000.Google Scholar

  • [34] L. Vanbever, O. Li, J. Rexford, and P. Mittal. Anonymity on QuickSand: Using BGP to Compromise Tor. In Proceedings of the 13th ACM Workshop on Hot Topics in Networks (HotNet), 2014.Google Scholar

  • [35] C. Wacek, H. Tan, K. S. Bauer, and M. Sherr. An Empirical Evaluation of Relay Selection in Tor. In Network and Distributed System Security (NDSS), 2013.Google Scholar

  • [36] Y. Zhang, R. Oliveira, Y. Wang, S. Su, B. Zhang, J. Bi, H. Zhang, and L. Zhang. A framework to quantify the pitfalls of using traceroute in AS-level topology measurement. IEEE Journal on Selected Areas in Communications, 29(9):1822–1836, 2011.Web of ScienceGoogle Scholar

  • [37] Y. Zhang, V. Paxson, and S. Shenker. The Stationarity of Internet Path Properties: Routing, Loss, and Throughput. Technical report, In ACIRI Technical Report, 2000. https://www.cs.utexas.edu/~yzhang/papers/station-tr00.pdf.

About the article

Received: 2015-02-15

Revised: 2015-05-15

Accepted: 2015-05-15

Published Online: 2015-06-22

Published in Print: 2015-06-01


Citation Information: Proceedings on Privacy Enhancing Technologies, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2015-0021.

Export Citation

© Joshua Juen et al.. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. BY-NC-ND 3.0

Comments (0)

Please log in or register to comment.
Log in