Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

DeNASA: Destination-Naive AS-Awareness in Anonymous Communications

Armon Barton / Matthew Wright
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0044


Prior approaches to AS-aware path selection in Tor do not consider node bandwidth or the other characteristics that Tor uses to ensure load balancing and quality of service. Further, since the AS path from the client’s exit to her destination can only be inferred once the destination is known, the prior approaches may have problems constructing circuits in advance, which is important for Tor performance. In this paper, we propose and evaluate DeNASA, a new approach to AS-aware path selection that is destination-naive, in that it does not need to know the client’s destination to pick paths, and that takes advantage of Tor’s circuit selection algorithm. To this end, we first identify the most probable ASes to be traversed by Tor streams. We call this set of ASes the Suspect AS list and find that it consists of eight highest ranking Tier 1 ASes. Then, we test the accuracy of Qiu and Gao AS-level path inference on identifying the presence of these ASes in the path, and we show that inference accuracy is 90%. We develop an AS-aware algorithm called DeNASA that uses Qiu and Gao inference to avoid Suspect ASes. DeNASA reduces Tor stream vulnerability by 74%. We also show that DeNASA has performance similar to Tor. Due to the destination-naive property, time to first byte (TTFB) is close to Tor’s, and due to leveraging Tor’s bandwidth-weighted relay selection, time to last byte (TTLB) is also similar to Tor’s.

Keywords: Anonymity; Tor


  • [1] Masoud Akhoondi, Chu Yu, and Harsha V Madhyastha. LASTor: A low-latency AS-aware Tor client. In IEEE S&P, 2012.Web of ScienceGoogle Scholar

  • [2] Alexa.com. Alexa top sites., June 2015. http://www.alexa.com/topsites.Google Scholar

  • [3] bgpVista. Swordqiu, March 2015. http://www.bgpvista.com/asinfer.php.Google Scholar

  • [4] Nikita Borisov, George Danezis, Prateek Mittal, and Parisa Tabriz. Denial of service or denial of security? In CCS, 2007.Google Scholar

  • [5] CAIDA. CAIDA AS ranking, June 2015. http://as-rank.caida.org/.Google Scholar

  • [6] CAIDA. The CAIDA UCSD IPv4 routed /24 topology dataset, June 2015. http://www.caida.org/data/active/ipv4routed24topologydataset.xml.Google Scholar

  • [7] CAIDA. The CAIDA AS relationships, January 2016. http: //www.caida.org/data/as-relationships/.Google Scholar

  • [8] Claudia Diaz, Stefaan Seys, Joris Claessens, and Bart Preneel. Towards measuring anonymity. In PETS, 2003.Google Scholar

  • [9] Roger Dingledine, Nicholas Hopper, George Kadianakis, and Nick Mathewson. One fast guard for life (or 9 months). In HotPETs, 2014.Google Scholar

  • [10] Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. In USENIX Security, 2004.Google Scholar

  • [11] Matthew Edman and Paul Syverson. AS-awareness in Tor path selection. In CCS, 2009.Google Scholar

  • [12] Nick Feamster and Roger Dingledine. Location diversity in anonymity networks. In WPES, 2004.Google Scholar

  • [13] Lixin Gao. On inferring autonomous system relationships in the Internet. ACM/IEEE Transactions on Networks (TON), 9(6), 2001. Google Scholar

  • [14] Jamie Hayes and George Danezis. Guard sets for onion routing. In PETS, 2015.Google Scholar

  • [15] Tor Project Inc. Tor Metrics, June 2015. https://metrics.torproject.org.Google Scholar

  • [16] Rob Jansen, Kevin S Bauer, Nicholas Hopper, and Roger Dingledine. Methodically modeling the Tor network. In CSET, 2012.Google Scholar

  • [17] Rob Jansen, John Geddes, Chris Wacek, Micah Sherr, and Paul Syverson. Never been KIST: Tor's congestion man- agement blossoms with kernel-informed socket transport. In USENIX Security, 2014.Google Scholar

  • [18] Rob Jansen and Nicholas Hopper. Shadow: Running Tor in a box for accurate and efficient experimentation. In NDSS, 2012.Google Scholar

  • [19] Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. Users get routed: Traffic correlation on Tor by realistic adversaries. In CCS, 2013.Google Scholar

  • [20] Joshua Juen. Protecting anonymity in the presence of autonomous system and Internet exchange level adversaries. Master's thesis, University of Illinois, http://hdl.handle.net/2142/34363, 2012.Google Scholar

  • [21] Joshua Juen, Aaron Johnson, Anupam Das, Nikita Borisov, and Matthew Caesar. Defending Tor from network adver- saries: A case study of network path prediction. In PETS, 2015.Google Scholar

  • [22] Z Morley Mao, Lili Qiu, Jia Wang, and Yin Zhang. On AS- level path inference. In SIGMETRICS, 2005.Google Scholar

  • [23] Zhuoqing Morley Mao, Jennifer Rexford, Jia Wang, and Randy H Katz. Towards an accurate AS-level traceroute tool. In SIGCOMM, 2003.Google Scholar

  • [24] Steven J Murdoch and George Danezis. Low-cost traffic analysis of Tor. In IEEE S&P, 2005.Google Scholar

  • [25] Steven J Murdoch and Piotr Zielinski. Sampled traffic analysis by Internet-exchange-level adversaries. In PETS, 2007.Google Scholar

  • [26] Lasse Overlier and Paul Syverson. Locating hidden servers. In IEEE S&P, 2006.Google Scholar

  • [27] Jian Qiu and Lixin Gao. Cam04-4: AS path inference by exploiting known AS paths. In GLOBECOM, 2006.Google Scholar

  • [28] Oleksii Starov, Rishab Nithyanand, Adva Zair, Phillipa Gill, and Michael Schapira. Measuring and mitigating AS-level adversaries against Tor. In NDSS, 2016.Google Scholar

  • [29] Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, and Prateek Mittal. RAP- TOR: Routing attacks on privacy in Tor. In USENIX Security, 2015.Google Scholar

  • [30] Paul Syverson, Gene Tsudik, Michael Reed, and Carl Landwehr. Towards an analysis of onion routing security. In Designing Privacy Enhancing Technologies, 2001.Google Scholar

  • [31] TorPS. TorPS: The Tor path simulator. http://torps.github.io.Google Scholar

  • [32] Chris Wacek, Henry Tan, Kevin S Bauer, and Micah Sherr. An empirical evaluation of relay selection in Tor. In NDSS, 2013.Google Scholar

  • [33] Matthew Wright, Micah Adler, Brian N Levine, and Clay Shields. Defending anonymous communications against passive logging attacks. In IEEE S&P, 2003.Google Scholar

  • [34] Matthew K Wright, Micah Adler, Brian Neil Levine, and Clay Shields. The predecessor attack: An analysis of a threat to anonymous communications systems. TISSEC, 7(4), 2004.Google Scholar

  • [35] Matthew K Wright, Micah Adler, Brian Neil Levine, and Clay Shields. Passive-logging attacks against anonymous communications systems. TISSEC, 11(2), 2008.Web of ScienceGoogle Scholar

About the article

Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2016, Issue 4, Pages 356–372, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0044.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Comments (0)

Please log in or register to comment.
Log in