TOAR: Toward Resisting AS-Level Adversary Correlation Attacks Optimal Anonymous Routing
<p>Scenarios of traffic correlation attacks by a single AS-level adversary.</p> "> Figure 2
<p>System model schematic.</p> "> Figure 3
<p>Instance of the optimal AS routing problem with policy constraints.</p> "> Figure 4
<p>Software defined inter-domain programmable interface.</p> "> Figure 5
<p>Process of route negotiation and route confirmation.</p> "> Figure 6
<p>Impact of path length <math display="inline"><semantics> <mrow> <mi>n</mi> </mrow> </semantics></math> on the probability <math display="inline"><semantics> <mrow> <mi>d</mi> </mrow> </semantics></math>.</p> "> Figure 7
<p>Trend of security policy function <math display="inline"><semantics> <mrow> <mi>d</mi> <mo>(</mo> <mi>p</mi> <mo>,</mo> <mi>k</mi> <mo>,</mo> <mi>m</mi> <mo>,</mo> <mi>n</mi> <mo>)</mo> </mrow> </semantics></math>.</p> "> Figure 8
<p>The <math display="inline"><semantics> <mrow> <mo>∆</mo> <mi>C</mi> </mrow> </semantics></math> statistic of the results.</p> "> Figure 9
<p>Percentage of search effectiveness.</p> "> Figure 10
<p>SDN experiment environment.</p> "> Figure 11
<p>Impact of data size changed on throughput.</p> "> Figure 12
<p>Communication latency.</p> "> Figure 13
<p>Throughput of route forwarding.</p> ">
Abstract
:1. Introduction
- We propose a novel two-stage (i.e., route searching and route forwarding) routing mechanism, TOAR, based on Bayesian optimization. It effectively addresses the issue of diminished anonymity in Tor resulting from AS-level correlation attacks and reduces high latency caused by routing detours.
- In TOAR, we design a software-defined programmable interface that facilitates querying routing policy information and confirming routing selections, enabling flexible end-to-end source routing choices.
- We conduct a comprehensive analysis and extensive experiments to assess TOAR’s anonymity, along with the effectiveness of route searching and route forwarding performance. The results indicate that TOAR provides stronger anonymity and improves communication performance.
2. Background and Motivation
3. System Model
3.1. Basic Definitions
3.2. Optimal Anonymous Routing Problem
- The AS path length of route does not exceed .
- Each AS traversed by route complies with the export policy.
- Route adheres to the pricing policy, with a total cost less than Bmax.
- Route r follows the security policy and does not traverse the same AS more than once.
4. Design of TOAR
4.1. First Stage Algorithm for Simplified Security Policy Function
Algorithm 1 (SKCR) |
Require: Ensure: |
|
4.2. Second Stage Algorithm for Full Security Policy Function
Algorithm 2 Iterative optimal search routing algorithm |
Require:G, , Ensure:r |
|
4.3. Programmable Interface for Anonymous Routing
5. Anonymity Analysis
6. Evaluation
6.1. Effectiveness Analysis
- Effectiveness of Security Policy Functions:
- Effectiveness of Expectation Improvement Function:
- Effectiveness of search results:
6.2. Network Performance Measurement
- Throughout evaluation for TOAR:
- Anonymous route effectiveness:
7. Related Works
8. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Dingledine, R.; Mathewson, N.; Syverson, P.F. Tor: The second-generation onion router. In Proceedings of the USENIX Security Symposium, San Diego, CA, USA, 9–13 August 2004. [Google Scholar] [CrossRef]
- Tor Metrics. Available online: https://metrics.torproject.org (accessed on 17 October 2024).
- Nasr, M.; Bahramali, A.; Houmansadr, A. Deepcorr: Strong flow correlation attacks on tor using deep learning. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018. [Google Scholar] [CrossRef]
- Xu, Y.; Yang, M.; Ling, Z.; Liu, Z.; Gu, X.; Luo, L. A De-anonymization Attack against Downloaders in Freenet. In Proceedings of the IEEE Conference on Computer Communications, New York, NY, USA, 15–19 October 2024. [Google Scholar] [CrossRef]
- Chao, D.; Xu, D.; Gao, F.; Zhang, C.; Zhang, W.; Zhu, L. A Systematic Survey On Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and Formalization. IEEE Commun. Surv. Tutor. 2024, 26, 1775–1829. [Google Scholar] [CrossRef]
- Gegenhuber, G.K.; Maier, M.; Holzbauer, F.; Mayer, W.; Merzdovnik, G.; Weippl, E.; Ullrich, J. An extended view on measuring tor as-level adversaries. Comput. Secur. 2023, 132, 103302. [Google Scholar] [CrossRef]
- Lopes, D.; Dong, J.-D.; Medeiros, P.; Castro, D.; Barradas, D.; Portela, B.; Vinagre, J.; Ferreira, B.; Christin, N.; Santos, N. Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA, 26 February–1 March 2024. [Google Scholar] [CrossRef]
- Guan, Z.; Liu, C.; Gou, G.; Li, Z.; Xiong, G.; Ding, Y.; Hou, C. A blind flow fingerprinting and correlation method against disturbed anonymous traffic based on pattern reconstruction. Comput. Netw. 2024, 254, 110831. [Google Scholar] [CrossRef]
- Hogan, K.; Servan-Schreiber, S.; Newman, Z.; Weintraub, B.; Nita-Rotaru, C.; Devadas, S. Shortor: Improving tor network latency via multi-hop overlay routing. In Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 22–26 May 2022. [Google Scholar] [CrossRef]
- Rochet, F.; Wails, R.; Johnson, A.; Mittal, P.; Pereira, O. CLAPS: Client-Location-Aware Path Selection in Tor. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Virtual Event USA, 9–13 November 2020; Association for Computing Machinery: New York, NY, USA, 2020; pp. 17–34. [Google Scholar] [CrossRef]
- Rahimi, M. CLAM: Client-aware routing in mix networks. In Proceedings of the ACM Workshop on Information Hiding and Multimedia Security, Baiona, Spain, 24–26 June 2024. [Google Scholar] [CrossRef]
- Sun, Y.; Edmundson, A.; Feamster, N.; Chiang, M.; Mittal, P. Counter-RAPTOR: Safeguarding Tor against active routing attacks. In Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, USA, 22–26 May 2017. [Google Scholar] [CrossRef]
- Mitseva, A.; Aleksandrova, M.; Engel, T.; Panchenko, A. Security and performance implications of BGP rerouting-resistant guard selection algorithms for Tor. Comput. Secur. 2023, 132, 103374. [Google Scholar] [CrossRef]
- Mathewon, N.; Dingledine, R. Location Diversity in Anonymity Networks. In Proceedings of the ACM Workshop on Privacy in the Electronic Society, Washington, DC, USA, 28 October 2004; Association for Computing Machinery: New York, NY, USA. [Google Scholar] [CrossRef]
- Johnson, A.; Wacek, C.; Jansen, R.; Sherr, M.; Syverson, P. Users get routed: Traffic correlation on Tor by realistic adversaries. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 4–8 November 2013. [Google Scholar] [CrossRef]
- Nithyanand, R.; Starov, O.; Zair, A.; Gill, P.; Schapira, M.J.a.p.a. Measuring and mitigating AS-level adversaries against Tor. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA, 21–24 February 2016. [Google Scholar] [CrossRef]
- Sun, Y.; Edmundson, A.; Vanbever, L.; Li, O.; Rexford, J.; Chiang, M.; Mittal, P. {RAPTOR}: Routing attacks on privacy in tor. In Proceedings of the USENIX Security Symposium, Washington, DC, USA, 12–14 August 2015; Available online: https://dl.acm.org/doi/abs/10.5555/2831143.2831161 (accessed on 17 October 2024).
- McCoy, D.; Bauer, K.; Grunwald, D.; Kohno, T.; Sicker, D. Shining light in dark places: Understanding the Tor network. In Proceedings of the Privacy Enhancing Technologies, Leuven, Belgium, 23–25 July 2008. [Google Scholar] [CrossRef]
- Xiang, Q.; Zhang, J.; Gao, K.; Lim, Y.-s.; Le, F.; Li, G.; Yang, Y.R. Toward optimal software-defined interdomain routing. In Proceedings of the IEEE Conference on Computer Communications, Toronto, ON, Canada, 6–9 July 2020. [Google Scholar] [CrossRef]
- Hsiao, H.-C.; Kim, T.H.-J.; Perrig, A.; Yamada, A.; Nelson, S.C.; Gruteser, M.; Meng, W. LAP: Lightweight anonymity and privacy. In Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 20–23 May 2012. [Google Scholar] [CrossRef]
- Reiter, M.K.; Rubin, A.D. Crowds: Anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1998, 1, 66–92. Available online: https://dl.acm.org/doi/pdf/10.1145/290163.290168 (accessed on 17 October 2024). [CrossRef]
- Wu, Z.; Zhou, Y.; Ma, J. A security transmission model for Internet of things. Chin. J. Comput. 2011, 34, 1351–1364. [Google Scholar] [CrossRef]
- Feng, L.; Ni, X.; Ling, Z.; Wang, L. Strong anonymous communication system based on segment routing over sdn. Comput. J. 2023, 66, 3092–3106. [Google Scholar] [CrossRef]
- Akhoondi, M.; Yu, C.; Madhyastha, H.V. LASTor: A low-latency AS-aware Tor client. In Proceedings of the IEEE Symposium on Security and Privacy, Sam Francisco, CA, USA, 20–23 May 2012. [Google Scholar] [CrossRef]
- Edman, M.; Syverson, P. AS-awareness in Tor path selection. In Proceedings of the ACM Conference on Computer and Communications Security, Chicago, IL, USA, 9–13 November 2009. [Google Scholar] [CrossRef]
- Barton, A.; Wright, M. Denasa: Destination-naive as-awareness in anonymous communications. Proc. Priv. Enhancing Technol. 2016, 2016, 356–372. [Google Scholar] [CrossRef]
- Lin, P.; Hart, J.; Krishnaswamy, U.; Murakami, T.; Kobayashi, M.; Al-Shabibi, A.; Wang, K.-C.; Bi, J. Seamless interworking of SDN and IP. In Proceedings of the ACM SIGCOMM, Hong Kong, China, 12–16 August 2013. [Google Scholar] [CrossRef]
- Zhang, X.; Hsiao, H.-C.; Hasker, G.; Chan, H.; Perrig, A.; Andersen, D.G. SCION: Scalability, control, and isolation on next-generation networks. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 22–25 May 2011. [Google Scholar] [CrossRef]
- Peter, S.; Javed, U.; Zhang, Q.; Woos, D.; Anderson, T.; Krishnamurthy, A. One tunnel is (often) enough. ACM SIGCOMM Comput. Commun. Rev. 2014, 44, 99–110. [Google Scholar] [CrossRef]
- Xu, W.; Rexford, J. MIRO: Multi-path interdomain routing. In Proceedings of the ACM SIGCOMM, Pisa, Italy, 11–15 September 2006. [Google Scholar] [CrossRef]
- Yang, X.; Clark, D.; Berger, A.W. NIRA: A new inter-domain routing architecture. IEEE/ACM Trans. Netw. 2007, 15, 775–788. [Google Scholar] [CrossRef]
- Gupta, A.; Vanbever, L.; Shahbaz, M.; Donovan, S.P.; Schlinker, B.; Feamster, N.; Rexford, J.; Shenker, S.; Clark, R.; Katz-Bassett, E. Sdx: A software defined internet exchange. ACM SIGCOMM Comput. Commun. Rev. 2014, 44, 551–562. [Google Scholar] [CrossRef]
- Godfrey, P.B.; Ganichev, I.; Shenker, S.; Stoica, I. Pathlet routing. ACM SIGCOMM Comput. Commun. Rev. 2009, 39, 111–122. [Google Scholar] [CrossRef]
- Bajic, A.; Becker, G.T. dPHI: An improved high-speed network-layer anonymity protocol. Proc. Priv. Enhancing Technol. 2020, 2020, 304–326. [Google Scholar] [CrossRef]
- Chen, C.; Asoni, D.E.; Barrera, D.; Danezis, G.; Perrig, A. HORNET: High-speed onion routing at the network layer. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015. [Google Scholar] [CrossRef]
- Sankey, J.; Wright, M. Dovetail: Stronger anonymity in next-generation internet routing. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium, Amsterdam, The Netherlands, 16–18 July 2014. [Google Scholar] [CrossRef]
- Chen, C.; Perrig, A. Phi: Path-hidden lightweight anonymity protocol at network layer. Proc. Priv. Enhancing Technol. 2017, 2017, 100–117. [Google Scholar] [CrossRef]
- Chen, C.; Asoni, D.E.; Perrig, A.; Barrera, D.; Danezis, G.; Troncoso, C. TARANET: Traffic-analysis resistant anonymity at the network layer. In Proceedings of the IEEE European Symposium on Security and Privacy, London, UK, 24–26 April 2018. [Google Scholar] [CrossRef]
- Zhu, T.; Feng, D.; Wang, F.; Hua, Y.; Shi, Q.; Liu, J.; Cheng, Y.; Wan, Y. Efficient anonymous communication in SDN-based data center networks. IEEE/ACM Trans. Netw. 2017, 25, 3767–3780. [Google Scholar] [CrossRef]
Notations | Definitions |
---|---|
edges. | |
S, D | Sender and destination. |
can be any symbol representing a route. | |
= |AC|. | |
. | |
Simplified inter-routing is direction. | |
is attacked. | |
. | |
Maximum number of shared nodes selected by the user. | |
. | |
. | |
; the degree of path safety. | |
. | |
. |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhao, H.; Song, X. TOAR: Toward Resisting AS-Level Adversary Correlation Attacks Optimal Anonymous Routing. Mathematics 2024, 12, 3640. https://doi.org/10.3390/math12233640
Zhao H, Song X. TOAR: Toward Resisting AS-Level Adversary Correlation Attacks Optimal Anonymous Routing. Mathematics. 2024; 12(23):3640. https://doi.org/10.3390/math12233640
Chicago/Turabian StyleZhao, Hui, and Xiangmei Song. 2024. "TOAR: Toward Resisting AS-Level Adversary Correlation Attacks Optimal Anonymous Routing" Mathematics 12, no. 23: 3640. https://doi.org/10.3390/math12233640
APA StyleZhao, H., & Song, X. (2024). TOAR: Toward Resisting AS-Level Adversary Correlation Attacks Optimal Anonymous Routing. Mathematics, 12(23), 3640. https://doi.org/10.3390/math12233640