More Web Proxy on the site http://driver.im/

research-article

Users get routed: traffic correlation on tor by realistic adversaries

Authors:

Paul SyversonAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 337 - 348

https://doi.org/10.1145/2508859.2516651

Published: 04 November 2013 Publication History

Abstract

We present the first analysis of the popular Tor anonymity network that indicates the security of typical users against reasonably realistic adversaries in the Tor network or in the underlying Internet. Our results show that Tor users are far more susceptible to compromise than indicated by prior work. Specific contributions of the paper include(1)a model of various typical kinds of users,(2)an adversary model that includes Tor network relays, autonomous systems(ASes), Internet exchange points (IXPs), and groups of IXPs drawn from empirical study,(3) metrics that indicate how secure users are over a period of time,(4) the most accurate topological model to date of ASes and IXPs as they relate to Tor usage and network configuration,(5) a novel realistic Tor path simulator (TorPS), and(6)analyses of security making use of all the above. To show that our approach is useful to explore alternatives and not just Tor as currently deployed, we also analyze a published alternative path selection algorithm, Congestion-Aware Tor. We create an empirical model of Tor congestion, identify novel attack vectors, and show that it too is more vulnerable than previously indicated.

References

[1]

0x539 Dev Group. Gobby: A Collaborative Text Editor.http://gobby.0x539.de, 2013.

[2]

T. G. Abbott, K. J. Lai, M. R. Lieberman, and E. C. Price. Browser-Based Attacks on Tor. In Privacy Enhancing Technologies Symposium (PETS), 2007.

Digital Library

[3]

M. Akhoondi, C. Yu, and H. V. Madhyastha. LASTor: A Low-Latency AS-Aware Tor Client. In IEEE Symposium on Security and Privacy (Oakland), 2012.

Digital Library

[4]

B. Augustin, B. Krishnamurthy, and W. Willinger. IXPs: Mapped? In ACM SIGCOMM Conference on Internet Measurement (IMC), November 2009.

Digital Library

[5]

S. L. Blond, P. Manils, A. Chaabane, M. A. Kaafar, A. Legout, C. Castellucia, and W. Dabbous. De-anonymizing BitTorrent Users on Tor (poster). In USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2010.

[6]

N. Borisov, G. Danezis, P. Mittal, and P. Tabriz. Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity. In ACM Conference on Computer and Communications Security (CCS), 2007.

Digital Library

[7]

X. Cai, J. Heidemann, B. Krishnamurthy, and W. Willinger. Towards an AS-to-organization Map. In Internet Measurement Conference, 2010.

Digital Library

[8]

X. Cai, X. C. Zhang, B. Joshi, and R. Johnson. Touching from a Distance: Website Fingerprinting Attacks and Defenses. In ACM Conference on Computer and Communications Security (CCS), 2012.

Digital Library

[9]

CAIDA. IPv4 Routed /24 Topology Dataset. http://www.caida.org/data/active/ipv4_routed_24_topology_dataset.xml, December 2012.

[10]

CAIDA. The CAIDA AS Relationships Dataset. http://www.caida.org/data/active/ as-relationships/, June 2012.

[11]

D. L. Chaum. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM, 24(2):84--90, 1981.

Digital Library

[12]

C. Díaz, S. Seys, J. Claessens, and B. Preneel. Towards Measuring Anonymity. In Privacy Enhancing Technologies (PET), 2003.

Digital Library

[13]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In USENIX Security Symposium (USENIX), 2004.

Digital Library

[14]

P. Eckersley. How Unique is Your Browser? In Privacy Enhancing Technologies Symposium (PETS), 2010.

Digital Library

[15]

M. Edman and P. Syverson. AS-Awareness in Tor Path Selection. In ACM Conference on Computer and Communications Security (CCS), 2009.

Digital Library

[16]

T. Elahi, K. Bauer, M. AlSabah, R. Dingledine, and I. Goldberg. Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor. In ACM Workshop on Privacy in the Electronic Society (WPES), 2012.

Digital Library

[17]

Equinix. Equinix Internet Exchange Enables Efficient Interconnection between Hundreds of Networks. http://www.equinix.com/solutions/by-services/interconnection/exchanges/equinix-internet-exchange/.

[18]

N. S. Evans, R. Dingledine, and C. Grothoff. A Practical Congestion Attack on Tor using Long Paths. In USENIX Security Symposium (USENIX), 2009.

Digital Library

[19]

N. Feamster and R. Dingledine. Location Diversity in Anonymity Networks. In ACM Workshop on Privacy in the Electronic Society (WPES), 2004.

Digital Library

[20]

J. Feigenbaum, A. Johnson, and P. Syverson. Probabilistic Analysis of Onion Routing in a Black-box Model. ACM Transactions on Information and System Security (TISSEC), 15(3):14:1--14:28, 2012.

Digital Library

[21]

L. Gao. On Inferring Autonomous System Relationships in the Internet. In IEEE/ACM Transactions on Networking, volume 9, pages 733--745, December 2001.

Digital Library

[22]

S. Hahn and K. Loesing. Privacy-preserving Ways to Estimate the Number of Tor Users, November 2010. Available at https://metrics.torproject.org/papers/countingusers-2010--11--30.pdf.

[23]

A. Hamel, J.-C. Grégoire, and I. Goldberg. The Misentropists: New Approaches to Measures in Tor. Technical Report 2011--18, Cheriton School of Computer Science, University of Waterloo, 2011.

[24]

N. Hopper, E. Y. Vasserman, and E. Chan-Tin. How Much Anonymity Does Network Latency Leak? ACM Transactions on Information and System Security (TISSEC), 13(2):13, 2010.

Digital Library

[25]

R. Jansen and N. Hopper. Shadow: Running Tor in a Box for Accurate and Efficient Experimentation. In Network and Distributed System Security Symposium (NDSS), 2012.

[26]

R. Jansen, K. Bauer, N. Hopper, and R. Dingledine. Methodically modeling the tor network. In USENIX Workshop on Cyber Security Experimentation and Test (CSET), August 2012.

Digital Library

[27]

A. Johnson, P. Syverson, R. Dingledine, and N. Mathewson. Trust-based anonymous communication: Adversary models and routing algorithms. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), pages 175--186. ACM, 2011.

Digital Library

[28]

J. P. J. Juen. Protecting Anonymity in the Presence of Autonomous System and Internet Exchange Level Adversaries. Master's thesis, University of Illinois, 2012.

[29]

S. J. Murdoch and G. Danezis. Low-Cost Traffic Analysis of Tor. In IEEE Symposium on Security and Privacy (Oakland), 2005.

Digital Library

[30]

S. J. Murdoch and P. Zielinski. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries. In Privacy Enhancing Technologies (PET), 2007.

Digital Library

[31]

Office of Engineering and Technology and Consumer and Governmental Affairs Bureau. A Report on Consumer Wireline Broadband Performance in the U.S. Technical report, Federal Communications Commission, February 2013.

[32]

L. Øverlier and P. Syverson. Locating Hidden Servers. In IEEE Symposium on Security and Privacy (Oakland), 2006.

Digital Library

[33]

J. Qiu and L. Gao. AS Path Inference by Exploiting Known AS Paths. In Global Telecommunications Conference, 2006.

[34]

A. Serjantov and G. Danezis. Towards an Information Theoretic Metric for Anonymity. In Privacy Enhancing Technologies (PET), 2003.

Digital Library

[35]

M. Sherr, M. Blaze, and B. T. Loo. Scalable Link-Based Relay Selection for Anonymous Routing. In Privacy Enhancing Technologies Symposium (PETS), August 2009.

Digital Library

[36]

R. Smits, D. Jain, S. Pidcock, I. Goldberg, and U. Hengartner. BridgeSPA: Improving Tor Bridges with Single Packet Authorization. In ACM Workshop on Privacy in the Electronic Society (WPES), 2011.

Digital Library

[37]

P. Syverson. Why I'm not an Entropist. In International Workshop on Security Protocols, 2009.

[38]

P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an Analysis of Onion Routing Security. In Designing Privacy Enhancing Technologies, 2000.

Digital Library

[39]

The Tor Project. Changelog Tor 0.2.4.12-alpha. https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=ChangeLog.

[40]

Tor Project, Inc. Tor Metrics Portal. https://metrics.torproject.org/, 2013.

[41]

Tor Project, Inc. The Tor Project. https://www.torproject.org/, 2013.

[42]

TorPS. TorPS: The Tor Path Simulator. http://torps.github.io, 2013.

[43]

University of Oregon. RouteViews Project. http://www. routeviews.org/, 2013.

[44]

C. Wacek, H. Tan, K. Bauer, and M. Sherr. An Empirical Evaluation of Relay Selection in Tor. In Network and Distributed System Security Symposium (NDSS), 2013.

[45]

T. Wang, K. Bauer, C. Forero, and I. Goldberg. Congestionaware Path Selection for Tor. In Financial Cryptography and Security (FC), 2012.

[46]

L. Wasserman. All of Nonparametric Statistics (Springer Texts in Statistics). Springer-Verlag New York, Inc., Secaucus, NJ, USA, 2006.

Digital Library

[47]

M. Wright, M. Adler, B. N. Levine, and C. Shields. The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC), 4(7):489--522, November 2004.

Digital Library

Cited By

Huang WWu HLi ZXie XZhang QWang XZhao JShi J(2025)K8s-enhanced lightweight simulation method for the Tor networkSecurity and Safety10.1051/sands/20240244(2024024)Online publication date: 5-Mar-2025
https://doi.org/10.1051/sands/2024024
Zhao HSong X(2024)TOAR: Toward Resisting AS-Level Adversary Correlation Attacks Optimal Anonymous RoutingMathematics10.3390/math1223364012:23(3640)Online publication date: 21-Nov-2024
https://doi.org/10.3390/math12233640
Zhu DTu JCai DJiang TXiahou JChen YLiu C(2024)SRFACS: A secure and robust framework for anonymous communication systemsPLOS ONE10.1371/journal.pone.031281719:12(e0312817)Online publication date: 2-Dec-2024
https://doi.org/10.1371/journal.pone.0312817
Show More Cited By

Index Terms

Users get routed: traffic correlation on tor by realistic adversaries
1. Security and privacy
  1. Network security

Recommendations

How to Find Hidden Users: A Survey of Attacks on Anonymity Networks
Communication privacy has been a growing concern, particularly with the Internet becoming a major hub of our daily interactions. Revelations of government tracking and corporate profiling have resulted in increasing interest in anonymous communication ...
On Evaluating Anonymity of Onion Routing
Selected Areas in Cryptography
Abstract
Anonymous communication networks (ACNs) aim to thwart an adversary, who controls or observes chunks of the communication network, from determining the respective identities of two communicating parties. We focus on low-latency ACNs such as Tor, ...
Certificateless onion routing
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Onion routing protocols allow users to establish anonymous channels to preserve their privacy over a public network. Several protocols implementing this primitive have been proposed in recent years, and TOR, a real-life implementation, provides an onion ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

172
Total Citations
View Citations
1,467
Total Downloads

Downloads (Last 12 months)104
Downloads (Last 6 weeks)12

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Huang WWu HLi ZXie XZhang QWang XZhao JShi J(2025)K8s-enhanced lightweight simulation method for the Tor networkSecurity and Safety10.1051/sands/20240244(2024024)Online publication date: 5-Mar-2025
https://doi.org/10.1051/sands/2024024
Zhao HSong X(2024)TOAR: Toward Resisting AS-Level Adversary Correlation Attacks Optimal Anonymous RoutingMathematics10.3390/math1223364012:23(3640)Online publication date: 21-Nov-2024
https://doi.org/10.3390/math12233640
Zhu DTu JCai DJiang TXiahou JChen YLiu C(2024)SRFACS: A secure and robust framework for anonymous communication systemsPLOS ONE10.1371/journal.pone.031281719:12(e0312817)Online publication date: 2-Dec-2024
https://doi.org/10.1371/journal.pone.0312817
Zhai JZhang KZeng XMeng YLiu G(2024)FlowCorrGCN: Enhancing Flow Correlation Through Graph Convolutional Networks and Triplet NetworksInternational Journal of Intelligent Systems10.1155/2024/88235112024:1Online publication date: 30-Oct-2024
https://doi.org/10.1155/2024/8823511
Pahl SKaiser DEngel TAdamsky FAyday EVaidya J(2024)OnionVPN: Onion Routing-Based VPN-Tunnels with Onion ServicesProceedings of the 23rd Workshop on Privacy in the Electronic Society10.1145/3689943.3695043(17-33)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689943.3695043
Luo ZBhat ANayak KKate A(2024)Attacking and Improving the Tor Directory Protocol2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00083(3221-3237)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00083
Tan RTan QWang HXie YZhang P(2024)P-I2Prange: An Automatic Construction Architecture for Scenarios in I2P Ranges2024 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN60899.2024.10651444(1-10)Online publication date: 30-Jun-2024
https://doi.org/10.1109/IJCNN60899.2024.10651444
Meng XLiang M(2024)Node Selection-Based Anonymous Network Performance Optimization Method2024 9th International Conference on Computer and Communication Systems (ICCCS)10.1109/ICCCS61882.2024.10602902(456-461)Online publication date: 19-Apr-2024
https://doi.org/10.1109/ICCCS61882.2024.10602902
Yang MPeng WSong XMa XLiu LHu N(2024)SDCRT: An Anonymous Communication Network Routing Algorithm Based on SDN Architecture2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC)10.1109/DSC63484.2024.00083(555-562)Online publication date: 23-Aug-2024
https://doi.org/10.1109/DSC63484.2024.00083
Chao DXu DGao FZhang CZhang WZhu L(2024)A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and FormalizationIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335000626:3(1775-1829)Online publication date: Nov-2025
https://doi.org/10.1109/COMST.2024.3350006
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten