Rob Jansen, U.S. Naval Research Laboratory

Slides:

Advertisements

Similar presentations

Tor: The Second-Generation Onion Router

Advertisements

Internetworking II: MPLS, Security, and Traffic Engineering

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.

Traffic Characterization Dr. Abdulaziz Almulhem. Almulhem©20012 Agenda Traffic characterization Switching techniques Internetworking, again.

Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.

Lecture 15 Denial of Service Attacks

Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory

University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.

--Harish Reddy Vemula Distributed Denial of Service.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Traffic Analysis: Network Flow Watermarking Amir Houmansadr CS660: Advanced Information Assurance Spring CS660 - Advanced Information Assurance.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

Guard Sets for Onion Routing JOSHUA FREE. Tor Most popular low-latency distributed anonymity network Controversial decisions of guard selection strategies.

Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Hiral Chhaya CDA 6133.

Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–

Victor Farbman and Maxim Trosman Under guidance of Amichai Shulman.

How Low Can You Go: Balancing Performance with Anonymity in Tor’ DC-Area Anonymity,Privacy, and Security Seminar May 10 th, 2013 Rob Jansen U.S. Naval.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

Shadow: Scalable Simulation for Systems Security Research CrySP Speaker Series on Privacy University of Waterloo January 20 th, 2016 Rob Jansen U.S. Naval.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)

Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.

Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Privacy-Implications of Performance-Based.

Systems Architecture Anonymous Key Agreement Dominik Oepen

Identifying and Characterizing Sybils in the Tor network Presenter: Yiying Sun 1.

Safely Measuring Tor Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems 23 rd Conference on Computer and Communication.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum

Improving Tor’s Security with Trust-Aware Path Selection Aaron Johnson

Unit 1:Frame Relay.

PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale.

CS590B/690B Detecting Network Interference (Fall 2016)

CS590B/690B Detecting Network Interference (Fall 2016)

CS590B/690B Detecting Network Interference (FALL 2016)

Shadow: Real Applications, Simulated Networks

CONTRA Camouflage of Network Traffic to Resist Attack (Intrusion Tolerance Using Masking, Redundancy and Dispersion) DARPA OASIS PI Meeting – Hilton Head.

Introduction to Networking

Performance Enhancements for Tor

Security in Networking

Inside Job: Applying Traffic Analysis to Measure Tor from Within

File Transfer Protocol

Privacy Through Anonymous Connection and Browsing

Measuring and Monitoring the Tor Network Aaron Johnson

0x1A Great Papers in Computer Security

Re3 : Relay Reliability Reputation for Anonymity Systems

Anupam Das , Nikita Borisov

Shadow: Scalable and Deterministic Network Experimentation

Chapter 4 Frame Relay Chapter 4 Frame Relay.

Anupam Das , Nikita Borisov

The Tor Network: Freedom and Privacy Online Aaron Johnson U. S

Privacy-Preserving Dynamic Learning of Tor Network Traffic

CS590B/690B Detecting network interference (Spring 2018)

An Overview of Security Issues in Sensor Network

Module 4 System and Application Security

Presentation transcript:

Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor Rob Jansen, U.S. Naval Research Laboratory Tavish Vaidya, Georgetown University Micah Sherr, Georgetown University Rob Jansen Center for High Assurance Computer Systems U.S. Naval Research Laboratory 28th USENIX Security Symposium Hyatt Regency, Santa Clara, CA, USA August 16th, 2019

Most Exciting Contribution Explore the costs and effects of bandwidth denial-of-service attacks on Tor 47% Slower 3 Gbit/s $140 - $1.6K / mo. U.S. Naval Research Laboratory

Tor Protects Users Anonymous Communication Tor is Popular Separates identification from routing Provides unlinkable communication Protects user privacy and safety online Tor is Popular ~2-8 million daily active users ~6,500 volunteer relays Transferring ~200 Gbit/s U.S. Naval Research Laboratory

Anonymity Attacks against Tor Website fingerprinting attacks CCSW’09, WPES’11, CCS’12, WPES’13, Sec’14, NDSS’16, Sec’16, NDSS’18, CCS’18 Traffic correlation attacks S&P’05, PET’07, Sec’09, CCS’09, TISSEC’10, CCS’11, PETS’13, CCS’13, CN’13, NDSS’14, CCS’18, Routing attacks WPES’07, CCS’07, Sec’15, PETS’16, S&P’17, PETS’18 U.S. Naval Research Laboratory

Anonymity Attacks against Tor Website fingerprinting attacks CCSW’09, WPES’11, CCS’12, WPES’13, Sec’14, NDSS’16, Sec’16, NDSS’18, CCS’18 Traffic correlation attacks S&P’05, PET’07, Sec’09, CCS’09, TISSEC’10, CCS’11, PETS’13, CCS’13, CN’13, NDSS’14, CCS’18, Routing attacks WPES’07, CCS’07, Sec’15, PETS’16, S&P’17, PETS’18 U.S. Naval Research Laboratory

Our Focus: Denial-of-Service Attacks U.S. Naval Research Laboratory

Our Focus: Denial-of-Service Attacks 2007 2008 2009 2013 2014 2019 U.S. Naval Research Laboratory

Our Focus: Denial-of-Service Attacks Borisov et al. CCS’07 Selective service refusal Geddes et al. WPES’14 Socket Exhaustion 2007 2008 2009 2013 2014 2019 U.S. Naval Research Laboratory

Our Focus: Denial-of-Service Attacks Borisov et al. CCS’07 Selective service refusal Geddes et al. WPES’14 Socket Exhaustion Barbera et al. ESORICS’13 Cell Flood Pappas et al. InfoSec’08 Packet Spinning 2007 2008 2009 2013 2014 2019 U.S. Naval Research Laboratory

Our Focus: Denial-of-Service Attacks Borisov et al. CCS’07 Selective service refusal Geddes et al. WPES’14 Socket Exhaustion Evans et al. Sec’09 Long Paths Barbera et al. ESORICS’13 Cell Flood Pappas et al. InfoSec’08 Packet Spinning 2007 2008 2009 2013 2014 2019 U.S. Naval Research Laboratory

Our Focus: Denial-of-Service Attacks Borisov et al. CCS’07 Selective service refusal Geddes et al. WPES’14 Socket Exhaustion Evans et al. Sec’09 Long Paths Barbera et al. ESORICS’13 Cell Flood Pappas et al. InfoSec’08 Packet Spinning Jansen et al. NDSS’14 Sniper Attack 2007 2008 2009 2013 2014 2019 U.S. Naval Research Laboratory

Our Focus: Denial-of-Service Attacks Borisov et al. CCS’07 Selective service refusal Geddes et al. WPES’14 Socket Exhaustion Evans et al. Sec’09 Long Paths This Work Long Paths + Sniper Barbera et al. ESORICS’13 Cell Flood Pappas et al. InfoSec’08 Packet Spinning Jansen et al. NDSS’14 Sniper Attack 2007 2008 2009 2013 2014 2019 U.S. Naval Research Laboratory

DoS against Tor – A Realistic Threat https://trac.torproject.org/projects/tor/ticket/24902 U.S. Naval Research Laboratory

Research Questions and Summary of Results Component Cost Effect Bridges $17,000 / mo. 44% slower TorFlow BW Scanners $2,800 / mo. 80% slower Relays $140 - $1,600 / mo. or $6,300 / mo. 47% slower or 120% slower RQ1: How is Tor vulnerable to bandwidth-based DoS (BW DoS) attacks? RQ2: How costly are BW DoS attacks to carry out? RQ3: What effects does BW DoS have on Tor performance and reliability? U.S. Naval Research Laboratory

Research Questions and Summary of Results Component Cost Effect Bridges $17,000 / mo. 44% slower TorFlow BW Scanners $2,800 / mo. 80% slower Relays $140 - $1,600 / mo. or $6,300 / mo. 47% slower or 120% slower Ethical research: No attacks on the public Tor network Analyzed performance effects with Shadow Conducted some Tor measurements as client, stored no information about users RQ1: How is Tor vulnerable to bandwidth-based DoS (BW DoS) attacks? RQ2: How costly are BW DoS attacks to carry out? RQ3: What effects does BW DoS have on Tor performance and reliability? U.S. Naval Research Laboratory

Research Questions and Summary of Results Component Cost Effect Bridges $17,000 / mo. 44% slower TorFlow BW Scanners $2,800 / mo. 80% slower Relays $140 - $1,600 / mo. or $6,300 / mo. 47% slower or 120% slower RQ1: How is Tor vulnerable to bandwidth-based DoS (BW DoS) attacks? RQ2: How costly are BW DoS attacks to carry out? RQ3: What effects does BW DoS have on Tor performance and reliability? U.S. Naval Research Laboratory

Attack

How Tor Works = Circuit = Stream U.S. Naval Research Laboratory

The Relay Congestion Attack Step 1: Build 8-hop circuit U.S. Naval Research Laboratory

The Relay Congestion Attack Can be targeted or indiscriminate Step 1: Build 8-hop circuit U.S. Naval Research Laboratory

The Relay Congestion Attack Step 1: Build 8-hop circuit Step 2: GET large files U.S. Naval Research Laboratory

The Relay Congestion Attack Step 1: Build 8-hop circuit Step 2: GET large files Step 3: Stop reading U.S. Naval Research Laboratory

The Relay Congestion Attack Step 1: Build 8-hop circuit Step 2: GET large files Step 3: Stop reading Step 4: Send flow control cells U.S. Naval Research Laboratory

The Relay Congestion Attack Step 5: Repeat!!! New entry relays New sockets U.S. Naval Research Laboratory

Evaluation

Evaluation Setup Use Shadow for evaluation Explore network effects Private Tor network for safety 634 relays (10% size, capacity of Tor) 15,000 clients and 2,000 servers generating traffic through Tor Explore network effects Attack strength (num. attack circuits) Network load, attacker resource usage, client performance https://github.com/shadow/shadow U.S. Naval Research Laboratory

Bandwidth Used by Attacker and Tor Network U.S. Naval Research Laboratory

Bandwidth Used by Attacker and Tor Network Amplification Factors: 20k Circuits 6.7 U.S. Naval Research Laboratory

Bandwidth Used by Attacker and Tor Network Amplification Factors: 20k Circuits 6.7 Stop Reading 26 U.S. Naval Research Laboratory

Effect on Client Performance U.S. Naval Research Laboratory

Effect on Client Performance 20k Circuits TTFB: +138% 20k Circuits TTLB: +120% U.S. Naval Research Laboratory

Effect on Client Performance 20k Circuits TTFB: +138% 20k Circuits TTLB: +120% Stop Reading TTFB: +48% Stop Reading TTLB: +47% U.S. Naval Research Laboratory

Cost to Conduct Relay Congestion Attack Requirements for “stop reading” attack 200,000 circuits 3 Gbit/s, 20 IP addresses Cost of Bandwidth and IP addresses 3 dedicated servers at 1 Gbit/s each, amortized cost of 0.70 $/hour/Gbit/s 17 additional IPs at $5 each, $85 total Total Cost Estimates Conservative: $1,647 per month Optimistic: $140 per month ($7 * 20 VPSes) U.S. Naval Research Laboratory

Comparison to Sybil Attacks Comparison to relay Sybil attacks with the same bandwidth budget (3 Gbit/s) Sybil DoS Attack Sybil Deanonymization Attack U.S. Naval Research Laboratory

Comparison to Sybil Attacks Comparison to relay Sybil attacks with the same bandwidth budget (3 Gbit/s) Sybil DoS Attack Goal: drop all circuits containing Sybil relays Exit BW is scarcest and gives highest probability of selection 3 Gbit/s = 4.5% dropped circuits Sybil Deanonymization Attack U.S. Naval Research Laboratory

Comparison to Sybil Attacks Comparison to relay Sybil attacks with the same bandwidth budget (3 Gbit/s) Sybil DoS Attack Goal: drop all circuits containing Sybil relays Exit BW is scarcest and gives highest probability of selection 3 Gbit/s = 4.5% dropped circuits Sybil Deanonymization Attack Goal: appear on both ends of circuits to compromise anonymity 5:1 guard-to-exit BW allocation 2.8% guard * 0.8% exit = 0.02% total circuits compromised U.S. Naval Research Laboratory

Mitigation

Mitigations to Relay Congestion Attack Ability to stop reading from circuits Authenticated SENDMEs, Tor Proposal 289, implemented in 0.4.1.1-alpha Inject nonce in every 50 cells Must read and return nonce in SENDME cell U.S. Naval Research Laboratory

Mitigations to Relay Congestion Attack Ability to stop reading from circuits Authenticated SENDMEs, Tor Proposal 289, implemented in 0.4.1.1-alpha Ability to build 8 hop circuits Reduce to 4 hops to reduce BW amplification factor U.S. Naval Research Laboratory

Mitigations to Relay Congestion Attack Ability to stop reading from circuits Authenticated SENDMEs, Tor Proposal 289, implemented in 0.4.1.1-alpha Ability to build 8 hop circuits Reduce to 4 hops to reduce BW amplification factor Ability to use any relay as entry Privacy-preserving defense against Sybil attacks Detect, measure, and prevent such attacks U.S. Naval Research Laboratory

Summary Contributions Future Work Contact Bridge congestion attack: $17K/mo., 44% slower Bandwidth authority attack: $2.6K/mo., 80% slower Relay congestion attack: $140-$1.6K/mo., 47% slower (or $6.3K/mo., 120% slower) Future Work Deploy simple mitigation techniques in short term Need research in Sybil attack detection, measurement, and prevention Contact <rob.g.jansen@nrl.navy.mil>, robgjansen.com, @robgjansen U.S. Naval Research Laboratory