Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Slides:

Advertisements

Similar presentations

Tor: The Second-Generation Onion Router

Advertisements

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Tor – The Onion Router By: David Rollé. What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward.

LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

A New Replay Attack Against Anonymous Communication Networks Xinwen Fu June 30, 2015.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.

Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)

Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Operating Systems Networking for Home and Small Businesses – Chapter 2 – Introduction To Networking.

CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.

Networked File System CS Introduction to Operating Systems.

ARP Poisoning Rushad Shaikh CSCI 5931 Web Security Spring 2004.

Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.

報告者 : 張逸文 D ETECTING T RAFFIC S NOOPING IN T OR U SING D ECOYS RAID 2011 Sanbuddho Chakravarty, Georgios Portokalidis, Michalis Polychronakis, Angilos.

Outline Overview Video Format Conversion Connection with An authentication Streaming media Transferring media.

Fundamentals of Computer Networks ECE 478/578 Lecture #19: Transport Layer Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Transport Control Protocol (TCP) Features of TCP, packet loss and retransmission, adaptive retransmission, flow control, three way handshake, congestion.

Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

The Second-Generation Onion Router

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Hiral Chhaya CDA 6133.

Overview  Anonymity systems  Review of how Tor works  Tor Project Inc.  Helper tools and accessories  Advanced Tor control  Attack Vectors.

DoS/DDoS attack and defense

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.

How Low Can You Go: Balancing Performance with Anonymity in Tor’ DC-Area Anonymity,Privacy, and Security Seminar May 10 th, 2013 Rob Jansen U.S. Naval.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -

ROGER DINGLEDINE, NICK MATHEWSON, PAUL SYVERSON THE FREE HAVEN PROJECT &NAVAL RESEARCH LAB PRESENTED BY: COREY WHITE Tor: The Second-Generation Onion Router.

Confidentiality using Conventional Encryption Chapter 5.

The OSI Model An overview of the media layer (Physical, Data Link, Network) By Luke Shiffner.

Tor Bruce Maggs relying on materials from

UDP: User Datagram Protocol. What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host – treats a computer as an.

Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.

Hiding in the Dark: The Internet You Cannot See Marc Visnick

Safely Measuring Tor Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems 23 rd Conference on Computer and Communication.

Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum

Improving Tor’s Security with Trust-Aware Path Selection Aaron Johnson

PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale.

Lecture 5 Blocking practices

Tor Good + Evil.

Tor Internals and Hidden Services

Shadow: Real Applications, Simulated Networks

Mohammad Malli Chadi Barakat, Walid Dabbous Alcatel meeting

Rob Jansen and Nick Hopper University of Minnesota

Performance Enhancements for Tor

Inside Job: Applying Traffic Analysis to Measure Tor from Within

Measuring and Monitoring the Tor Network Aaron Johnson

0x1A Great Papers in Computer Security

Anupam Das , Nikita Borisov

Shadow: Scalable and Deterministic Network Experimentation

Network Core and QoS.

The Tor Network: Freedom and Privacy Online Aaron Johnson U. S

Privacy-Preserving Dynamic Learning of Tor Network Traffic

Bruce Maggs relying on materials from

Anonymous Communication

Bruce Maggs relying on materials from

Rob Jansen, U.S. Naval Research Laboratory

Network Core and QoS.

Presentation transcript:

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory *Joint with Aaron Johnson, Florian Tschorsch, Björn Scheuermann

The Tor Anonymity Network torproject.org

How Tor Works

Tor protocol aware

Tor Flow Control exit entry

Tor Flow Control One TCP Connection Between Each Relay, Multiple Circuits exit entry

Tor Flow Control One TCP Connection Between Each Relay, Multiple Circuits Multiple Application Streams exit entry

Tor Flow Control No end-to-end TCP! exit entry

Tor Flow Control Tor protocol aware exit entry

Tor Flow Control Packaging End Delivery End exit entry

Tor Flow Control Packaging End Delivery End exit entry

Tor Flow Control 1000 Cell Limit SENDME Signal Every 100 Cells exit entry

Outline ● The Sniper Attack – Low-cost memory consumption attack that disables arbitrary Tor relays ● Deanonymizing Hidden Services – Using DoS attacks for deanonymization ● Countermeasures

The Sniper Attack Start Download Request exit entry

The Sniper Attack Reply DATA exit entry

The Sniper Attack Package and Relay DATA DATA exit entry

The Sniper Attack DATA Stop Reading from Connection DATA R exitentry

The Sniper Attack DATA R exit entry Flow Window Closed

The Sniper Attack DATA Periodically Send SENDME SENDME R DATA exit entry

The Sniper Attack DATA Periodically Send SENDME SENDME R DATA exit entry Flow Window Opened

The Sniper Attack DATA R exit entry DATA Out of Memory, Killed by OS

The Sniper Attack DATA R exit entry DATA Use Tor to Hide

Memory Consumed over Time

Mean RAM Consumed, 50 Relays

Mean BW Consumed, 50 Relays

Speed of Sniper Attack DirectAnonymous Relay GroupsSelect %1 GiB8 GiB1 GiB8 GiB Top Guard1.7 Top 5 Guards6.5 Top 20 Guards19 Top Exit3.2 Top 5 Exits13 Top 20 Exits35 Path Selection Probability ≈ Network Capacity

Speed of Sniper Attack DirectAnonymous Relay GroupsSelect %1 GiB8 GiB1 GiB8 GiB Top Guard1.70:010:180:020:14 Top 5 Guards6.50:081:030:121:37 Top 20 Guards190:455:581:078:56 Top Exit3.20:010:080:010:12 Top 5 Exits130:050:370:070:57 Top 20 Exits350:293:500:445:52 Time (hours:minutes) to Consume RAM

Speed of Sniper Attack DirectAnonymous Relay GroupsSelect %1 GiB8 GiB1 GiB8 GiB Top Guard1.70:010:180:020:14 Top 5 Guards6.50:081:030:121:37 Top 20 Guards190:455:581:078:56 Top Exit3.20:010:080:010:12 Top 5 Exits130:050:370:070:57 Top 20 Exits350:293:500:445:52 Time (hours:minutes) to Consume RAM

Speed of Sniper Attack DirectAnonymous Relay GroupsSelect %1 GiB8 GiB1 GiB8 GiB Top Guard1.70:010:180:020:14 Top 5 Guards6.50:081:030:121:37 Top 20 Guards190:455:581:078:56 Top Exit3.20:010:080:010:12 Top 5 Exits130:050:370:070:57 Top 20 Exits350:293:500:445:52 Time (hours:minutes) to Consume RAM

Outline ● The Sniper Attack – Low-cost memory consumption attack that disables arbitrary Tor relays ● Deanonymizing Hidden Services – Using DoS attacks for deanonymization ● Countermeasures

Hidden Services HS User wants to hide service

Hidden Services entry IP HS chooses and publishes introduction point IP HS

Hidden Services entry IP HS Learns about HS on web

entry Hidden Services entry IP HS Builds Circuit to Chosen Rendezvous Point RP RP

entry Hidden Services entry IP HS Notifies HS of RP through IP RP entry RP

entry Hidden Services entry IP HS RP

entry Hidden Services entry IP HS Build New Circuit to RP RP entry RP

entry Hidden Services entry IP HS Communicate! RP entry RP

entry Deanonymizing Hidden Services HS RP

entry Deanonymizing Hidden Services HS RP Also runs a guard relay

entry Deanonymizing Hidden Services entry HS RP Build New Circuit to RP

entry Deanonymizing Hidden Services entry HS RP S&P 2006, S&P 2013

entry Deanonymizing Hidden Services entry HS RP S&P 2013 PADDIN G Send 50 Padding Cells

entry Deanonymizing Hidden Services entry HS RP Identify HS entry if cell count = 52 S&P 2013

entry Deanonymizing Hidden Services entry HS RP Sniper Attack, or any other DoS

entry Deanonymizing Hidden Services HS RP Choose new Entry Guard

entry Deanonymizing Hidden Services HS RP

entry Deanonymizing Hidden Services HS RP S&P 2006, S&P 2013

entry Deanonymizing Hidden Services HS RP Send 50 Padding Cells S&P 2013 PADDIN G

entry Deanonymizing Hidden Services HS RP Identify HS if cell count = 53 S&P 2013

Outline ● The Sniper Attack – Low-cost memory consumption attack that disables arbitrary Tor relays ● Deanonymizing Hidden Services – Using DoS attacks for deanonymization ● Countermeasures

Countermeasures ● Sniper Attack Defenses – Authenticated SENDMEs – Queue Length Limit – Adaptive Circuit Killer ● Deanonymization Defenses – Entry-guard Rate-limiting – Middle Guards

Questions? cs.umn.edu/~jansen think like an adversary

Speed of Deanonymization Guard BW (MiB/s) Guard Probability (%) Average # Rounds Average # Sniped Average Time (h) 1 GiB Average Time (h) 8 GiB GiB/s Relay Can Deanonymize HS in about a day

Circuit Killer Defense

The Sniper Attack exit entry exitentry Single Adversary

The Sniper Attack exit entry exitentry Anonymous Tunnel

The Sniper Attack exit entry exitentry

The Sniper Attack exit entry exitentry DATA

The Sniper Attack exit entry exitentry DATA R

The Sniper Attack exit entry exitentry DATA R Flow Window Closed

The Sniper Attack exit entry exitentry DATA R R

The Sniper Attack exit entry exitentry DATA R R

The Sniper Attack exit entry exitentry DATA R R Killed by OS DATA