Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Slides:



Advertisements
Similar presentations
Aaron Johnson with Joan Feigenbaum Paul Syverson
Advertisements

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)
Tor: The Second-Generation Onion Router
LASTor: A Low-Latency AS-Aware Tor Client
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
Anonymity Analysis of Onion Routing in the Universally Composable Framework Joan Feigenbaum Aaron Johnson Paul Syverson Yale University U.S. Naval Research.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
1 Analyzing Anonymity Protocols 1.Analyzing onion-routing security 1.Anonymity Analysis of Onion Routing in the Universally Composable Framework in Provable.
Streaming Video Traffic: Characterization and Network Impact Kobus van der Merwe Shubho Sen Chuck Kalmanek
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
Mod 10 – Routing Protocols
A Usability Evaluation of the Tor Anonymity Network By Gregory Norcie.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.
OSPF To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
Sofya Rozenblat 11/26/2012 CS 105 TOR ANONYMITY NETWORK.
© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.
Dynamic Network Emulation Security Analysis for Application Layer Protocols.
Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory
Zhen Ling Southeast University Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery In collaboration with Junzhou Luo, Southeast.
Guard Sets for Onion Routing JOSHUA FREE. Tor Most popular low-latency distributed anonymity network Controversial decisions of guard selection strategies.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 20 PHILLIPA GILL - STONY BROOK U.
The Silk Road: An Online Marketplace
The Tor Network BY: CONOR DOHERTY AND KENNETH CABRERA.
Autonomous System
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.
Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
LASTor: A Low-Latency AS-Aware Tor Client. Tor  Stands for The Onion Router  Goals: Anonymity ○ Each hop only knows previous and next hop on a path.
Strengthening Tor against Eavesdropping Correlation Attacks Robert Thomas CSCE APR 2015 Audio:
Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
Overlays and The Evolution of BGP Peering. Agenda BGP Issues – Overlay Networks – VPNs – ToR BGP Peering Today – Rise of the Tier-3 ISPs.
Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.
Hiding in the Dark: The Internet You Cannot See Marc Visnick
NETWORK SECURITY HERD: A SCALABLE, TRAFFIC ANALYSIS RESISTANT ANONYMITY NETWORK FOR VOIP SYSTEMS JINGTAO YAO JIAJUN LI ACM HORNORED CLASS.
Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum
Improving Tor’s Security with Trust-Aware Path Selection Aaron Johnson
PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale.
CS590B/690B Detecting Network Interference (Fall 2016)
CS590B/690B Detecting Network Interference (FALL 2016)
Performance Enhancements for Tor
Exercise ?: TOR.
Inside Job: Applying Traffic Analysis to Measure Tor from Within
Privacy Through Anonymous Connection and Browsing
Measuring and Monitoring the Tor Network Aaron Johnson
0x1A Great Papers in Computer Security
Re3 : Relay Reliability Reputation for Anonymity Systems
Anupam Das , Nikita Borisov
Anupam Das , Nikita Borisov
Alex Guy packets (stars) tor routers users web servers (squares)
Privacy-Preserving Dynamic Learning of Tor Network Traffic
CS590B/690B Detecting network interference (Spring 2018)
Anonymous Communication
Rob Jansen, U.S. Naval Research Laboratory
Presentation transcript:

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar

Onion Routing u d User u running client Internet destination d Onion routing relays Encrypted onion-routing hop Unencrypted onion-routing hop

Basic Onion Routing Security u d v w e f

Basic Onion Routing Security u d 1.First router compromised v w e f

Basic Onion Routing Security u d 1.First router compromised 2.Last router compromised v w e f

Basic Onion Routing Security u d 1.First router compromised 2.Last router compromised 3.First and last compromised 4. v w e f

Basic Onion Routing Security u d 1.First router compromised 2.Last router compromised 3.First and last compromised 4.Neither first nor last compromised v w e f

Existing Metrics 1.Entropy / Gini coefficient of path distribution 2.Source entropy of given connection 3.Probability of selecting adversarial routers in a circuit 4.Probability of crossing an Autonomous System to entry and from exit

Analysis Ideas 1.Adversary-based 2.Defined over time 3.Probability distributions

Adversary-based Metrics Resources Bandwidth Compromised relays Money Autonomous Systems Locations (IXPs, NAPs, cable landing points) Governments Game structure Actions –Resource reallocation –Blocking/modifying traffic Move order Strategy / Goal Targeting users Dragnet

Defined over time Protocols have dependencies over time –Guards User behavior has time dependencies –Patterns in long-term behavior –Short-term patterns (browsing, application sessions) Adversaries have time dependencies –Control network resources over time

Onion Routing u d User u running client Internet destination d Onion routing relays Encrypted onion-routing hop Unencrypted onion-routing hop

Onion Routing u d User u running client Internet destination d Onion routing relays Encrypted onion-routing hop Unencrypted onion-routing hop

Onion Routing u d User u running client Internet destination d Onion routing relays Encrypted onion-routing hop Unencrypted onion-routing hop

Probability distributions Bad things happen with non-negligible probability Average/worst-case analysis loses useful information Experiments give samples, but generally lack statistical validity

Example Onion Routing Metrics A runs m relays PDF of number of compromised paths in a week A contributes b bandwidth PDF of time until client chooses compromised path A compromises k relays PDF of number of destinations observed A controls a ASs PDF of number of correct guesses about cxn source

Evaluation on Tor April – November 2011 Observed BW avg: KBps Observed Guard BW avg KBps Observed Exit BW avg: KBps Adversary controls: –2/2 top guard/exit relays: (3.5/7% of guard/exit) –4/4 top guard/exit relays: (6.7/13% of guard/exit) –8/8 top guard/exit relays: (10/20% of guard/exit) 3000 clients

Adversary has 2/2 top guards/exits Adversary has 4/4 top guards/exits Adversary has 8/8 top guards/exits

Adversary has 2/2 top guards/exits Adversary has 4/4 top guards/exits Adversary has 8/8 top guards/exits

ISP adversary w/ 4 top exits ISP adversary w/ 8 top exits Adversary has 16 top exits

Challenges Making good adversary models –What resources are limiting? –What strategies are the greatest threats? Statistically-valid probability distributions –Sample space over time is huge –Protocols may depend on network dynamics Virtual Coordinate Systems Congestion-aware routing