Abstract
Anonymous communication networks (ACNs) aim to thwart an adversary, who controls or observes chunks of the communication network, from determining the respective identities of two communicating parties. We focus on low-latency ACNs such as Tor, which target a practical level of anonymity without incurring an unacceptable transmission delay.
While several definitions have been proposed to quantify the level of anonymity provided by high-latency, message-centric ACNs (such as mix-nets and DC-nets), this approach is less relevant to Tor, where user–destination pairs communicate over secure overlay circuits. Moreover, existing evaluation methods of traffic analysis attacks on Tor appear somewhat ad hoc and fragmented. We propose a fair evaluation framework for such attacks against onion routing systems by identifying and discussing the crucial components for evaluation, including how to consider various adversarial goals, how to factor in the adversarial ability to collect information relevant to the attack, and how these components combine to suitable metrics to quantify the adversary’s success.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arimoto, S.: Information measures and capacity of order \(\alpha \) for discrete memoryless channels. In: Topics in Information Theory. Colloquia Mathematica Societatis János Bolyai, vol. 16, pp. 41–52 (1977)
Backes, M., Kate, A., Manoharan, P., Meiser, S., Mohammadi, E.: AnoA: a framework for analyzing anonymous communication protocols. In: Cortier, V., Datta, A. (eds.) CSF 2013 Computer Security Foundations Symposium, pp. 163–178. IEEE Computer Society Press (2013). https://doi.org/10.1109/CSF.2013.18
Bagueros, I.: Tor security advisory: exit relays running sslstrip in May and June 2020, August 2020. https://blog.torproject.org/bad-exit-relays-may-june-2020
Barton, A., Wright, M., Ming, J., Imani, M.: Towards predicting efficient and anonymous Tor circuits. In: Enck, W., Felt, A.P. (eds.) USENIX Security 2018, pp. 429–444. USENIX Association, August 2018
Bauer, K.S., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.C.: Low-resource routing attacks against Tor. In: Ning, P., Yu, T. (eds.) WPES 2007, pp. 11–20. ACM, New York, October 2007. https://doi.org/10.1145/1314333.1314336
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th FOCS, pp. 394–403. IEEE Computer Society Press, October 1997. https://doi.org/10.1109/SFCS.1997.646128
Bohli, J.-M., Pashalidis, A.: Relations among privacy notions. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 362–380. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03549-4_22
Cai, X., Zhang, X.C., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012, pp. 605–616. ACM Press, October 2012. https://doi.org/10.1145/2382196.2382260
Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_11
Chan-Tin, E., Shin, J., Yu, J.: Revisiting circuit clogging attacks on Tor. In: ARES 2013, pp. 131–140. IEEE Computer Society, September 2013. https://doi.org/10.1109/ARES.2013.17
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. Assoc. Comput. Mach. 24(2), 84–90 (1981). https://doi.org/10.1145/358549.358563
Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988). https://doi.org/10.1007/BF00206326
Clauß, S., Schiffner, S.: Structuring anonymity metrics. In: Juels, A., Winslett, M., Goto, A. (eds.) WDIM 2006, pp. 55–62. ACM, November 2006. https://doi.org/10.1145/1179529.1179539
Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, USA (2006). https://doi.org/10.1002/047174882X
Das, D., Meiser, S., Mohammadi, E., Kate, A.: Anonymity trilemma: strong anonymity, low bandwidth overhead, low latency - choose two. In: 2018 IEEE Symposium on Security and Privacy, pp. 108–126. IEEE Computer Society Press, May 2018. https://doi.org/10.1109/SP.2018.00011
Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_5
Díaz, C., Troncoso, C., Danezis, G.: Does additional information always reduce anonymity? In: Ning, P., Yu, T. (eds.) WPES 2007, pp. 72–75. ACM, New York, October 2007. https://doi.org/10.1145/1314333.1314347
Dingledine, R., Mathewson, N.: Tor protocol specification, August 2021. Commit 6d1e05d, https://raw.githubusercontent.com/torproject/torspec/c17c36c57635a9ebf88b2b41dc41cbddcf56f7ef/tor-spec.txt
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: Blaze, M. (ed.) USENIX Security 2004, pp. 303–320. USENIX Association, August 2004
Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Protocol misidentification made easy with format-transforming encryption. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 61–72. ACM Press, November 2013. https://doi.org/10.1145/2508859.2516657
Ensafi, R., Winter, P., Mueen, A., Crandall, J.R.: Analyzing the great firewall of China over space and time. PoPETs 2015(1), 61–76 (2015). https://doi.org/10.1515/popets-2015-0005
Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006). https://doi.org/10.1016/j.patrec.2005.10.010
Fehr, S., Berens, S.: On the conditional Rényi entropy. IEEE Trans. Inf. Theory 60(11), 6801–6810 (2014). https://doi.org/10.1109/TIT.2014.2357799
Fischlin, M., Günther, F., Marson, G.A., Paterson, K.G.: Data is a stream: security of stream-based channels. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 545–564. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_27
Fu, X., Ling, Z.: One cell is enough to break Tor’s anonymity (2009)
Geddes, J., Jansen, R., Hopper, N.: How low can you go: balancing performance with anonymity in Tor. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 164–184. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39077-7_9
Gelernter, N., Herzberg, A.: On the limits of provable anonymity. Cryptology ePrint Archive, Report 2013/531 (2013). https://eprint.iacr.org/2013/531
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61996-8_37
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. Commun. Assoc. Comput. Mach. 42(2), 39–41 (1999). https://doi.org/10.1145/293411.293443
Greschbach, B., Pulls, T., Roberts, L.M., Winter, P., Feamster, N.: The effect of DNS on Tor’s anonymity. In: NDSS 2017. The Internet Society, February/March 2017
Jansen, R., Hopper, N.: Shadow: running Tor in a box for accurate and efficient experimentation. In: NDSS 2012. The Internet Society, February 2012
Juárez, M., Afroz, S., Acar, G., Díaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 263–274. ACM Press, November 2014. https://doi.org/10.1145/2660267.2660368
Karunanayake, I., Ahmed, N., Malaney, R., Islam, R., Jha, S.: Anonymity with Tor: a survey on Tor attacks (2020). https://arxiv.org/abs/2009.13018
Kuhn, C., Beck, M., Schiffner, S., Jorswieck, E.A., Strufe, T.: On privacy notions in anonymous communication. PoPETs 2019(2), 105–125 (2019). https://doi.org/10.2478/popets-2019-0022
Li, S., Guo, H., Hopper, N.: Measuring information leakage in website fingerprinting attacks and defenses. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1977–1992. ACM Press, October 2018. https://doi.org/10.1145/3243734.3243832
Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell-counting-based attack against Tor. IEEE/ACM Trans. Networking 20(4), 1245–1261 (2012). https://doi.org/10.1109/TNET.2011.2178036
Melloni, A., Stam, M., Ytrehus, Ø.: On evaluating anonymity of onion routing (2021), full version. https://ece.engr.uvic.ca/~raltawy/SAC2021/17.pdf
Nasr, M., Bahramali, A., Houmansadr, A.: DeepCorr: strong flow correlation attacks on Tor using deep learning. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1962–1976. ACM Press, October 2018. https://doi.org/10.1145/3243734.3243824
Nasr, M., Houmansadr, A., Mazumdar, A.: Compressive traffic analysis: a new paradigm for scalable traffic analysis. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 2053–2069. ACM Press, October/November 2017. https://doi.org/10.1145/3133956.3134074
Naylor, D., et al.: The Cost of the “S" in HTTPS. In: Seneviratne, A., Diot, C., Kurose, J., Chaintreau, A., Rizzo, L. (eds.) CoNEXT 2014, CoNEXT 2014, pp. 133–140. ACM, December 2014. https://doi.org/10.1145/2674005.2674991
Palmieri, F.: A distributed flow correlation attack to anonymizing overlay networks based on wavelet multi-resolution analysis. IEEE Trans. Dependable Secur. Comput. (To appear). https://doi.org/10.1109/TDSC.2019.2947666
Panchenko, A., et al.: Website fingerprinting at internet scale. In: NDSS 2016. The Internet Society, February 2016
Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Chen, Y., Vaidya, J. (eds.) WPES 2011, pp. 103–114. ACM, October 2011. https://doi.org/10.1145/2046556.2046570
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (Aug 2010), version v0.34. https://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf
Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity — a proposal for terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44702-4_1
Pulls, T., Dahlberg, R.: Website fingerprinting with website oracles. PoPETs 2020(1), 235–255 (2020). https://doi.org/10.2478/popets-2020-0013
Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Proxies for anonymous routing. In: ACSAC 1996, pp. 95–104. IEEE Computer Society (1996). https://doi.org/10.1109/CSAC.1996.569678
Rényi, A.: On measures of entropy and information. In: Neyman, J. (ed.) Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1. vol. 4.1, pp. 547–561. University of California Press, January 1961
Rimmer, V., Preuveneers, D., Juárez, M., van Goethem, T., Joosen, W.: Automated website fingerprinting through deep learning. In: NDSS 2018. The Internet Society, February 2018
Rochet, F., Pereira, O.: Waterfilling: balancing the Tor network with maximum diversity. PoPETs 2017(2), 4–22 (2017). https://doi.org/10.1515/popets-2017-0013
Rochet, F., Pereira, O.: Dropping on the edge: flexibility and traffic confirmation in onion routing protocols. PoPETs 2018(2), 27–46 (2018). https://doi.org/10.1515/popets-2018-0011
Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_4
Sirinam, P., Imani, M., Juárez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1928–1943. ACM Press, October 2018. https://doi.org/10.1145/3243734.3243768
Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_26
Sun, Y., Edmundson, A., Vanbever, L., Li, O., Rexford, J., Chiang, M., Mittal, P.: RAPTOR: routing attacks on privacy in Tor. In: Jung, J., Holz, T. (eds.) USENIX Security 2015, pp. 271–286. USENIX Association, August 2015
Syverson, P.F.: Why I’m not an entropist. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds.) SPW 2009. LNCS, vol. 7028, pp. 231–239. Springer, Heidelberg (2009)
The23rd Raccoon: How I Learned to Stop Ph34ring NSA and Love the Base Rate Fallacy (2008). https://archives.seul.org/or/dev/Sep-2008/msg00016.html
Wagner, I., Eckhoff, D.: Technical privacy metrics: a systematic survey. ACM Comput. Surv. 51(3), 57:1–57:38 (2018). https://doi.org/10.1145/3168389
Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Fu, K., Jung, J. (eds.) USENIX Security 2014, pp. 143–157. USENIX Association, August 2014
Wang, T., Goldberg, I.: Improved website fingerprinting on Tor. In: Sadeghi, A., Foresti, S. (eds.) WPES 2013, pp. 201–212. ACM, November 2013. https://doi.org/10.1145/2517840.2517851
Winter, P.: Towards a censorship analyser for Tor. In: Crandall, J.R., Wright, J. (eds.) FOCI 2013. USENIX Association, Washington, D.C. (2013)
Winter, P., Lindskog, S.: How the great firewall of China is blocking Tor. In: Dingledine, R., Wright, J. (eds.) FOCI 2012. USENIX Association, Bellevue, WA (2012)
Winter, P., Pulls, T., Fuss, J.: ScrambleSuit: a polymorphic network protocol to circumvent censorship. In: Sadeghi, A., Foresti, S. (eds.) WPES 2013. ACM, November 2013. https://doi.org/10.1145/2517840.2517856
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Melloni, A., Stam, M., Ytrehus, Ø. (2022). On Evaluating Anonymity of Onion Routing. In: AlTawy, R., Hülsing, A. (eds) Selected Areas in Cryptography. SAC 2021. Lecture Notes in Computer Science, vol 13203. Springer, Cham. https://doi.org/10.1007/978-3-030-99277-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-99277-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99276-7
Online ISBN: 978-3-030-99277-4
eBook Packages: Computer ScienceComputer Science (R0)