Skip to main content
SpringerLink
Log in

On Evaluating Anonymity of Onion Routing

  • Conference paper
  • First Online:
Selected Areas in Cryptography (SAC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13203))

Included in the following conference series:

Abstract

Anonymous communication networks (ACNs) aim to thwart an adversary, who controls or observes chunks of the communication network, from determining the respective identities of two communicating parties. We focus on low-latency ACNs such as Tor, which target a practical level of anonymity without incurring an unacceptable transmission delay.

While several definitions have been proposed to quantify the level of anonymity provided by high-latency, message-centric ACNs (such as mix-nets and DC-nets), this approach is less relevant to Tor, where user–destination pairs communicate over secure overlay circuits. Moreover, existing evaluation methods of traffic analysis attacks on Tor appear somewhat ad hoc and fragmented. We propose a fair evaluation framework for such attacks against onion routing systems by identifying and discussing the crucial components for evaluation, including how to consider various adversarial goals, how to factor in the adversarial ability to collect information relevant to the attack, and how these components combine to suitable metrics to quantify the adversary’s success.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Arimoto, S.: Information measures and capacity of order \(\alpha \) for discrete memoryless channels. In: Topics in Information Theory. Colloquia Mathematica Societatis János Bolyai, vol. 16, pp. 41–52 (1977)

    Google Scholar 

  2. Backes, M., Kate, A., Manoharan, P., Meiser, S., Mohammadi, E.: AnoA: a framework for analyzing anonymous communication protocols. In: Cortier, V., Datta, A. (eds.) CSF 2013 Computer Security Foundations Symposium, pp. 163–178. IEEE Computer Society Press (2013). https://doi.org/10.1109/CSF.2013.18

  3. Bagueros, I.: Tor security advisory: exit relays running sslstrip in May and June 2020, August 2020. https://blog.torproject.org/bad-exit-relays-may-june-2020

  4. Barton, A., Wright, M., Ming, J., Imani, M.: Towards predicting efficient and anonymous Tor circuits. In: Enck, W., Felt, A.P. (eds.) USENIX Security 2018, pp. 429–444. USENIX Association, August 2018

    Google Scholar 

  5. Bauer, K.S., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.C.: Low-resource routing attacks against Tor. In: Ning, P., Yu, T. (eds.) WPES 2007, pp. 11–20. ACM, New York, October 2007. https://doi.org/10.1145/1314333.1314336

  6. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th FOCS, pp. 394–403. IEEE Computer Society Press, October 1997. https://doi.org/10.1109/SFCS.1997.646128

  7. Bohli, J.-M., Pashalidis, A.: Relations among privacy notions. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 362–380. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03549-4_22

    Chapter  Google Scholar 

  8. Cai, X., Zhang, X.C., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012, pp. 605–616. ACM Press, October 2012. https://doi.org/10.1145/2382196.2382260

  9. Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_11

    Chapter  Google Scholar 

  10. Chan-Tin, E., Shin, J., Yu, J.: Revisiting circuit clogging attacks on Tor. In: ARES 2013, pp. 131–140. IEEE Computer Society, September 2013. https://doi.org/10.1109/ARES.2013.17

  11. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. Assoc. Comput. Mach. 24(2), 84–90 (1981). https://doi.org/10.1145/358549.358563

    Article  Google Scholar 

  12. Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988). https://doi.org/10.1007/BF00206326

    Article  MathSciNet  MATH  Google Scholar 

  13. Clauß, S., Schiffner, S.: Structuring anonymity metrics. In: Juels, A., Winslett, M., Goto, A. (eds.) WDIM 2006, pp. 55–62. ACM, November 2006. https://doi.org/10.1145/1179529.1179539

  14. Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, USA (2006). https://doi.org/10.1002/047174882X

  15. Das, D., Meiser, S., Mohammadi, E., Kate, A.: Anonymity trilemma: strong anonymity, low bandwidth overhead, low latency - choose two. In: 2018 IEEE Symposium on Security and Privacy, pp. 108–126. IEEE Computer Society Press, May 2018. https://doi.org/10.1109/SP.2018.00011

  16. Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_5

    Chapter  Google Scholar 

  17. Díaz, C., Troncoso, C., Danezis, G.: Does additional information always reduce anonymity? In: Ning, P., Yu, T. (eds.) WPES 2007, pp. 72–75. ACM, New York, October 2007. https://doi.org/10.1145/1314333.1314347

  18. Dingledine, R., Mathewson, N.: Tor protocol specification, August 2021. Commit 6d1e05d, https://raw.githubusercontent.com/torproject/torspec/c17c36c57635a9ebf88b2b41dc41cbddcf56f7ef/tor-spec.txt

  19. Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: Blaze, M. (ed.) USENIX Security 2004, pp. 303–320. USENIX Association, August 2004

    Google Scholar 

  20. Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Protocol misidentification made easy with format-transforming encryption. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 61–72. ACM Press, November 2013. https://doi.org/10.1145/2508859.2516657

  21. Ensafi, R., Winter, P., Mueen, A., Crandall, J.R.: Analyzing the great firewall of China over space and time. PoPETs 2015(1), 61–76 (2015). https://doi.org/10.1515/popets-2015-0005

    Article  Google Scholar 

  22. Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006). https://doi.org/10.1016/j.patrec.2005.10.010

    Article  MathSciNet  Google Scholar 

  23. Fehr, S., Berens, S.: On the conditional Rényi entropy. IEEE Trans. Inf. Theory 60(11), 6801–6810 (2014). https://doi.org/10.1109/TIT.2014.2357799

    Article  MATH  Google Scholar 

  24. Fischlin, M., Günther, F., Marson, G.A., Paterson, K.G.: Data is a stream: security of stream-based channels. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 545–564. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_27

    Chapter  Google Scholar 

  25. Fu, X., Ling, Z.: One cell is enough to break Tor’s anonymity (2009)

    Google Scholar 

  26. Geddes, J., Jansen, R., Hopper, N.: How low can you go: balancing performance with anonymity in Tor. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 164–184. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39077-7_9

    Chapter  Google Scholar 

  27. Gelernter, N., Herzberg, A.: On the limits of provable anonymity. Cryptology ePrint Archive, Report 2013/531 (2013). https://eprint.iacr.org/2013/531

  28. Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61996-8_37

    Chapter  Google Scholar 

  29. Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. Commun. Assoc. Comput. Mach. 42(2), 39–41 (1999). https://doi.org/10.1145/293411.293443

    Article  Google Scholar 

  30. Greschbach, B., Pulls, T., Roberts, L.M., Winter, P., Feamster, N.: The effect of DNS on Tor’s anonymity. In: NDSS 2017. The Internet Society, February/March 2017

    Google Scholar 

  31. Jansen, R., Hopper, N.: Shadow: running Tor in a box for accurate and efficient experimentation. In: NDSS 2012. The Internet Society, February 2012

    Google Scholar 

  32. Juárez, M., Afroz, S., Acar, G., Díaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 263–274. ACM Press, November 2014. https://doi.org/10.1145/2660267.2660368

  33. Karunanayake, I., Ahmed, N., Malaney, R., Islam, R., Jha, S.: Anonymity with Tor: a survey on Tor attacks (2020). https://arxiv.org/abs/2009.13018

  34. Kuhn, C., Beck, M., Schiffner, S., Jorswieck, E.A., Strufe, T.: On privacy notions in anonymous communication. PoPETs 2019(2), 105–125 (2019). https://doi.org/10.2478/popets-2019-0022

    Article  Google Scholar 

  35. Li, S., Guo, H., Hopper, N.: Measuring information leakage in website fingerprinting attacks and defenses. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1977–1992. ACM Press, October 2018. https://doi.org/10.1145/3243734.3243832

  36. Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell-counting-based attack against Tor. IEEE/ACM Trans. Networking 20(4), 1245–1261 (2012). https://doi.org/10.1109/TNET.2011.2178036

    Article  Google Scholar 

  37. Melloni, A., Stam, M., Ytrehus, Ø.: On evaluating anonymity of onion routing (2021), full version. https://ece.engr.uvic.ca/~raltawy/SAC2021/17.pdf

  38. Nasr, M., Bahramali, A., Houmansadr, A.: DeepCorr: strong flow correlation attacks on Tor using deep learning. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1962–1976. ACM Press, October 2018. https://doi.org/10.1145/3243734.3243824

  39. Nasr, M., Houmansadr, A., Mazumdar, A.: Compressive traffic analysis: a new paradigm for scalable traffic analysis. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 2053–2069. ACM Press, October/November 2017. https://doi.org/10.1145/3133956.3134074

  40. Naylor, D., et al.: The Cost of the “S" in HTTPS. In: Seneviratne, A., Diot, C., Kurose, J., Chaintreau, A., Rizzo, L. (eds.) CoNEXT 2014, CoNEXT 2014, pp. 133–140. ACM, December 2014. https://doi.org/10.1145/2674005.2674991

  41. Palmieri, F.: A distributed flow correlation attack to anonymizing overlay networks based on wavelet multi-resolution analysis. IEEE Trans. Dependable Secur. Comput. (To appear). https://doi.org/10.1109/TDSC.2019.2947666

  42. Panchenko, A., et al.: Website fingerprinting at internet scale. In: NDSS 2016. The Internet Society, February 2016

    Google Scholar 

  43. Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Chen, Y., Vaidya, J. (eds.) WPES 2011, pp. 103–114. ACM, October 2011. https://doi.org/10.1145/2046556.2046570

  44. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (Aug 2010), version v0.34. https://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf

  45. Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity — a proposal for terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44702-4_1

    Chapter  Google Scholar 

  46. Pulls, T., Dahlberg, R.: Website fingerprinting with website oracles. PoPETs 2020(1), 235–255 (2020). https://doi.org/10.2478/popets-2020-0013

    Article  Google Scholar 

  47. Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Proxies for anonymous routing. In: ACSAC 1996, pp. 95–104. IEEE Computer Society (1996). https://doi.org/10.1109/CSAC.1996.569678

  48. Rényi, A.: On measures of entropy and information. In: Neyman, J. (ed.) Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1. vol. 4.1, pp. 547–561. University of California Press, January 1961

    Google Scholar 

  49. Rimmer, V., Preuveneers, D., Juárez, M., van Goethem, T., Joosen, W.: Automated website fingerprinting through deep learning. In: NDSS 2018. The Internet Society, February 2018

    Google Scholar 

  50. Rochet, F., Pereira, O.: Waterfilling: balancing the Tor network with maximum diversity. PoPETs 2017(2), 4–22 (2017). https://doi.org/10.1515/popets-2017-0013

    Article  Google Scholar 

  51. Rochet, F., Pereira, O.: Dropping on the edge: flexibility and traffic confirmation in onion routing protocols. PoPETs 2018(2), 27–46 (2018). https://doi.org/10.1515/popets-2018-0011

    Article  Google Scholar 

  52. Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_4

    Chapter  Google Scholar 

  53. Sirinam, P., Imani, M., Juárez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1928–1943. ACM Press, October 2018. https://doi.org/10.1145/3243734.3243768

  54. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_26

    Chapter  Google Scholar 

  55. Sun, Y., Edmundson, A., Vanbever, L., Li, O., Rexford, J., Chiang, M., Mittal, P.: RAPTOR: routing attacks on privacy in Tor. In: Jung, J., Holz, T. (eds.) USENIX Security 2015, pp. 271–286. USENIX Association, August 2015

    Google Scholar 

  56. Syverson, P.F.: Why I’m not an entropist. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds.) SPW 2009. LNCS, vol. 7028, pp. 231–239. Springer, Heidelberg (2009)

    Google Scholar 

  57. The23rd Raccoon: How I Learned to Stop Ph34ring NSA and Love the Base Rate Fallacy (2008). https://archives.seul.org/or/dev/Sep-2008/msg00016.html

  58. Wagner, I., Eckhoff, D.: Technical privacy metrics: a systematic survey. ACM Comput. Surv. 51(3), 57:1–57:38 (2018). https://doi.org/10.1145/3168389

  59. Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Fu, K., Jung, J. (eds.) USENIX Security 2014, pp. 143–157. USENIX Association, August 2014

    Google Scholar 

  60. Wang, T., Goldberg, I.: Improved website fingerprinting on Tor. In: Sadeghi, A., Foresti, S. (eds.) WPES 2013, pp. 201–212. ACM, November 2013. https://doi.org/10.1145/2517840.2517851

  61. Winter, P.: Towards a censorship analyser for Tor. In: Crandall, J.R., Wright, J. (eds.) FOCI 2013. USENIX Association, Washington, D.C. (2013)

    Google Scholar 

  62. Winter, P., Lindskog, S.: How the great firewall of China is blocking Tor. In: Dingledine, R., Wright, J. (eds.) FOCI 2012. USENIX Association, Bellevue, WA (2012)

    Google Scholar 

  63. Winter, P., Pulls, T., Fuss, J.: ScrambleSuit: a polymorphic network protocol to circumvent censorship. In: Sadeghi, A., Foresti, S. (eds.) WPES 2013. ACM, November 2013. https://doi.org/10.1145/2517840.2517856

Download references

Author information

Authors and Affiliations

  1. Simula UiB, Bergen, Norway

    Alessandro Melloni, Martijn Stam & Øyvind Ytrehus

Authors
  1. Alessandro Melloni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martijn Stam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Øyvind Ytrehus
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alessandro Melloni .

Editor information

Editors and Affiliations

  1. University of Victoria, Victoria, BC, Canada

    Riham AlTawy

  2. Eindhoven University of Technology, Eindhoven, The Netherlands

    Andreas Hülsing

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Melloni, A., Stam, M., Ytrehus, Ø. (2022). On Evaluating Anonymity of Onion Routing. In: AlTawy, R., Hülsing, A. (eds) Selected Areas in Cryptography. SAC 2021. Lecture Notes in Computer Science, vol 13203. Springer, Cham. https://doi.org/10.1007/978-3-030-99277-4_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-99277-4_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-99276-7

  • Online ISBN: 978-3-030-99277-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation