ABSTRACT
We introduce and investigate targeting adversaries who selectively attack users of Tor or other secure-communication networks. We argue that attacks by such adversaries are more realistic and more significant threats to those most relying on Tor's protection than are attacks in prior analyses of Tor security. Previous research and Tor design decisions have focused on protecting against adversaries who are equally interested in any user of the network. Our adversaries selectively target users - e.g., those who visit a particular website or chat on a particular private channel - and essentially disregard Tor users other than these. We investigate three example cases where particular users might be targeted: a cabal conducting meetings using MTor, a published Tor multicast protocol; a cabal meeting on a private IRC channel; and users visiting a particular .onion website. In general for our adversaries, compromise is much faster and provides more feedback and possibilities for adaptation than do attacks examined in prior work. We also discuss selection of websites for targeting of their users based on the distribution across users of site activity. We describe adversaries attempting to learn the size of either a cabal meeting online or a set of sufficiently active visitors to a targeted site, and we describe adversaries attempting to identify guards of each targeted user. We compare the threat of targeting adversaries versus previously considered adversaries, and we briefly sketch possible countermeasures for resisting targeting adversaries.
- Nicola Accettura, Giovanni Neglia, and Luigi Alfredo Grieco. The capture-recapture approach for population estimation in computer networks. Computer Networks, 89:107--122, 2015. Google ScholarDigital Library
- J. Appelbaum and A. Muffett. The ".onion" special-use domain name. https://tools.ietf.org/html/rfc7686, 2015.Google Scholar
- Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. Trawling for Tor hidden services: Detection, measurement, deanonymization. Proc. IEEE SP, 2013. Google ScholarDigital Library
- George Danezis and Paul Syverson. Bridging and fingerprinting: Epistemic attacks on route selection. Proc. PETS, pages 151--166, 2008. Google ScholarDigital Library
- Roger Dingledine. The lifecycle of a new relay. https://blog.torproject.org/blog/lifecycle-of-a-new-relay, September 2013.Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The Second-Generation Onion Router. Proc. USENIX Security Symposium, 2004. Google ScholarCross Ref
- Nick Feamster and Roger Dingledine. Location diversity in anonymity networks. Proc. ACM WPES, pages 66--76, 2004. Google ScholarDigital Library
- David Goulet and George Kadianakis. Random number generation during Tor voting (Tor proposal #250). https://gitweb.torproject.org/torspec.git/tree/proposals/250-commit-reveal-consensus.txt, August 2015.Google Scholar
- Berk Gulmezoglu, Andreas Zank, Thomas Eisenbarth, and Berk Sunar. PerfWeb: How to Violate Web Privacy with Hardware Performance Events. Proc. ESORICS, Part II, pages 80--97, 2017. Google ScholarCross Ref
- Andrew Hintz. Fingerprinting websites using traffic analysis. Privacy Enhancing Technologies: Second International Workshop (PET), pages 171--178, 2002.Google Scholar
- Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin. How much anonymity does network latency leak? Proc. ACM CCS, pages 82--91, 2007. Google ScholarDigital Library
- Aaron D. Jaggard, Aaron Johnson, Sarah Cortes, Paul Syverson, and Joan Feigenbaum. 20,000 in league under the sea: Anonymous communication, trust, MLATs, and undersea cables. Proc. Privacy Enhancing Technologies, 2015(1):4--24, April 2015. Google ScholarCross Ref
- Aaron D. Jaggard and Paul Syverson. Onions in the crosshairs: When The Man really is out to get you, 2017. https://arxiv.org/abs/1706.10292.Google Scholar
- Rob Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann. The sniper attack: Anonymously deanonymizing and disabling the Tor network. Proc. NDSS, 2014. Google ScholarCross Ref
- Aaron Johnson. Tor Path Simulator code. https://github.com/torps/torps.Google Scholar
- Aaron Johnson and Paul Syverson. More anonymous onion routing through trust. Proc. IEEE CSF, pages 3--12, 2009. Google ScholarDigital Library
- Aaron Johnson, Paul Syverson, Roger Dingledine, and Nick Mathewson. Trust-based anonymous communication: Adversary models and routing algorithms. Proc. ACM CCS, pages 175--186, 2011. Google ScholarDigital Library
- Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. Users get routed: Traffic correlation on Tor by realistic adversaries. Proc. ACM CCS, pages 337--348, 2013. Google ScholarDigital Library
- Marc Juarez, Rob Jansen, Rafael Galvez, Tariq Elahi, Claudia Diaz, and Matthew Wright. Poster: Fingerprinting hidden service circuits from a Tor middle relay. Proc. IEEE SP, 2017.Google Scholar
- George Kadianakis and Mike Perry. Defending against guard discovery attacks using vanguards (Tor proposal #247). https://gitweb.torproject.org/torspec.git/tree/proposals/247-hs-guard-discovery.txt, July 2015.Google Scholar
- Dong Lin, Micah Sherr, and Boon Thau Loo. Scalable and anonymous group communication with MTor. Proc. Privacy Enhancing Technologies, 2016(2):22--39, June 2016.Google ScholarCross Ref
- Nick Mathewson. Next-generation hidden services in Tor, (Tor proposal #224). https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt, November 2013.Google Scholar
- Nick Mathewson. Some thoughts on hidden services. https://blog.torproject.org/blog/some-thoughts-hidden-services, December 2014.Google Scholar
- Rafail Ostrovsky and Moti Yung. How to withstand mobile virus attacks. Proc. ACM PODC, pages 51--59, 1991.Google Scholar
- Lasse Øverlier and Paul Syverson. Locating hidden servers. Proc. IEEE SP, pages 100--114, 2006. Google ScholarDigital Library
- Gareth Owen and Nick Savage. The Tor dark net. Paper Series: No. 20 20, Global Commission on Internet Governance, September 2015.Google Scholar
- Personal communication.Google Scholar
- Michael Reiter and Aviel Rubin. Crowds: Anonymity for web transactions. ACM Trans. Information and System Security (TISSEC), 1(1):66--92, 1998. Google ScholarDigital Library
- Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, and Prateek Mittal. RAPTOR: Routing attacks on privacy in Tor. Proc. USENIX Security, 2015.Google Scholar
- Paul Syverson, Gene Tsudik, Michael Reed, and Carl Landwehr. Towards an analysis of onion routing security. Proc. International Workshop on Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobservability, pages 96--114, 2001. Google ScholarCross Ref
- Who uses Tor. https://www.torproject.org/about/torusers.html. Accessed February 2017.Google Scholar
- Tor metrics portal. https://metrics.torproject.org/.Google Scholar
- Tor network size. https://metrics.torproject.org/networksize.html.Google Scholar
- The Tor Project. https://www.torproject.org/.Google Scholar
- Ding Wang, Zijian Zhang, Ping Wang, Jeff Yan, and Xinyi Huang. Targeted online password guessing: An underestimated threat. Proc. ACM CCS, pages 1242--1254, 2016. Google ScholarDigital Library
- Tao Wang and Ian Goldberg. On realistically attacking Tor with website fingerprinting. Proc. Privacy Enhancing Technologies, 2016(4):21--36, October 2016.Google ScholarCross Ref
- Tim Wilson-Brown, John Brooks, Aaron Johnson, Rob Jansen, George Kadianakis, Paul Syverson, and Roger Dingledine. Rendezvous single onion services, (Tor proposal #260). https://gitweb.torproject.org/torspec.git/tree/proposals/260-rend-single-onion.txt, 2015.Google Scholar
- Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields. Defending anonymous communication against passive logging attacks. Proc. IEEE SP, pages 28--43, 2003. Google ScholarCross Ref
Index Terms
Onions in the Crosshairs: When The Man really is out to get you
Recommendations
Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityWebsite fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight ...
How Unique is Your .onion?: An Analysis of the Fingerprintability of Tor Onion Services
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityRecent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website fingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site ...
Patch-based Defenses against Web Fingerprinting Attacks
AISec '21: Proceedings of the 14th ACM Workshop on Artificial Intelligence and SecurityAnonymity systems like Tor are vulnerable to Website Fingerprinting (WF) attacks, where a local passive eavesdropper infers the victim's activity. WF attacks based on deep learning classifiers have successfully overcome numerous defenses. While recent ...
Comments