TY - GEN
T1 - Anonymity on QuickSand
T2 - 13th ACM SIGCOMM Workshop on Hot Topics in Networks, HotNets 2014
AU - Vanbever, Laurent
AU - Li, Oscar
AU - Rexford, Jennifer L.
AU - Mittal, Prateek
N1 - Publisher Copyright:
Copyright © 2014 ACM.
PY - 2014/10/27
Y1 - 2014/10/27
N2 - Anonymity systems like Tor are known to be vulnerable to malicious relay nodes. Another serious threat comes from the Autonomous Systems (ASes) that carry Tor traffic due to their powerful eavesdropping capabilities. Indeed, an AS (or set of colluding ASes) that lies between the client and the first relay, and between the last relay and the destination, can perform timing analysis to compromise user anonymity. In this paper, we show that AS-level adversaries are much more powerful than previously thought. First, routine BGP routing changes can significantly increase the number of ASes that can analyze a user's traffic successfully. Second, ASes can actively manipulate BGP announcements to put themselves on the paths to and from relay nodes. Third, an AS can perform timing analysis even when it sees only one direction of the traffic at both communication ends. Actually, asymmetric routing increases the fraction of ASes able to analyze a user's traffic. We present a preliminary evaluation of our attacks using measurements of BGP and Tor. Our findings motivate the design of approaches for anonymous communication that are resilient to AS-level adversaries.
AB - Anonymity systems like Tor are known to be vulnerable to malicious relay nodes. Another serious threat comes from the Autonomous Systems (ASes) that carry Tor traffic due to their powerful eavesdropping capabilities. Indeed, an AS (or set of colluding ASes) that lies between the client and the first relay, and between the last relay and the destination, can perform timing analysis to compromise user anonymity. In this paper, we show that AS-level adversaries are much more powerful than previously thought. First, routine BGP routing changes can significantly increase the number of ASes that can analyze a user's traffic successfully. Second, ASes can actively manipulate BGP announcements to put themselves on the paths to and from relay nodes. Third, an AS can perform timing analysis even when it sees only one direction of the traffic at both communication ends. Actually, asymmetric routing increases the fraction of ASes able to analyze a user's traffic. We present a preliminary evaluation of our attacks using measurements of BGP and Tor. Our findings motivate the design of approaches for anonymous communication that are resilient to AS-level adversaries.
KW - Anonymity system
KW - BGP
KW - IP hijack
KW - MITM
KW - Man-in-the-middle
KW - Routing dynamic
KW - Tor
UR - http://www.scopus.com/inward/record.url?scp=84914674845&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84914674845&partnerID=8YFLogxK
U2 - 10.1145/2670518.2673869
DO - 10.1145/2670518.2673869
M3 - Conference contribution
AN - SCOPUS:84914674845
T3 - Proceedings of the 13th ACM Workshop on Hot Topics in Networks, HotNets 2014
BT - Proceedings of the 13th ACM Workshop on Hot Topics in Networks, HotNets 2014
PB - Association for Computing Machinery
Y2 - 27 October 2014 through 28 October 2014
ER -