Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting

Prateek Mittal, Ahmed Khurshid, Joshua Juen, Matthew Caesar, Nikita Borisov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

84 Scopus citations

Abstract

Anonymity systems such as Tor aim to enable users to communicate in a manner that is untraceable by adversaries that control a small number of machines. To provide efficient service to users, these anonymity systems make full use of forwarding capacity when sending traffic between intermediate relays. In this paper, we show that doing this leaks information about the set of Tor relays in a circuit (path). We present attacks that, with high confidence and based solely on throughput information, can (a) reduce the attacker's uncertainty about the bottleneck relay of any Tor circuit whose throughput can be observed, (b) exactly identify the guard relay(s) of a Tor user when circuit throughput can be observed over multiple connections, and (c) identify whether two concurrent TCP connections belong to the same Tor user, breaking unlinkability. Our attacks are stealthy, and cannot be readily detected by a user or by Tor relays. We validate our attacks using experiments over the live Tor network. We find that the attacker can substantially reduce the entropy of a bottleneck relay distribution of a Tor circuit whose throughput can be observed - the entropy gets reduced by a factor of 2 in the median case. Such information leaks from a single Tor circuit can be combined over multiple connections to exactly identify a user's guard relay(s). Finally, we are also able to link two connections from the same initiator with a crossover error rate of less than 1.5% in under 5 minutes. Our attacks are also more accurate and require fewer resources than previous attacks on Tor.

Original languageEnglish (US)
Title of host publicationCCS'11 - Proceedings of the 18th ACM Conference on Computer and Communications Security
Pages215-226
Number of pages12
DOIs
StatePublished - 2011
Externally publishedYes
Event18th ACM Conference on Computer and Communications Security, CCS'11 - Chicago, IL, United States
Duration: Oct 17 2011Oct 21 2011

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other18th ACM Conference on Computer and Communications Security, CCS'11
Country/TerritoryUnited States
CityChicago, IL
Period10/17/1110/21/11

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Keywords

  • Anonymity
  • Attacks
  • Throughput

Fingerprint

Dive into the research topics of 'Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting'. Together they form a unique fingerprint.

Cite this