TY - GEN
T1 - Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting
AU - Mittal, Prateek
AU - Khurshid, Ahmed
AU - Juen, Joshua
AU - Caesar, Matthew
AU - Borisov, Nikita
PY - 2011
Y1 - 2011
N2 - Anonymity systems such as Tor aim to enable users to communicate in a manner that is untraceable by adversaries that control a small number of machines. To provide efficient service to users, these anonymity systems make full use of forwarding capacity when sending traffic between intermediate relays. In this paper, we show that doing this leaks information about the set of Tor relays in a circuit (path). We present attacks that, with high confidence and based solely on throughput information, can (a) reduce the attacker's uncertainty about the bottleneck relay of any Tor circuit whose throughput can be observed, (b) exactly identify the guard relay(s) of a Tor user when circuit throughput can be observed over multiple connections, and (c) identify whether two concurrent TCP connections belong to the same Tor user, breaking unlinkability. Our attacks are stealthy, and cannot be readily detected by a user or by Tor relays. We validate our attacks using experiments over the live Tor network. We find that the attacker can substantially reduce the entropy of a bottleneck relay distribution of a Tor circuit whose throughput can be observed - the entropy gets reduced by a factor of 2 in the median case. Such information leaks from a single Tor circuit can be combined over multiple connections to exactly identify a user's guard relay(s). Finally, we are also able to link two connections from the same initiator with a crossover error rate of less than 1.5% in under 5 minutes. Our attacks are also more accurate and require fewer resources than previous attacks on Tor.
AB - Anonymity systems such as Tor aim to enable users to communicate in a manner that is untraceable by adversaries that control a small number of machines. To provide efficient service to users, these anonymity systems make full use of forwarding capacity when sending traffic between intermediate relays. In this paper, we show that doing this leaks information about the set of Tor relays in a circuit (path). We present attacks that, with high confidence and based solely on throughput information, can (a) reduce the attacker's uncertainty about the bottleneck relay of any Tor circuit whose throughput can be observed, (b) exactly identify the guard relay(s) of a Tor user when circuit throughput can be observed over multiple connections, and (c) identify whether two concurrent TCP connections belong to the same Tor user, breaking unlinkability. Our attacks are stealthy, and cannot be readily detected by a user or by Tor relays. We validate our attacks using experiments over the live Tor network. We find that the attacker can substantially reduce the entropy of a bottleneck relay distribution of a Tor circuit whose throughput can be observed - the entropy gets reduced by a factor of 2 in the median case. Such information leaks from a single Tor circuit can be combined over multiple connections to exactly identify a user's guard relay(s). Finally, we are also able to link two connections from the same initiator with a crossover error rate of less than 1.5% in under 5 minutes. Our attacks are also more accurate and require fewer resources than previous attacks on Tor.
KW - Anonymity
KW - Attacks
KW - Throughput
UR - http://www.scopus.com/inward/record.url?scp=80755187817&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80755187817&partnerID=8YFLogxK
U2 - 10.1145/2046707.2046732
DO - 10.1145/2046707.2046732
M3 - Conference contribution
AN - SCOPUS:80755187817
SN - 9781450310758
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 215
EP - 226
BT - CCS'11 - Proceedings of the 18th ACM Conference on Computer and Communications Security
T2 - 18th ACM Conference on Computer and Communications Security, CCS'11
Y2 - 17 October 2011 through 21 October 2011
ER -