One Cell is Enough to Break Tor’s Anonymity Xinwen Fu University of Massachusetts Lowell Team members Zhen Ling, Southeast University Junzhou Luo, Southeast.

Slides:



Advertisements
Similar presentations
Security Issues In Mobile IP
Advertisements

Secure Mobile IP Communication
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Tor: The Second-Generation Onion Router
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
A New Replay Attack Against Anonymous Communication Networks Xinwen Fu June 30, 2015.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Computer Networks IGCSE ICT Section 4.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)
Computer Science Public Key Management Lecture 5.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
Intranet, Extranet, Firewall. Intranet and Extranet.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
--Harish Reddy Vemula Distributed Denial of Service.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Zhen Ling Southeast University Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery In collaboration with Junzhou Luo, Southeast.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Network Security David Lazăr.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
The Second-Generation Onion Router
TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.
Routing Around Decoys Max Schuchard, John Geddes, Christopher Thompson, Nicholas Hopper Proposed in FOCI'11, USINIX Security'11 and CCS'11 Presented by:
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 22 PHILLIPA GILL - STONY BROOK U.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
The Silk Road: An Online Marketplace
Onion Routing R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
DoS/DDoS attack and defense
Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 CH. 8: SWITCHING & DATAGRAM NETWORKS 7.1.
Dong Xuan: CSE885 on 11/07/07 The Ohio State University 1 Invisible Traceback in the Internet r Reference Wei Yu, Xinwen Fu, Steve Graham, Dong Xuan and.
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
Networking Components Quick Guide. Hubs Device that splits a network connection into multiple computers Data is transmitted to all devices attached Computers.
ROGER DINGLEDINE, NICK MATHEWSON, PAUL SYVERSON THE FREE HAVEN PROJECT &NAVAL RESEARCH LAB PRESENTED BY: COREY WHITE Tor: The Second-Generation Onion Router.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
Cryptography CSS 329 Lecture 13:SSL.
Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:
Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.
Systems Architecture Anonymous Key Agreement Dominik Oepen
Chapter 4 Introduction to Network Layer
Tor Internals and Hidden Services
Computer Data Security & Privacy
Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017
Peer-to-peer system.
Introduction to Networking
Virtual LANs.
Chapter 4 Introduction to Network Layer
0x1A Great Papers in Computer Security
Anupam Das , Nikita Borisov
Network Core and QoS.
Network Core and QoS.
Presentation transcript:

One Cell is Enough to Break Tor’s Anonymity Xinwen Fu University of Massachusetts Lowell Team members Zhen Ling, Southeast University Junzhou Luo, Southeast University Wei Yu, Cisco Systems Inc. Weijia Jia, City Univ. of Hong Kong Wei Zhao, Univ. of Macau

Black Hat DC 2009 Xinwen Lowell 2/41 Outline  Introduction  Basic components and operation of Tor  Protocol-level attacks  Impact of protocol-level attacks  Guideline of countermeasures  Related work  Summary

Black Hat DC 2009 Xinwen Lowell 3/41 Internet Security  Internet has brought convenience to our everyday lives  Internet has many design vulnerabilities Malicious codes (worm and viruses) caused $13.2 billions in financial losses worldwide in 2001  We need to understand these attacks and design corresponding countermeasures  We present our research on a new type of attack against anonymous communication systems

Black Hat DC 2009 Xinwen Lowell 4/41 Traditional Spy Network  Indirectly send secret to Intelligence headquarter through a number of intermediate agents  Protect the intelligence agent (i.e., source of secret) from being identified Intelligence Center

Black Hat DC 2009 Xinwen Lowell 5/41 Outline  Introduction  Basic components and operation of Tor  Protocol-level attacks  Impact of protocol-level attacks  Guideline of countermeasures  Related work  Summary

Black Hat DC 2009 Xinwen Lowell 6/41 Tor  A great Internet anonymous communication network  Volunteer operation model Volunteers around the world donate their computers and network bandwidth Those donated computers form the Tor network based on the Tor protocol Those computers in the Tor network relay user messages down to the destination  Users of Tor Human rights workers Many others: refer to Tor website

Black Hat DC 2009 Xinwen Lowell 7/41 Components of Tor  Client: the user of the Tor network  Server: the target TCP applications such as web servers  Tor (onion) router: the special proxy relays the application data  Directory server: servers holding Tor router information

Black Hat DC 2009 Xinwen Lowell 8/41 How Tor Works? --- Circuits  Alice herself chooses the relay routers and creates circuits through the relay routers Circuit --- communication tunnel from Alice to Bob These circuits are dedicated for Alice  Can the routers along the circuit or a third party find communication relationship by checking the packet header? C1 C2 C3

Black Hat DC 2009 Xinwen Lowell 9/41 How Tor Works? --- Onion Routing Alice Bob OR2 OR1 M √ M  A circuit is built incrementally one hop by one hop  Onion-like encryption Alice negotiates an AES key with each router Messages are divided into equal sized cells Each router knows only its predecessor and successor Only the Exit router (OR3) can see the message, however it does not know where the message is from M OR3 M C1 C2 C3 C1 C2 C3 Port

Black Hat DC 2009 Xinwen Lowell 10/41 Detailed Circuit Setup Steps: One-Hop Circuit Alice (OP) Bob Entry OR (OR1) Middle OR (OR2) Exit OR (OR3) Create C1, E(g^x1) Created C1, g^y1, H(K1) tttt t Legend: E(x) --- RSA encryption {X} --- AES encryption CN --- a circuit ID numbered N (link is TLS-encrypted)

Black Hat DC 2009 Xinwen Lowell 11/41 Two-Hop Circuit Create C1, E(g^x1) Created C1, g^y1, H(K1) Relay C1, {Extend, OR2, E(g^x2)} Create C2, E(g^x2) Created C2 g^y2, H(K2) Relay C1, {Extended, g^y2, H(K2)} tttt t Legend: E(x) --- RSA encryption {X} --- AES encryption CN --- a circuit ID numbered N Alice (OP) Bob Entry OR (OR1) Middle OR (OR2) Exit OR (OR3) (link is TLS-encrypted)

Black Hat DC 2009 Xinwen Lowell 12/41 Three-Hop Circuit Alice (OP) Bob Entry OR (OR1) Middle OR (OR2) Exit OR (OR3) Create C1, E(g^x1) Created C1, g^y1, H(K1) Relay C1, {Extend, OR2, E(g^x2)} Create C2, E(g^x2) Created C2 g^y2, H(K2) Relay C1, {Extended, g^y2, H(K2)} tttt t Relay C1, {{Extend, OR3, E(g^x3)}} Relay C2, {Extend, OR3, E(g^x3)} Relay C2 {Extended, g^y3, H(K3)} Relay C1, {{Extended, g^y3, H(K3)}} Create C3, E(g^x3) Created C3 g^y3, H(K3) Legend: E(x) --- RSA encryption {X} --- AES encryption CN --- a circuit ID numbered N (link is TLS-encrypted)

Black Hat DC 2009 Xinwen Lowell 13/41 Connection Setup Example Alice (OP) Bob Entry OR (OR1) Middle OR (OR2) Exit OR (OR3) Relay C1, {{{Begin }}} Relay C2, {{Begin }} Relay C3, {Begin } TCP Handshake Relay C3, {Connected} Relay C2, {{Connected}} Relay C1, {{{Connected}}} Relay C1, {{{Data, “Hello”}}} Relay C2, {{Data, “Hello”}} Relay C3, {Data, “Hello”} “Hello” Relay C1, {{{End, Reason}}} Relay C2, {{End, Reason>}} Relay C3, {End, Reason} TCP Teardown ttttt (link is TLS-encrypted) (unencrypted) C1 C2 C3 Port

Black Hat DC 2009 Xinwen Lowell 14/41 Outline  Introduction  Basic components and operation of Tor  Protocol-level attacks  Impact of protocol-level attacks  Guideline of countermeasures  Related work  Summary

Black Hat DC 2009 Xinwen Lowell 15/41 Problem Definition of Attacks against Tor  Alice is sending messages to Bob through an encrypted and anonymous circuit, how can Evil confirm the communication relationship between Alice and Bob? Bob Alice Tor Network Evil

Black Hat DC 2009 Xinwen Lowell 16/41 Attack Methodology  If the attacker can determine circuit segments C1 and C3 belong to the same circuit, the attacker confirms the communication relationship for sure Entry knows where the packet comes from and Exit knows where the packet goes C1 C2 C3

Black Hat DC 2009 Xinwen Lowell 17/41 AES Counter – Normal Case  A message comes from Alice through Circuit Segment C1, and goes to Bob after Circuit Segment C3  An AES counter is synchronized through the circuit … … … Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob Entry Router (OR1) Exit Router (OR3) C1C2C3 t tt Middle Router (OR2) t K K t K K K+1

Black Hat DC 2009 Xinwen Lowell 18/41 AES Counter – Replay Attack Case  Replayed message causes a (special) decryption error at the end of circuit C3 at Eve 2 The duplicated message disrupts the counter  Therefore, Circuits C1 and C3 are created by Alice  Claim: Alice is communicating with Bob … … … Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob Eve 1 at Entry Router Eve 2 at Exit Router C1C2C3 t t t t Middle Router K K+1 t K K K M

Black Hat DC 2009 Xinwen Lowell 19/41 AES Counter – Deletion Attack Case  The cell after the deleted cell causes decryption error … … … Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob Eve 1 at Entry Router Eve 2 at Exit Router C1C2C3 t t t t Middle Router K+1 t K+2 K K K K K+1

Black Hat DC 2009 Xinwen Lowell 20/41 AES Counter – Insert Attack Case  The inserted cell causes decryption error … … … Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob Eve 1 at Entry Router Eve 2 at Exit Router C1C2C3 t t t t Middle Router K+1 t K K K K

Black Hat DC 2009 Xinwen Lowell 21/41 AES Counter – Modify Attack Case  The modified cell causes decryption error … … … Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob, Message M KBKB KAKA … KnKn Alice K1K1 Bob Eve 1 at Entry Router Eve 2 at Exit Router C1C2C3 t t t t Middle Router t K K K K

Black Hat DC 2009 Xinwen Lowell 22/41 Issues in Attacks Above  Which cells and when to manipulate The circuit is torn down when there is decryption error  How to make attack stealthy Broken circuits may render Alice’s attention

Black Hat DC 2009 Xinwen Lowell 23/41 Which Cells and When to Manipulate  Target data cells after the circuit is built  Identify protocol status by counting cells Alice (OP) Bob Entry OR (OR1) Middle OR (OR2) Exit OR (OR3) Relay C1, {{{Begin }}} Relay C2, {{Begin }} Relay C3, {Begin } TCP Handshake Relay C3, {Connected} Relay C2, {{Connected}} Relay C1, {{{Connected}}} Relay C1, {{{Data, “Hello”}}} Relay C2, {{Data, “Hello”}} Relay C3, {Data, “Hello”} “Hello” Relay C1, {{{End, Reason}}} Relay C2, {{End, Reason>}} Relay C3, {End, Reason} TCP Teardown tt tt t (link is TLS-encrypted) (unencrypted)

Black Hat DC 2009 Xinwen Lowell 24/41 How to Make Attack Stealthy  Insert and replay attacks are very flexible and can be made stealthy can be applied freely  When there is no traffic and a circuit is idle (the circuit already carried target traffic)  At the end of the lifetime of a circuit Default lifetime is 10 minutes Before teardown While holding teardown commands

Black Hat DC 2009 Xinwen Lowell 25/41 Experiment Setup  One computer was setup as an exit router  It takes two days for our second computer to become an entry router

Black Hat DC 2009 Xinwen Lowell 26/41 26/15 Decryption Error Time v.s. Duplication Time

Black Hat DC 2009 Xinwen Lowell 27/41 Outline  Introduction  Basic components and operation of Tor  Protocol-level attacks  Impact of protocol-level attacks  Guideline of countermeasures  Related work  Summary

Black Hat DC 2009 Xinwen Lowell 28/41 Impact  Metrics: probability that a circuit chooses malicious Tor routers A circuit chooses a malicious entry and exit, it is done  Attackers can do the following in order to increase the probability Scheme 1: Inject (donate) high-bandwidth routers into the Tor network Scheme 2: Compromise high-bandwidth Tor routers into the Tor network

Black Hat DC 2009 Xinwen Lowell 29/41 Big Impact: 9% v.s. 60%

Black Hat DC 2009 Xinwen Lowell 30/41 Protocol-level Attack v.s. Brute Force Attack  Brute force attack: attackers occupy all routers on a circuit

Black Hat DC 2009 Xinwen Lowell 31/41 Outline  Introduction  Basic components and operation of Tor  Protocol-level attacks  Impact of protocol-level attacks  Guideline of countermeasures  Related work  Summary

Black Hat DC 2009 Xinwen Lowell 32/41 Hard to Defend  No easy way to defend against replay, insert, delete and modify attacks because of the anonymity maintained here The attacks are flexible can be deployed at any moment during the life time of a connection What if attackers just attack for DoS?  Careful routing protocols Choose routers in different countries or regions in order to prevent a single organization from deploying the attack

Black Hat DC 2009 Xinwen Lowell 33/41 Outline  Introduction  Basic components and operation of Tor  Protocol-level attacks  Impact of protocol-level attacks  Guideline of countermeasures  Related work  Summary

Black Hat DC 2009 Xinwen Lowell 34/41 Many Attacks Packet level [ WCJ07 ] Traceback over Anonymity networks Flow level [YFG+07] Content Level [ Chr06 ] Protocol Level [ PYFW08 ] Host Level [Mur06]

Black Hat DC 2009 Xinwen Lowell 35/41 Tagging Attacks  Outside attackers mark attacks: use TLS to guarantee integrity  Protocol-level attacks are by inside attackers

Black Hat DC 2009 Xinwen Lowell 36/41 Outline  Introduction  Basic components and operation of Tor  Protocol-level attacks  Impact of protocol-level attacks  Guideline of countermeasures  Related work  Summary

Black Hat DC 2009 Xinwen Lowell 37/41 Summary  We identified a class of new attack, protocol-level attack, against anonymous communication network Tor Need only one cell to confirm the communication relationship One attack can confirm multiple connections using the same circuit Confirmation is a sure thing (100%)  Our experiments validate the feasibility and effectiveness of all attacks  The impact is huge Given 9% percent of Tor routers are malicious, over 60% of the connections can be compromised

Black Hat DC 2009 Xinwen Lowell 38/41 Future Work  Develop countermeasure against the protocol-level attack Tor is a pioneer software for on-line privacy  Fight the abuse of Tor (forensic traceback) Anonymous networks may be abused Government has resource and donates high- performance routers and bandwidth to Tor in exchange of necessary surveillance The abuse of Tor threatens Tor

Black Hat DC 2009 Xinwen Lowell 39/41 Acknowledgment  Tor developers  Other Tor researchers

Black Hat DC 2009 Xinwen Lowell 40/41 References [Chr06]A. Christensen, Practical Onion Hacking: finding the real address of Tor clients, advisories/Practical_Onion_Hacking.pdf, Oct [DMP04]R. Dingledine, N. Mathewson, and P. Syverson, Tor: The second-generation onion router, in Proceedings of the 13th USENIX Security Symposium, 2004 [Mur06]Steven J. Murdoch, Hot or Not: Revealing Hidden Services by their Clock Skew, In Proceedings of ACM CCS, 2006 [PNR05]P. Peng, P. Ning, and D. S. Reeves, On the secrecy of timing-based active watermarking trace-back techniques, in Proceedings of the IEEE Security and Privacy Symposium (S&P), 2006 [PYFW08 ] Ryan Pries, W. Yu, Xinwen Fu and W. Zhao, A New Replay Attack Against Anonymous Communication Networks, In Proceedings of the IEEE International Conference on Communications (ICC), China, May 19-23, 2008 (Best paper award) [WCJ07]X. Wang, S. Chen, and S. Jajodia, Network flow watermarking attack on low-latency anonymous communication systems, in Proceedings of the IEEE Security and Privacy Symposium (S&P), 2007 [YFG+07]W. Yu, Xinwen Fu, S. Graham, Dong Xuan, and W. Zhao, DSSS-based flow marking technique for invisible traceback, in Proceedings of the IEEE Security and Privacy Symposium (S&P), 2007

Black Hat DC 2009 Xinwen Lowell 41/41 Xinwen Fu41/15 Thank you! Xinwen Fu

Black Hat DC 2009 Xinwen Lowell 42/41 Cell Format in Tor

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.