Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anupam Das , Nikita Borisov

Published byΕύανδρος Ελευθεριάδης Modified over 5 years ago

Similar presentations

Presentation on theme: "Anupam Das , Nikita Borisov"— Presentation transcript:

1 Securing Anonymous Communication Channels under the Selective DoS Attack
Anupam Das , Nikita Borisov University of Illinois at Urbana-Champaign (UIUC) FC 2013 11/23/2018

2 Outline Anonymous Communication (Tor) Selective DoS attack
Our Detection Mechanism Evaluation Conclusion 11/23/2018

3 Anonymous Communication
Hides user identity and defends users against internet surveillance and traffic analysis. The most widely used anonymity network is Tor ~3000 Tor Relays ~500,000 Users daily 11/23/2018

4 How Tor Works Tor Relay Encrypted link M M M M Unencrypted link originally sponsored by the US Naval Research Laboratory Since 2006 has been it’s own nonprofit organization Tor protects user identity by bouncing communications around a distributed network of relays run by volunteers all around the world. Tor circuit /tunnel is built incrementally one hop by one hop Layered encryption is used Each router knows only its predecessor and successor 11/23/2018

5 Threats in Tor Probability of circuits being compromised:
Tor relays are run by volunteers. So they can be malicious. Anonymity broken Probability of circuits being compromised: Assuming t fraction of the bandwidth is controlled by a malicious authority. 11/23/2018

6 Selective DoS in Tor C- Compromised H- Honest Relay Not Dropped
Entry Middle Exit H C Entry Middle Exit C H Dropped 11/23/2018

7 Impact of Selective DoS
Under Normal Condition: Under Selective DoS: 11/23/2018

8 Our Goal Design a detection mechanism that can distinguish compromised circuits from non-compromised circuits. We propose a 2-phase probing algorithm. Generate candidate circuits Identify potentially compromised circuits Threat Model: Small fraction (~20%) of relays are compromised Compromised relays perform selective DoS attack. 11/23/2018

9 Our Detection Mechanism
Phase 1. Generate N working Tor circuits and test the reliability of the circuits by retrieving a web page through the circuit. Entry Middle Exit H C Entry Middle Exit H C Test reliability Circuits that survive 1st phase and passed onto the 2nd phase 11/23/2018

10 Our Detection Mechanism
Phase 2. For each circuit choose K other random exit and middle relays. Test reliability of the modified circuits. Test Reliability Modified Circuits Entry Middle Exit Hi Hj Hk . Cm Cn Cp Ca Hb Cc Entry Middle Exit Hi Hb Cp Hi Cp Repeat the process K times for each circuit. Hb For each circuit keep track of the no. of success M IF(M>=Threshold) classify as potentially honest circuit 11/23/2018

11 Probabilistic Analysis
Assuming t fraction of the bandwidth is controlled by a malicious authority. (t≈20%) Entry Middle Exit C H For t=0.2, (1-t)3 >> t2 So majority of the circuits in the second phase are honest. Therefore compromised circuits should have low success rate after circuit modification. 11/23/2018

12 Complex Attacks What if compromised nodes don’t always drop to avoid detection? We consider 2 types of dropping strategy- Random drop Strategic drop Entry Middle Exit H C Random Drop: Drops with probability d Strategic Drop: Don’t drop circuits of form XXC as they are helpful in the 2nd phase 11/23/2018

13 Disguising Probes To make probes indistinguishable from user traffic we adopt the following strategies- Use popular websites as probing destination Alexa lists the top popular websites Replay non-sensitive browsing history as probes Randomize the middle relay from the set of (N-1) available relays after phase 1 11/23/2018

14 Evaluation Simulation setup:
We evaluate our approach through both simulation and real world experiments. Simulation setup: Gathered Tor node info from torstatus.blutmagie.de/ Randomly assigned 20% bandwidth to be compromised. To approximate the failure rate present in the current Tor network we take the help of TorFlow project [Torflow project. We generate 10,000 Tor circuits and record their failure rate. Average failure rate after 10 run was found to be approximately 23%. 11/23/2018

15 Simulation Results As drop rate d increases the probability of selecting a compromised circuits decreases 11/23/2018

16 Fraction of compromised guards Pr(not compromised) (Conventional Tor)
Real World Experiments We use Emulab and PlanetLab machines for our experimental setup. 11 Emulab machines= 10 run Tor protocol (20Kbps)+1 acted as server (gathering timing info from the other 10 machines) [Bauer et al. WPES 07] Extracted 40 other regular Tor node and added our 10 compromised nodes (t=20%). Use PlanetLab machines as clients. Fraction of compromised guards Pr(not compromised) Pr(not compromised) (Conventional Tor) 1.0 1/3 0.867 2/3 0.843 0.612 1 0.0 For implementing selective-DoS we take an approach similar to the one described by Bauer et al. (WPES 07). We modify Tor source code tor 11/23/2018

17 Overhead Approximation
Each usable circuit requires 4 probes Each probe size is 300KB (avg. size of the most popular web pages) So the total traffic used by a single user every one hour is (6*3*300*4)KB≈21MB Currently, Tor’s Bandwidth capacity = 3.21GB/s Approximately 5% of the bandwidth can be used to satisfy the current peak demand 11/23/2018

18 Related Work Danner et al. [FC 2009] proposed a probing technique where they create O(n*l) circuits to identify compromised relays. [where n= no. of relays, l=no. of times each probe is repeated] However, They don’t consider strategic adaptation by malicious nodes like random dropping. More suitable as a centralized approach. Otherwise it would not be scalable. Probes might be more easier to distinguish. Mike Perry (Tor Performance Developer) recently proposed: Client-side accounting mechanism that tracks the circuit failure rate for each of the client’s entry nodes. 11/23/2018

19 Conclusion Our detection algorithm filters out potentially compromised Tor circuits with high probability. We also show that adaptive adversaries who choose to deny service probabilistically do not benefit from adopting such strategy. Future Work: Can we lower the cost of probing/overhead? Can we not use probing at all? Maybe use historical data 11/23/2018

20 Questions 11/23/2018

Download ppt "Anupam Das , Nikita Borisov"

Similar presentations

Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.

ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Informed Detour Selection Helps Reliability Boulat A. Bash.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Informed Detour Selection Helps Reliability Boulat A. Bash.
ToR. Tor: anonymity online Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet.

ToR. Tor: anonymity online Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Similar presentations

Ads by Google