Abstract Anonymous communication networks, like Tor, partially protect the confidentiality of user traffic by encrypting all communications within the overlay network. However, when the relayed traffic reaches the boundaries of the network, toward its destination, the original user traffic is inevitably exposed to the final node on the path. As a result, users transmitting sensitive data, like authentication credentials, over such networks, risk having their data intercepted and exposed, unless end-to-end encryption is used. Eavesdropping can be performed by malicious or compromised relay nodes, as well as any rogue network entity on the path toward the actual destination. Furthermore, end-to-end encryption does not assure defense against man-in-the- middle attacks. In this work, we explore the use of decoys at multiple levels for the detection of traffic interception by malicious nodes of proxy-based anonymous communication systems. Our approach relies on the injection of traffic that exposes bait credentials for decoy services requiring user authentication, and URLs to seemingly sensitive decoy documents which, when opened, invoke scripts alerting about being accessed. Our aim was to entice prospective eavesdroppers to access our decoy servers and decoy documents, using the snooped credentials and URLs. We have deployed our prototype implementation in the Tor network using decoy IMAP, SMTP, and HTTPservers. During the course of over 30 months, our system has detected 18 cases of traffic eavesdropping that involved 14 different Tor exit nodes.
AbstractAnonymous communication networks, likeTor, partially
protect the confidentiality of user traffic by encrypting all
communications within the overlay network. However, when the
relayed traffic reaches the boundaries of the network, toward its
destination, the original user traffic is inevitably exposed to the
final node on the path. As a result, users transmitting sensitive
data, like authentication credentials, over such networks, risk
having their data intercepted and exposed, unless end-to-end
encryption is used.Eavesdroppingcan be performed by malicious or
compromised relay nodes, as well as any rogue network entity on the
path toward the actual destination. Furthermore, end-to-end
encryption does not assure defense against man-in-the-middle
attacks. In this work, we explore the use of decoys at multiple
levels for the detection of traffic interception by malicious nodes
of proxy-based anonymous communication systems. Our approach relies
on the injection of traffic that exposes bait credentials for decoy
services requiring user authentication, and URLs to seemingly
sensitive decoy documents which, when opened, invoke scripts
alerting about being accessed. Our aim was to entice prospective
eavesdroppers to access our decoy servers and decoy documents,
using the snooped credentials and URLs. We have deployed our
prototype implementation in theTornetwork using decoy IMAP, SMTP,
andHTTPservers. During the course of over 30months, our system has
detected 18 cases of traffic eavesdropping that involved 14
differentTorexit nodes.
![[Topic Letter / Abstract Number] [Title of your Abstract]](https://img.pdfslide.net/doc/110x75/56812dcf550346895d930f75/topic-letter-abstract-number-title-of-your-abstract.jpg)
