-
7/30/2019 Tor Users Routed Slides
1/75
Users Get Routed: Traffic Correlationon Tor by Realistic
Adversaries
Aaron Johnson1 Chris Wacek2 Rob J ansen1
Micah Sherr2 Paul Syverson1
1U.S. Naval Research Laboratory, Washington, DC2 Georgetown
University, Washington, DC
MPI-SWSJuly 29, 2013
1
-
7/30/2019 Tor Users Routed Slides
2/75
2
Summary: What is Tor?
-
7/30/2019 Tor Users Routed Slides
3/75
3
Tor is a system for anonymous communication.
Summary: What is Tor?
-
7/30/2019 Tor Users Routed Slides
4/75
4
Summary: What is Tor?
Tor is a system for anonymous communication.popular
^
Over 500000 daily users and 2.4GiB/s aggregate
-
7/30/2019 Tor Users Routed Slides
5/75
5
Summary: Who uses Tor?
-
7/30/2019 Tor Users Routed Slides
6/75
6
Summary: Who uses Tor?
Individualsavoidingcensorship
Individuals
avoidingsurveillance
J ournalistsprotectingthemselves orsources
Law enforcementduringinvestigations
Intelligence
analysts forgathering data
-
7/30/2019 Tor Users Routed Slides
7/75
7
Summary: Tors Big Problem
-
7/30/2019 Tor Users Routed Slides
8/75
8
Summary: Tors Big Problem
-
7/30/2019 Tor Users Routed Slides
9/75
9
Summary: Tors Big Problem
-
7/30/2019 Tor Users Routed Slides
10/75
10
Summary: Tors Big Problem
-
7/30/2019 Tor Users Routed Slides
11/75
-
7/30/2019 Tor Users Routed Slides
12/75
12
Summary: Tors Big Problem
Traffic Correlation Attack Congestion attacks Throughput attacks
Latency leaks
Website fingerprinting Application-layer leaks Denial-of-Service
attacks
-
7/30/2019 Tor Users Routed Slides
13/75
13
Summary: Our Contributions
-
7/30/2019 Tor Users Routed Slides
14/75
14
Summary: Our Contributions
1. Empirical analysis of traffic correlationthreat
2. Develop adversary framework andsecurity metrics
3. Develop analysis methodology and tools
-
7/30/2019 Tor Users Routed Slides
15/75
Overview Summary
Tor Background Tor Security Analysis
oAdversary Framework
oSecurity Metrics
o Evaluation Methodology
oNode Adversary Analysiso Link Adversary Analysis
Future Work15
-
7/30/2019 Tor Users Routed Slides
16/75
Overview Summary
Tor Background Tor Security Analysis
oAdversary Framework
oSecurity Metrics
o Evaluation Methodology
oNode Adversary Analysiso Link Adversary Analysis
Future Work16
-
7/30/2019 Tor Users Routed Slides
17/75
-
7/30/2019 Tor Users Routed Slides
18/75
-
7/30/2019 Tor Users Routed Slides
19/75
Users DestinationsOnion Routers
19
Background: Onion Routing
-
7/30/2019 Tor Users Routed Slides
20/75
Users DestinationsOnion Routers
20
Background: Onion Routing
-
7/30/2019 Tor Users Routed Slides
21/75
Users DestinationsOnion Routers
21
Background: Onion Routing
-
7/30/2019 Tor Users Routed Slides
22/75
22
Background: Using Circuits
-
7/30/2019 Tor Users Routed Slides
23/75
23
Background: Using Circuits
1. Clients begin all circuits with a selected guard.
-
7/30/2019 Tor Users Routed Slides
24/75
-
7/30/2019 Tor Users Routed Slides
25/75
25
Background: Using Circuits
1. Clients begin all circuits with a selected guard.
2. Relays define individual exit policies.3. Clients multiplex
streams over a circuit.
-
7/30/2019 Tor Users Routed Slides
26/75
26
Background: Using Circuits
1. Clients begin all circuits with a selected guard.
2. Relays define individual exit policies.3. Clients multiplex
streams over a circuit.4. New circuits replace existing ones
periodically.
-
7/30/2019 Tor Users Routed Slides
27/75
Overview Summary
Tor Background Tor Security Analysis
oAdversary Framework
oSecurity Metrics
o Evaluation Methodology
o
Node Adversary Analysiso Link Adversary Analysis
Future Work27
-
7/30/2019 Tor Users Routed Slides
28/75
28
Adversary Framework
-
7/30/2019 Tor Users Routed Slides
29/75
29
Adversary Framework
-
7/30/2019 Tor Users Routed Slides
30/75
30
Adversary Framework
-
7/30/2019 Tor Users Routed Slides
31/75
-
7/30/2019 Tor Users Routed Slides
32/75
Adversary Framework
ResourceTypes
Relays Bandwidth Autonomous
Systems(ASes)
Internet
ExchangePoints (IXPs) Money
32
-
7/30/2019 Tor Users Routed Slides
33/75
-
7/30/2019 Tor Users Routed Slides
34/75
Adversary Framework
ResourceTypes
Relays Bandwidth Autonomous
Systems(ASes)
Internet
ExchangePoints (IXPs) Money
Resource
Endowment
Destinationhost
5% Torbandwidth
Source AS
Equinix IXPs
Goal
Target a givenuserscommunication
Compromiseas much trafficas possible
Learn whouses Tor
Learn what Toris used for
34
-
7/30/2019 Tor Users Routed Slides
35/75
-
7/30/2019 Tor Users Routed Slides
36/75
Prior metrics
Security Metrics
-
7/30/2019 Tor Users Routed Slides
37/75
-
7/30/2019 Tor Users Routed Slides
38/75
Prior metrics
1. Probability of choosing bad guard and exita. c2 / n2 :
Adversary controls c ofn relays
b. ge : g guard and e exit BW fractions are bad
2. Probability some AS/IXP exists on both entryand exit paths
(i.e. path independence)
Security Metrics
-
7/30/2019 Tor Users Routed Slides
39/75
S i M i
-
7/30/2019 Tor Users Routed Slides
40/75
Principles
1. Probability distribution
2. Measure on human timescales
3. Based on adversaries
40
Security Metrics
-
7/30/2019 Tor Users Routed Slides
41/75
-
7/30/2019 Tor Users Routed Slides
42/75
Overview Background
Onion Routing Security Analysiso Problem: Traffic
correlation
oAdversary Model
oSecurity Metrics
o Evaluation Methodology
oNode Adversary Analysis
o Link Adversary Analysis
Future Work
42
-
7/30/2019 Tor Users Routed Slides
43/75
TorPS: The Tor Path Simulator
43
User Model Client SoftwareModel
Streams
Network Model
Relaystatuses
StreamCircuitmappings
-
7/30/2019 Tor Users Routed Slides
44/75
TorPS: The Tor Path Simulator
44
User Model Client SoftwareModel
Streams
Network Model
Relaystatuses
StreamCircuitmappings
T PS U M d l
-
7/30/2019 Tor Users Routed Slides
45/75
TorPS: User Model
4520-minute traces
Gmail/GChat
Gcal/GDocs
Facebook
Web search
IRC
BitTorrent
-
7/30/2019 Tor Users Routed Slides
46/75
T PS U M d l
-
7/30/2019 Tor Users Routed Slides
47/75
TorPS: User Model
4720-minute traces
Gmail/GChat
Gcal/GDocs
Facebook
Web search
IRC
BitTorrent
Typical
Session schedule
One session at9:00, 12:00,
15:00, and 18:00Su-Sa
Repeated sessions
8:00-17:00, M-FRepeated sessions0:00-6:00, Sa-Su
TorPS User Model
-
7/30/2019 Tor Users Routed Slides
48/75
TorPS: User Model
4820-minute traces
Gmail/GChat
Gcal/GDocs
Facebook
Web search
IRC
BitTorrent
Typical
Session schedule
One session at9:00, 12:00,
15:00, and 18:00Su-Sa
Repeated sessions
8:00-17:00, M-FRepeated sessions0:00-6:00, Sa-Su
Worst Port
(6523)Best Port(443)
-
7/30/2019 Tor Users Routed Slides
49/75
Rank Port # Exit BW %Long-Lived
Application
1 8300 19.8 Yes iTunes?
2 6523 20.1 Yes Gobby
3 26 25.3 No (SMTP+1)
65312 993 89.8 No IMAP SSL
65313 80 90.1 No HTTP
65314 443 93.0 No HTTPS
49
TorPS: User Model
Default-accept ports by exit capacity.
-
7/30/2019 Tor Users Routed Slides
50/75
TorPS: User ModelModel
Streams/week
IPs Ports (#s)
Typical 2632 205 2 (80, 443)
IRC 135 1 1 (6697)
BitTorrent 6768 171 118
WorstPort 2632 205 1 (6523)
BestPorst 2632 205 1 (443)
50
User model stream activity
TorPS The Tor Path Simulator
-
7/30/2019 Tor Users Routed Slides
51/75
TorPS: The Tor Path Simulator
51
User Model Client SoftwareModel
Streams
Network Model
Relaystatuses
StreamCircuitmappings
-
7/30/2019 Tor Users Routed Slides
52/75
TorPS: The Tor Path Simulator
-
7/30/2019 Tor Users Routed Slides
53/75
TorPS: The Tor Path Simulator
53
User Model Client SoftwareModel
Streams
Network Model
Relaystatuses
StreamCircuitmappings
TorPS: The Tor Path Simulator
-
7/30/2019 Tor Users Routed Slides
54/75
TorPS: The Tor Path Simulator
Reimplemented path selection in Python Based on current Tor
stable version (0.2.3.25)
Major path selection features include Bandwidth weighting Exit
policies
Guards and guard rotation Hibernation /16 and family
conflicts
Omits effects of network performance54
Client Software Model
-
7/30/2019 Tor Users Routed Slides
55/75
Overview Background
Onion Routing Security Analysiso Problem: Traffic
correlation
oAdversary Model
oSecurity Metricso Evaluation Methodology
oNode Adversary Analysis
o Link Adversary Analysis
Future Work
55
-
7/30/2019 Tor Users Routed Slides
56/75
Node Adversary
-
7/30/2019 Tor Users Routed Slides
57/75
Node Adversary
57
100 MiB/s total bandwidth
Probability to compromise at least one stream and rate of
compromise, 10/12 3/13.
-
7/30/2019 Tor Users Routed Slides
58/75
-
7/30/2019 Tor Users Routed Slides
59/75
-
7/30/2019 Tor Users Routed Slides
60/75
Node Adversary Results
-
7/30/2019 Tor Users Routed Slides
61/75
y
Time to first compromisedexit, 10/12 3/13
Fraction compromisedexits, 10/12 3/13
61
Node Adversary Results
-
7/30/2019 Tor Users Routed Slides
62/75
Time to first compromised circuit, 10/12-3/13
62
y
-
7/30/2019 Tor Users Routed Slides
63/75
Overview Background
Onion Routing Security Analysiso Problem: Traffic
correlation
oAdversary Model
oSecurity Metricso Evaluation Methodology
oNode Adversary Analysis
o Link Adversary Analysis
Future Work
63
Link Adversary
-
7/30/2019 Tor Users Routed Slides
64/75
64
Link AdversaryAS8
-
7/30/2019 Tor Users Routed Slides
65/75
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7
1. Autonomous Systems (ASes)
AS6
65
Link AdversaryAS8
-
7/30/2019 Tor Users Routed Slides
66/75
1. Autonomous Systems (ASes)
2. Internet Exchange Points (IXPs)
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7
AS6
66
-
7/30/2019 Tor Users Routed Slides
67/75
Link AdversaryAS8
-
7/30/2019 Tor Users Routed Slides
68/75
1. Autonomous Systems (ASes)
2. Internet Exchange Points (IXPs)
3. Adversary has fixed location
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7
AS6
68
Link AdversaryAS8
-
7/30/2019 Tor Users Routed Slides
69/75
1. Autonomous Systems (ASes)
2. Internet Exchange Points (IXPs)
3. Adversary has fixed location4. Adversary may control multiple
entitiesa. Top ASes
b. IXP organizations
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7
AS6
69
-
7/30/2019 Tor Users Routed Slides
70/75
-
7/30/2019 Tor Users Routed Slides
71/75
-
7/30/2019 Tor Users Routed Slides
72/75
-
7/30/2019 Tor Users Routed Slides
73/75
-
7/30/2019 Tor Users Routed Slides
74/75
-
7/30/2019 Tor Users Routed Slides
75/75
