170 likes | 342 Views
Tor and Timing Attacks. An attack within the accepted attacker model. Onion Routing 2 A real system for users Only true antecedent was ZKS’s Freedom Network A variety of system enhancements PFS, congestion control, directory servers, etc. Onion Routing. Initiator-chosen paths
E N D
Tor and Timing Attacks An attack within the accepted attacker model
Onion Routing 2 • A real system for users • Only true antecedent was ZKS’s Freedom Network • A variety of system enhancements • PFS, congestion control, directory servers, etc.
Onion Routing • Initiator-chosen paths • Instead of flipping a coin, the Initiator chooses the entire path and builds an onion. IàXàYàZàR • Layered encryption of data using the public key of each proxy in the path. {Z,{R,data}Kz+}Ky+ {Y,{Z,{R,data}Kz+}Ky+}Kx+ {R,data}Kz+ data • Sending the onion • I àX: {Y,{Z,{R,data}Kz+}Ky+}Kx+ • XàY: {Z,{R,data}Kz+}Ky+ • YàZ: {R,data}Kz+ • ZàR: data
Tor Goals • Deployability • Cannot be too expensive • Cannot be too troublesome or risky • Cannot require websites to run something different • Usability • Flexibility (& Good Specs) • Simple Design
Attack Model • What is the Tor Attack Model? • Why is the model important?
17 ms 12 ms Timing Attacks • Timings say if they’re on the same path • “Firstness” & “Lastness” can be determined • Why? R X Y I A1 A2
A Timing Attack • Danezis 2004 • Model: Global Passive Eavesdropper • Idea • Gather timings of packets at all end points (entry and exit points) • Given a set of entry timings, produce a model of the exit timings. Look for a match. • Result: Attacker obtains many correct matches
Another Timing Attack • Levine, et al., 2004 • Model: Substantial % of Tor servers (e.g. 10%) • Passive, in a sense • Idea • See 2 slides ago • Handle errors gracefully • Repeat for many rounds • Result: Attacker can get many good matches over time
A Note On the Tor Paper • A Gold Mine! • 28 different attacks • 15 Open Questions • 9 Future Directions • Problem Selection • Is it interesting? • How hard a question? • Rough guesses?
Low-Cost Traffic Analysis of Tor • Murdoch & Danezis, Oakland ‘05 • A novel attack • within Tor’s attack model • Key features under attack • Low-latency communication • Ease of entry & ability to use the system
M&D Attack Model • What is it? • How does it compare to prior models we have discussed? • Is it realistic? • Can it be stopped?
The Attack Setup Init. Resp. T1 T2 T3 A
The Attack Idea • Tor uses Round Robin sending • each stream gets a turn • If a stream has no packets, it gets skipped • Imagine node T2 has just two streams • A and Initiator • A is always on • What happens when Initiator sends a pkt?
Testing the Attack • Set up a “victim” • Set up the attack server • Probes • Correlation?
Results • Some success • Usually higher correlation w/ pattern • Limits • Some failure • Not clear where to set a dividing line • Enhancements Possible
Defenses • Cover traffic • Just filling the links is no good • Lots of traffic required? • Delay • perfect interference • non-interference