200 likes | 380 Views
Attacks Against Tor. Low-Resource Routing. Note. Those experiments has been taken in 08/2006 Based on TOR version 0.1.1.23 with 420 nodes Now TOR version is 3.5.3 with 5553 nodes. The advantage became a backdoor.
E N D
Attacks Against Tor Low-Resource Routing
Note • Those experiments has been taken in 08/2006 • Based on TOR version 0.1.1.23 with 420 nodes • Now TOR version is 3.5.3 with 5553 nodes
The advantage became a backdoor • Tor’s routing optimizations impact its ability to provide strong anonymity !! • Other attacks against Tor have focused upon traffic analysis and locating hidden services. (e.g. a low cost traffic analysis technique that allowed an outside observer to infer which nodes are being used to relay a circuit’s traffic, but could not trace the connection to the initiating client) • We present new methods for compromising the security of the Tor anonymous overlay network answering the following questions: • How can we minimize the requirements necessary for any adversary to compromise the anonymity of a flow ? • How can we harden Tor against our attacks?
The plan • We will have a lying adversary —by exaggerating its resource claims — can compromise an unfair percentage of Tor entry and exit nodes • To deploy new node inside the TOR routing network • Force TOR to choice those node by using its criteria to elect the nodes • Make this lying adversary compromise the path even before the data transfer began.
The work • TOR network have the following basic elements: • Trusted directories • TOR Proxy (Onion Proxy or the Client) • TOR nodes • Entry guard node (One) • Middle node (Many) • Exit node (one) • The target
Trusted Directories • Those are trusted and elected by the tor network to get into its network • Can be claimed when initiate the connection or use the default list that already exits • They will elect the Entry Guard node
Entry Guard • The Gate to the TOR network • Chose based on: • Bandwidth (fast) • Up-Time (Stable) When any Volunteer node has more of those it will be better. Choice based on the MEDIAN between all nodes
The Middle node • Chose based on: • Bandwidth (fast) (Not the best) • Up-Time (Stable) (Not the best) Pr =
The Exit Node: • Also TOR take into consideration the number of allowed TCP ports for exit node https://atlas.torproject.org/#details/350A0BD2E19CB579AFA07044CCE36AA745E0D4A1
The Attack Model Resource Reduction Selective Path Disruption
Get the results (1) • In order for the attack to reveal enough information to correlate client requests to server responses through Tor • Each malicious router logs the following information for each cell received: • (1) its location on the current circuit’s path • (2) local timestamp • (3) previous circuit ID • (4) previous IP address • (5) previous connection’s port • (6) next hop’s IP address • (7) next hop’s port • (8) next hop’s circuit ID • All of this information is easy to retrieve from each malicious Tor router
Get the Results (2) • In order to exploit the circuit building algorithm, it is necessary to associate the timing of each step and analyze the patterns in the number and direction of the cells recorded. • The entry node verifies that the circuit request is originating from a Tor proxy, not a router (Entry is the only one in the trusted directory server) • It is necessary to verify that the next hop for an entry node is the same as the previous hop of the exit node. (In case 3 node involve only) • Finally verified that the cell headed towards the exit node from the entry node is received before the reply from the exit node. • If every step in the algorithm is satisfied, then the circuit has been compromised.
The Real Environment Tor at that time consisted from 420
Comparing the Uniform Selection and Experimental Result 52 Increased 76 Increased
Attack Extension • Compromising Existing Clients • Improving Performance Under the Resource Reduced Attack • Displacing Honest Entry Guards • Compromising Only the Entry Node
Proposed Defense • Resource Verification • Verifying Uptime • Centralized Bandwidth Verification • Distributed Bandwidth Verification • Distributed Reputation System (BW and Uptime) • Mitigating Sybil Attacks • Alternative Routing Strategies • Proximity Awareness • Loose Routing • Local Reputation-based Routing (for node in the same path)