1 / 16

Tor and Timing Attacks

Tor and Timing Attacks. An attack within the accepted attacker model. Onion Routing 2 A real system for users Only true antecedent was ZKS’s Freedom Network A variety of system enhancements PFS, congestion control, directory servers, etc. Onion Routing. Initiator-chosen paths

Télécharger la présentation

Tor and Timing Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Tor and Timing Attacks An attack within the accepted attacker model

  2. Onion Routing 2 • A real system for users • Only true antecedent was ZKS’s Freedom Network • A variety of system enhancements • PFS, congestion control, directory servers, etc.

  3. Onion Routing • Initiator-chosen paths • Instead of flipping a coin, the Initiator chooses the entire path and builds an onion. IàXàYàZàR • Layered encryption of data using the public key of each proxy in the path. {Z,{R,data}Kz+}Ky+ {Y,{Z,{R,data}Kz+}Ky+}Kx+ {R,data}Kz+ data • Sending the onion • I àX: {Y,{Z,{R,data}Kz+}Ky+}Kx+ • XàY: {Z,{R,data}Kz+}Ky+ • YàZ: {R,data}Kz+ • ZàR: data

  4. Tor Goals • Deployability • Cannot be too expensive • Cannot be too troublesome or risky • Cannot require websites to run something different • Usability • Flexibility (& Good Specs) • Simple Design

  5. Attack Model • What is the Tor Attack Model? • Why is the model important?

  6. 17 ms 12 ms Timing Attacks • Timings say if they’re on the same path • “Firstness” & “Lastness” can be determined • Why? R X Y I A1 A2

  7. A Timing Attack • Danezis 2004 • Model: Global Passive Eavesdropper • Idea • Gather timings of packets at all end points (entry and exit points) • Given a set of entry timings, produce a model of the exit timings. Look for a match. • Result: Attacker obtains many correct matches

  8. Another Timing Attack • Levine, et al., 2004 • Model: Substantial % of Tor servers (e.g. 10%) • Passive, in a sense • Idea • See 2 slides ago • Handle errors gracefully • Repeat for many rounds • Result: Attacker can get many good matches over time

  9. A Note On the Tor Paper • A Gold Mine! • 28 different attacks • 15 Open Questions • 9 Future Directions • Problem Selection • Is it interesting? • How hard a question? • Rough guesses?

  10. Low-Cost Traffic Analysis of Tor • Murdoch & Danezis, Oakland ‘05 • A novel attack • within Tor’s attack model • Key features under attack • Low-latency communication • Ease of entry & ability to use the system

  11. M&D Attack Model • What is it? • How does it compare to prior models we have discussed? • Is it realistic? • Can it be stopped?

  12. The Attack Setup Init. Resp. T1 T2 T3 A

  13. The Attack Idea • Tor uses Round Robin sending • each stream gets a turn • If a stream has no packets, it gets skipped • Imagine node T2 has just two streams • A and Initiator • A is always on • What happens when Initiator sends a pkt?

  14. Testing the Attack • Set up a “victim” • Set up the attack server • Probes • Correlation?

  15. Results • Some success • Usually higher correlation w/ pattern • Limits • Some failure • Not clear where to set a dividing line • Enhancements Possible

  16. Defenses • Cover traffic • Just filling the links is no good • Lots of traffic required? • Delay • perfect interference • non-interference

More Related