Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting

Mittal, Prateek; Khurshid, Ahmed; Juen, Joshua; Caesar, Matthew; Borisov, Nikita

doi:10.1145/2046707.2046732

Cited by 82 publications

(74 citation statements)

References 32 publications

(44 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our method assumed that the adversaries were in a position to perturb the victim traffic by colluding with the server, and are in control of various network vantage points, from where they can remotely observe variations in network bandwidth. Mittal et al [16] demonstrated a modified version of the Murdoch and Danezis' attack that relies on path bandwidth variation.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records

Chakravarty

Barbera

Portokalidis

et al. 2014

Passive and Active Measurement

View full text Add to dashboard Cite

Abstract. We investigate the feasibility of mounting a de-anonymization attack against Tor and similar low-latency anonymous communication systems by using NetFlow records. Previous research has shown that adversaries with the ability to eavesdrop in real time at a few internet exchange points can effectively monitor a significant part of the network paths from Tor nodes to destination servers. However, the capacity of current networks makes packet-level monitoring at such a scale quite challenging. We hypothesize that adversaries could use less accurate but readily available monitoring facilities, such as Cisco's NetFlow, to mount large-scale traffic analysis attacks. In this paper, we assess the feasibility and effectiveness of traffic analysis attacks against Tor using NetFlow data. We present an active traffic analysis technique based on perturbing the characteristics of user traffic at the server side, and observing a similar perturbation at the client side through statistical correlation. We evaluate the accuracy of our method using both in-lab testing and data gathered from a public Tor relay serving hundreds of users. Our method revealed the actual sources of anonymous traffic with 100% accuracy for the in-lab tests, and achieved an overall accuracy of 81.6% for the real-world experiments with a false positive rate of 5.5%.

show abstract

Section: Related Workmentioning

confidence: 99%

“…tacker could follow a more focused approach by employing existing techniques [7,16] to identify the actual relays used by the victim's circuit, and only monitor those.…”

Section: Approachmentioning

confidence: 99%

On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records

Chakravarty

Barbera

Portokalidis

et al. 2014

Passive and Active Measurement

View full text Add to dashboard Cite

show abstract

“…Most of the research on Tor has focused on techniques aimed at degrading user's anonymity by means of congestion attacks (Evans et al [7], Murdoch and Danezis [19]), web page fingerprints (Shi and Matsura [23]), observations of the throughput of Tor streams (Mittal et al [16]), or by means of colluding nodes (Fu et al [9], Levine et al [14]). Other attacks study the potential threat of a (semi) global adversary (Murdoch and Zieliński [17], Edman and Syverson [6], Chakravarty et al [3]), although this does not fit into Tor's original adversary model.…”

Section: Related Workmentioning

confidence: 99%

CellFlood: Attacking Tor Onion Routers on the Cheap

Barbera

Kemerlis

Pappas

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we introduce a new Denial-of-Service attack against Tor Onion Routers and we study its feasibility and implications. In particular, we exploit a design flaw in the way Tor software builds virtual circuits and demonstrate that an attacker needs only a fraction of the resources required by a network DoS attack for achieving similar damage. We evaluate the effects of our attack on real Tor routers and we propose an estimation methodology for assessing the resources needed to attack any publicly accessible Tor node. Finally, we present the design and implementation of an effective solution to the problem that relies on cryptographic client puzzles, and we present results from its performance and effectiveness evaluation.

show abstract

“…For example, several attacks have been proposed [12,17,24,27] that rely on measuring the latency or throughput of a Tor circuit to draw inferences about its source and destination. If an algorithm improves the throughput or responsiveness of Tor circuits this can improve the accuracy of the measurements used by these attacks either directly or by averaging a larger sample.…”

Section: Introductionmentioning

confidence: 99%

How Low Can You Go: Balancing Performance with Anonymity in Tor

Geddes

Jansen

Hopper

2013

Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract. Tor is one of the most popular anonymity systems in use today, in part because of its design goal of providing high performance. This has motivated research into performance enhancing modifications to Tor's circuit scheduling, congestion control, and bandwidth allocation mechanisms. This paper investigates the effects of these proposed modifications on attacks that rely on network measurements as a side channel. We introduce a new class of induced throttling attacks in this space that exploit performance enhancing mechanisms to artificially throttle a circuit. We show that these attacks can drastically reduce the set of probable entry guards on a circuit, in many cases uniquely identifying the entry guard. Comparing to existing attacks, we find that although most of the performance enhancing modifications improve the accuracy of network measurements, the effectiveness of the attacks is reduced in some cases by making the Tor network more homogeneous. We conclude with an analysis of the total reduction in anonymity that clients face due to each proposed mechanism.

show abstract

Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting

Cited by 82 publications

References 32 publications

On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records

On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records

CellFlood: Attacking Tor Onion Routers on the Cheap

How Low Can You Go: Balancing Performance with Anonymity in Tor

Contact Info

Product

Resources

About