Zhuotao Liu,Yushan Liu,Philipp Winter,Prateek Mittal,Yih-Chun Hu

DOI: https://doi.org/10.1109/icnp.2017.8117564

2017-01-01

Abstract:Tor is the most widely used anonymity network, currently serving millions of users each day. However, there is no access control in place for all these users, leaving the network vulnerable to botnet abuse and attacks. For example, criminals frequently use exit relays as stepping stones for attacks, causing service providers to serve CAPTCHAs to exit relay IP addresses or blacklisting them altogether, which leads to severe usability issues for legitimate Tor users. To address this problem, we propose TorPolice, the first privacy-preserving access control framework for Tor. TorPolice enables abuse-plagued service providers such as Yelp to enforce access rules to police and throttle malicious requests coming from Tor while still providing service to legitimate Tor users. Further, TorPolice equips Tor with global access control for relays, enhancing Tor's resilience to botnet abuse. We show that TorPolice preserves the privacy of Tor users, implement a prototype of TorPolice, and perform extensive evaluations to validate our design goals.

Yingjie Xia,Guanghua Song,Yao Zheng,Jun Ni,Mingzhe Zhu

DOI: https://doi.org/10.1109/ICICSE.2008.7

2008-01-01

Abstract:This paper introduces a small world overlay Peer- to-peer (P2P) transfer system with role based and reputation based access control policies, through which we are able to solve several serious problems existed in traditional P2P systems, like resource piracy, user privacy and network jam. The role based access control policy is implemented by the certificate based cryptography, e.g. X509. The reputation based access control policy consists of artificial scoring and automatic scoring components, corresponding to the quality and quantity evaluation of the transfer resources respectively. This system, upon the two policies and the adaptive small world overlay P2P topology, can restrict the peer's role and select a more credible peer to upload and download without any loss of performance, for the reason of the dramatic topology. Indeed it provides a secure, controllable and efficient resource transfer community.

Jing Tian,Gaopeng Gou,Yangyang Guan,Wei Xia,Gang Xiong,Chang Liu

DOI: https://doi.org/10.1109/milcom52596.2021.9653038

2021-01-01

Abstract:Tor is an important tool for anonymous communication. However, due to its popularity, Tor is also concerned by censors or other malicious attackers. A large body of existing work examines Tor's susceptibility to flow correlation attacks, which are a form of deanonymization attack. Currently, a variety of traffic obfuscation plugs are deployed on Tor to defeat flow correlation attacks. However, whether plug-based defense can effectively resist those attacks has not been tested and verified. This paper focuses on how to effectively defeat the threat of flow correlation attacks on Tor. We first conduct experiments to illustrate the actual defense effect of obfuscation plugs against flow correlation attacks, and the results show their effectiveness. However, the obfuscation-based defense also faces many other problems such as censorship. So we explore the techniques used in differential privacy ($FPA_{k}$ and $d^{\ast}$-private) to apply a tiny perturbation on Tor traffic. Our findings on differential privacy suggest that the perturbations generated by the two mechanisms can successfully flaw the existing flow correlation attacks on Tor.

Rachel King,Quinn Burke,Yohan Beugin,Blaine Hoak,Kunyang Li,Eric Pauley,Ryan Sheatsley,Patrick McDaniel

2024-08-27

Abstract:The Tor anonymity network allows users such as political activists and those under repressive governments to protect their privacy when communicating over the internet. At the same time, Tor has been demonstrated to be vulnerable to several classes of deanonymizing attacks that expose user behavior and identities. Prior work has shown that these threats can be mitigated by leveraging trusted execution environments (TEEs). However, previous proposals assume that all relays in the network will be TEE-based-which as a practical matter is unrealistic. In this work, we introduce ParTEETor, a Tor-variant system, which leverages partial deployments of TEEs to thwart known attacks. We study two modes of operation: non-policy and policy. Non-policy mode uses the existing Tor relay selection algorithm to provide users incident security. Policy mode extends the relay selection algorithm to address the classes of attacks by enforcing a specific TEE circuit configuration. We evaluate ParTEETor for security, performance, and privacy. Our evaluation demonstrates that at even a small TEE penetration (e.g., 10% of relays are TEE-based), users can reach performance of Tor today while enforcing a security policy to guarantee protection from at least two classes of attacks. Overall, we find that partial deployments of TEEs can substantially improve the security of Tor, without a significant impact on performance or privacy.

Cryptography and Security

Rolf Jagerman,Wendo Sabée,Laurens Versluis,Martijn de Vos,Johan Pouwelse

DOI: https://doi.org/10.48550/arXiv.1404.4818

2014-04-18

Computers and Society

Abstract:Ever since the introduction of the internet, it has been void of any privacy. The majority of internet traffic currently is and always has been unencrypted. A number of anonymous communication overlay networks exist whose aim it is to provide privacy to its users. However, due to the nature of the internet, there is major difficulty in getting these networks to become both decentralized and anonymous. We list reasons for having anonymous networks, discern the problems in achieving decentralization and sum up the biggest initiatives in the field and their current status. To do so, we use one exemplary network, the Tor network. We explain how Tor works, what vulnerabilities this network currently has, and possible attacks that could be used to violate privacy and anonymity. The Tor network is used as a key comparison network in the main part of the report: a tabular overview of the major anonymous networking technologies in use today.

Yi Qin,Tianming Zheng,Yue Wu,Futai Zou

DOI: https://doi.org/10.1109/icccn54977.2022.9868859

2022-01-01

Abstract:Tor is a relay-based communication network that provides users with anonymous access to the Internet. Tor hidden services protect the identities of the content publishers to achieve anonymity and anti-censorship. However, hidden services are abused to conduct illegal activities, including hosting botnets and trading drugs. This paper proposes a tracing approach to locate illegal hidden services based on the Tor protocol characteristics, which allows a Tor client to embed a signal into a Tor circuit connecting with the illegal hidden service. Once the Tor node nearest to the the hidden service detects the signal, the identity of the hidden service can be revealed. Our approach is simple, powerful, and stable compared with previous methods. We implemented the approach and performed experiments over the Tor network, whose results show that our approach is feasible and effective, with 100% accuracy, 99.25% true positive rate, and zero false positive rate.

Quangang Li,Peipeng Liu,Zhiguang Qin

DOI: https://doi.org/10.14257/ijsia.2015.9.11.36

2015-01-01

International Journal of Security and Its Applications

Abstract:Tor is a popular low-latency anonymous communication system which could provide anonymity and anti-censorship. Based on previous researches on de-anonymization of Tor, this paper proposes a novel approach to attack users' guard selection which can pose great threat against Tor users' anonymity. Under the current design of Tor, once entry guards are compromised, the probability that an attacker observes both ends of a Tor circuit will be highly improved. Actual and simulated experiments both show that an attacker (e.g., a local or national government which have the power to monitor a Tor user's internet connection) can successfully compromise a specific Tor user's entry guard in about 30 minutes, and this can further help de-anonymize the user's anonymous communication.

Philipp Winter,Anne Edmundson,Laura M. Roberts,Agnieszka Dutkowska-Zuk,Marshini Chetty,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1806.11278

2018-06-29

Abstract:Onion services are anonymous network services that are exposed over the Tor network. In contrast to conventional Internet services, onion services are private, generally not indexed by search engines, and use self-certifying domain names that are long and difficult for humans to read. In this paper, we study how people perceive, understand, and use onion services based on data from 17 semi-structured interviews and an online survey of 517 users. We find that users have an incomplete mental model of onion services, use these services for anonymity and have varying trust in onion services in general. Users also have difficulty discovering and tracking onion sites and authenticating them. Finally, users want technical improvements to onion services and better information on how to use them. Our findings suggest various improvements for the security and usability of Tor onion services, including ways to automatically detect phishing of onion services, more clear security indicators, and ways to manage onion domain names that are difficult to remember.

Cryptography and Security

Yi YANG,Han GUO,Yi-jun WANG,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.10.031

2017-01-01

Abstract:With the rapid development of Internet technology,the abuse of darknet and anonymous technology has brought great challenges to the network regulation.Therefore,It is of great research significance and application value to detect the resources of dark space.The most mainstream dark network anonymous communication system Tor was introduced briefly,its technical principles were analyzed,and a Tor domain name address acquisition system was designed,from the open network and the dark network to obtain Tor network resources.Moreover,through the choice of The restrictions on the location of the node in the onion network effectively optimizes the access speed of the Tor agent,it will be helpful to further monitor and analyze the content of Tor in the future.

Eric Wagner,Roman Matzutt,Martin Henze

2024-12-02

Abstract:While anonymity networks such as Tor provide invaluable privacy guarantees to society, they also enable all kinds of criminal activities. Consequently, many blameless citizens shy away from protecting their privacy using such technology for the fear of being associated with criminals. To grasp the potential for alternative privacy protection for those users, we design Seldom, an anonymity network with integrated selective deanonymization that disincentivizes criminal activity. Seldom enables law enforcement agencies to selectively access otherwise anonymized identities of misbehaving users, while providing technical guarantees preventing these access rights from being misused. Seldom further ensures translucency, as each access request is approved by a trustworthy consortium of impartial entities and eventually disclosed to the public (without interfering with ongoing investigations). To demonstrate Seldom's feasibility and applicability, we base our implementation on Tor, the most widely used anonymity network. Our evaluation indicates minimal latency, processing, and bandwidth overheads compared to Tor, while Seldom's main costs stem from storing flow records and encrypted identities. With at most 636 TB of storage required in total to retain the encrypted identifiers of a Tor-sized network for two years, Seldom provides a practical and deployable technical solution to the inherent problem of criminal activities in anonymity networks. As such, Seldom sheds new light on the potentials and limitations when integrating selective deanonymization into anonymity networks.

Cryptography and Security,Networking and Internet Architecture

Yixin Sun,Anne Edmundson,Laurent Vanbever,Oscar Li,Jennifer Rexford,Mung Chiang,Prateek Mittal

DOI: https://doi.org/10.48550/arXiv.1503.03940

2015-03-13

Abstract:The Tor network is a widely used system for anonymous communication. However, Tor is known to be vulnerable to attackers who can observe traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip of the iceberg. We present a suite of new attacks, called Raptor, that can be launched by Autonomous Systems (ASes) to compromise user anonymity. First, AS-level adversaries can exploit the asymmetric nature of Internet routing to increase the chance of observing at least one direction of user traffic at both ends of the communication. Second, AS-level adversaries can exploit natural churn in Internet routing to lie on the BGP paths for more users over time. Third, strategic adversaries can manipulate Internet routing via BGP hijacks (to discover the users using specific Tor guard nodes) and interceptions (to perform traffic analysis). We demonstrate the feasibility of Raptor attacks by analyzing historical BGP data and Traceroute data as well as performing real-world attacks on the live Tor network, while ensuring that we do not harm real users. In addition, we outline the design of two monitoring frameworks to counter these attacks: BGP monitoring to detect control-plane attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our work motivates the design of anonymity systems that are aware of the dynamics of Internet routing.

Networking and Internet Architecture,Cryptography and Security

Florentin Rochet,Jules Dejaeghere,Tariq Elahi

DOI: https://doi.org/10.1145/3689943.3695038

2024-09-23

Abstract:Anonymous Communication designs such as Tor build their security on distributed trust over many volunteers running relays in diverse global locations. In practice, this distribution leads to a heterogeneous network in which many versions of the Tor software co-exist, each with differing sets of protocol features. Because of this heterogeneity, Tor developers employ forward-compatible protocol design as a strategy to maintain network extensibility. This strategy aims to guarantee that different versions of the Tor software interact without unrecoverable errors. In this work, we cast protocol tolerance that is enabled by forward-compatible protocol considerations as a fundamental security issue. We argue that, while being beneficial for the developers, protocol tolerance has resulted in a number of strong attacks against Tor in the past fifteen years. To address this issue, we propose Flexible Anonymous Network (FAN), a new software architecture for volunteer-based distributed networks that shifts the dependence away from protocol tolerance without losing the ability for developers to ensure the continuous evolution of their software. We i) instantiate an implementation, ii) evaluate its overheads and, iii) experiment with several of FAN's benefits to defend against a severe attack still applicable to Tor today.

Cryptography and Security

Zeya Umayya,Dhruv Malik,Devashish Gosain,Piyush Kumar Sharma

DOI: https://doi.org/10.48550/arXiv.2309.14856

2023-09-26

Abstract:Tor, one of the most popular censorship circumvention systems, faces regular blocking attempts by censors. Thus, to facilitate access, it relies on "pluggable transports" (PTs) that disguise Tor's traffic and make it hard for the adversary to block Tor. However, these are not yet well studied and compared for the performance they provide to the users. Thus, we conduct a first comparative performance evaluation of a total of 12 PTs -- the ones currently supported by the Tor project and those that can be integrated in the future. Our results reveal multiple facets of the PT ecosystem. (1) PTs' download time significantly varies even under similar network conditions. (2) All PTs are not equally reliable. Thus, clients who regularly suffer censorship may falsely believe that such PTs are blocked. (3) PT performance depends on the underlying communication primitive. (4) PTs performance significantly depends on the website access method (browser or command-line). Surprisingly, for some PTs, website access time was even less than vanilla Tor. Based on our findings from more than 1.25M measurements, we provide recommendations about selecting PTs and believe that our study can facilitate access for users who face censorship.

Performance,Networking and Internet Architecture

Zhuotao Liu,Hao Jin,Yih‐Chun Hu,Michael Bailey

DOI: https://doi.org/10.1145/2976749.2978306

2016-01-01

Abstract:Volumetric attacks, which overwhelm the bandwidth of a destination, are amongst the most common DDoS attacks today. One practical approach to addressing these attacks is to redirect all destination traffic (e.g., via DNS or BGP) to a third-party, DDoS-protection-as-a-service provider (e.g., CloudFlare) that is well provisioned and equipped with filtering mechanisms to remove attack traffic before passing the remaining benign traffic to the destination. An alternative approach is based on the concept of network capabilities, whereby source sending rates are determined by receiver consent, in the form of capabilities enforced by the network. While both third-party scrubbing services and network capabilities can be effective at reducing unwanted traffic at an overwhelmed destination, DDoS-protection-as-a-service solutions outsource all of the scheduling decisions (e.g., fairness, priority and attack identification) to the provider, while capability-based solutions require extensive modifications to existing infrastructure to operate. In this paper we introduce MiddlePolice, which seeks to marry the deployability of DDoS-protection-as-a-service solutions with the destination-based control of network capability systems. We show that by allowing feedback from the destination to the provider, MiddlePolice can effectively enforce destination-chosen policies, while requiring no deployment from unrelated parties.

Tian Yunfan,Zhang Xiang

DOI: https://doi.org/10.48550/arXiv.1812.06226

2018-12-15

Abstract:Over the last two decades, the scale and complexity of Anonymous networks and its associated technologies grows exponentially as privacy has become a major concern of individuals. Also, some cyber attackers make use of privacy infrastructures including botnets and Tor to do illegal activities like drug, contraband or DDoS attack. However, anonymous networks are not perfect, there are some methods could exploit the vulnerabilities and track user information. In this paper, we analyze few of privacy infrastructures and their vulnerabilities.

Cryptography and Security

Dawei Xu,Jiaqi Gao,Liehuang Zhu,Feng Gao,Yang Han,Jian Zhao

DOI: https://doi.org/10.1007/s12083-023-01514-9

IF: 3.488

2023-07-12

Peer-to-Peer Networking and Applications

Abstract:The rapid development of the Internet has led to the increasingly prominent feature of openness and transparency of user information. Tor, which is used to protect personal privacy, is one of the most widely used anonymous communication systems with the largest number of users. However, there are many problems with Tor, such as: illegal transactions in the dark network disturbing social security, high communication delays, and security problems such as vulnerability to DOS attacks, man-in-the-middle attacks, and censorship attacks. In this paper, we design and implement a new anonymous communication system B-Tor based on the original Tor architecture model combined with the mainstream consortium blockchain architecture Fabric, which can trace illegal transactions by using the traceability feature of blockchain and group signature algorithm. The consensus algorithm mechanism in blockchain is utilized to improve the communication efficiency and increase the throughput of the system. The system utilizes the decentralized feature of blockchain to solve the security problem of Tor mentioned above. The system performance evaluation and security evaluation are given in this paper. The experiments show that the communication delay of B-Tor anonymous communication system is low, and in the 600s user loop test, the system successfully receives the consensus file 790629 times with 98% success rate, the highest throughput is 1352.8 TPS, and the average delay is 0.1s. It is verified through the experiments that the system can be affected less during DOS attacks and can recover the state quickly.

computer science, information systems,telecommunications

Pere Manils,Chaabane Abdelberri,Stevens Le Blond,Mohamed Ali Kaafar,Claude Castelluccia,Arnaud Legout,Walid Dabbous

DOI: https://doi.org/10.48550/arXiv.1004.1461

2010-04-09

Networking and Internet Architecture

Abstract:Privacy of users in P2P networks goes far beyond their current usage and is a fundamental requirement to the adoption of P2P protocols for legal usage. In a climate of cold war between these users and anti-piracy groups, more and more users are moving to anonymizing networks in an attempt to hide their identity. However, when not designed to protect users information, a P2P protocol would leak information that may compromise the identity of its users. In this paper, we first present three attacks targeting BitTorrent users on top of Tor that reveal their real IP addresses. In a second step, we analyze the Tor usage by BitTorrent users and compare it to its usage outside of Tor. Finally, we depict the risks induced by this de-anonymization and show that users' privacy violation goes beyond BitTorrent traffic and contaminates other protocols such as HTTP.

Runhua Xu,Chao Li,James Joshi

DOI: https://doi.org/10.1109/tdsc.2022.3179698

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Increasingly, information systems rely on computational, storage, and network resources deployed in third-party facilities such as cloud centers and edge nodes. Such an approach further exacerbates cybersecurity concerns constantly raised by numerous incidents of security and privacy attacks resulting in data leakage and identity theft, among others. These have, in turn, forced the creation of stricter security and privacy-related regulations and have eroded the trust in cyberspace. In particular, security-related services and infrastructures, such as Certificate Authorities (CAs) that provide digital certificate services and Third-Party Authorities (TPAs) that provide cryptographic key services, are critical components for establishing trust in crypto-based privacy-preserving applications and services. To address such trust issues, various transparency frameworks and approaches have been recently proposed in the literature. This article proposes TAB framework that provides transparency and trustworthiness of third-party authority and third-party facilities using blockchain techniques for emerging crypto-based privacy-preserving applications. TAB employs the Ethereum blockchain as the underlying public ledger and also includes a novel smart contract to automate accountability with an incentive mechanism that motivates users to participate in auditing, and punishes unintentional or malicious behaviors. We implement TAB and show through experimental evaluation in the Ethereum official test network, Rinkeby, that the framework is efficient. We also formally show the security guarantee provided by TAB, and analyze the privacy guarantee and trustworthiness it provides.

computer science, information systems, software engineering, hardware & architecture

Karwan Mustafa Kareem

2024-05-12

Abstract:Onion routing networks, also known as darknets, are private networks that enable anonymous communication over the Internet. They are used by individuals and organizations to protect their privacy, but they also attract cybercriminals who exploit the anonymity provided by these networks for illegal activities. This paper comprehensively analyzes cybercrime threats and countermeasures in onion routing networks. We review the various types of cybercrime that occur in these networks, including drug trafficking, fraud, hacking, and other illicit activities. We then discuss the challenges associated with detecting and mitigating cybercrime in onion routing networks, such as the difficulty of tracing illegal activities back to their source due to the strong anonymity guarantees provided by these networks. We also explore the countermeasures that have been proposed and implemented to combat cybercrime in onion routing networks, including law enforcement efforts, technological solutions, and policy interventions. Finally, we highlight the limitations of existing countermeasures and identify potential directions for future research in this area, including the need for interdisciplinary approaches that combine technical, legal, and social perspectives to effectively combat cybercrime in onion routing networks.

Cryptography and Security,Networking and Internet Architecture

M. Sherr,Kevin S. Bauer,D. Grunwald

2011-08-08

Abstract:Tor is one of the most widely-used privacy enhancing technologies for achieving online anonymity and resisting censorship. Simultaneously, Tor is also an evolving research network on which investigators perform experiments to improve the network's resilience to attacks and enhance its performance. Existing methods for studying Tor have included analytical modeling, simulations, small-scale network emulations, small-scale PlanetLab deployments, and measurement and analysis of the live Tor network. Despite the growing body of work concerning Tor, there is no widely accepted methodology for conducting Tor research in a manner that preserves realism while protecting live users' privacy. In an effort to propose a standard, rigorous experimental framework for conducting Tor research in a way that ensures safety and realism, we present the design of ExperimenTor, a large-scale Tor network emulation toolkit and testbed. We also report our early experiences with prototype testbeds currently deployed at four research institutions.

Engineering,Computer Science