Chen Chen,Daniele E. Asoni,Adrian Perrig,David Barrera,George Danezis,Carmela Troncoso

DOI: https://doi.org/10.1109/eurosp.2018.00018

2018-04-01

Abstract:Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the network layer, offer limited security guarantees against traffic analysis. On the other hand, high-latency anonymity systems offer strong security guarantees at the cost of computational overhead and long delays, which are excessive for interactive applications. We propose TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead. In TARANET's setup phase, traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and ASes coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype implementation shows that TARANET can forward anonymous traffic at over 50 Gbps using commodity hardware.

Jia Zhang,Haixin Duan,Jianping Wu

DOI: https://doi.org/10.1109/iccee.2008.32

2008-01-01

Abstract:Compared with traditional anonymous communication systems, the low-latency anonymous communication system can provide more practical services. However, because of its low latency, the anonymity is subject to traffic analysis attack. In this paper, we take Tor, a low-latency anonymous communication network as an example and present an improved algorithm of queue scheduling and resource allocation for anonymous communication systems. Experiment shows that through this simple priority-queue scheduling and resource allocation strategy, we can solve latency increase caused by resource exclusion effectively. This improvement not only optimizes the overall performance of the anonymous communication network, but also increases anonymity of the network.

Mehran Alidoost Nia,Eduard Babulak,Benjamin Fabian,Reza Ebrahimi Atani

DOI: https://doi.org/10.48550/arXiv.1712.07601

2017-12-20

Cryptography and Security

Abstract:Anonymous communication systems (ACS) offer privacy and anonymity through the Internet. They are mostly free tools and are popular among users all over the world. In the recent years, anonymity applications faced many problems regarding traffic engineering methods. Even though they ensure privacy under some conditions, their anonymity will be endangered by high performance processing units. To address these issues, this study is devoted to investigating traffic-engineering methods in anonymous communication systems, and proposes an analytical view of the current issues in ACS privacy and anonymity. Our study also indicates new types of solutions for these current issues with ACS.

Qingfeng Tan,Xuebin Wang,Wei Shi,Jian Tang,Zhihong Tian

DOI: https://doi.org/10.1109/tnet.2022.3174003

2022-01-01

IEEE/ACM Transactions on Networking

Abstract:Privacy is currently one of the most concerned issues in Cyberspace. Tor is the most widely used system in the world for anonymously accessing Internet. However, Tor is known to be vulnerable to end-to-end traffic correlation attacks when an adversary is able to monitor traffic at both communication endpoints. In this paper, we present a set of novel Trapper Attacks that can be used to deanonymize user activities by both AS-level adversaries and Node-level adversaries in a Tor network. First, AS-level adversaries can exploit the occasional failures of censored network to selectively control entry guards of the Tor users. Second, the adversaries can exploit poor reliability of the Tor communication (e.g., natural churn) to compromise the exiting nodes and the anonymous path. Once the adversaries gain control of the routes, they can identify and inspect any traffic entering and leaving the Tor network, consequently, deanonymize a Tor user's activity in the network. To demonstrate the effectiveness and feasibility of this attacks, we implemented a tool that can launch the proposed Trapper Attacks to automatic reveal communication relationships between a Tor user and its destinations running on a live Tor network. We also present a formal analysis framework to evaluate the integrity of the Tor network. With this framework, we successfully obtained quantitative estimates of Tor's security vulnerability. The proposed Trapper Attacks are also designed to scale up in real-world Tor networks. Namely, it allows an adversary to perform deanonymization in honey relays effectively, and compromise the anonymity of Tor clients in real time. Our experimental results show that the proposed attacks succeed in less than 40 seconds achieving a 100% accuracy rate and a false positive rate close to 0.

Florentin Rochet,Jules Dejaeghere,Tariq Elahi

DOI: https://doi.org/10.1145/3689943.3695038

2024-09-23

Abstract:Anonymous Communication designs such as Tor build their security on distributed trust over many volunteers running relays in diverse global locations. In practice, this distribution leads to a heterogeneous network in which many versions of the Tor software co-exist, each with differing sets of protocol features. Because of this heterogeneity, Tor developers employ forward-compatible protocol design as a strategy to maintain network extensibility. This strategy aims to guarantee that different versions of the Tor software interact without unrecoverable errors. In this work, we cast protocol tolerance that is enabled by forward-compatible protocol considerations as a fundamental security issue. We argue that, while being beneficial for the developers, protocol tolerance has resulted in a number of strong attacks against Tor in the past fifteen years. To address this issue, we propose Flexible Anonymous Network (FAN), a new software architecture for volunteer-based distributed networks that shifts the dependence away from protocol tolerance without losing the ability for developers to ensure the continuous evolution of their software. We i) instantiate an implementation, ii) evaluate its overheads and, iii) experiment with several of FAN's benefits to defend against a severe attack still applicable to Tor today.

Cryptography and Security

Shui Yu,Guofeng Zhao,Wanchun Dou,Simon James

DOI: https://doi.org/10.1109/tifs.2012.2197392

IF: 7.231

2012-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Anonymous communication has become a hot research topic in order to meet the increasing demand for web privacy protection. However, there are few such systems which can provide high level anonymity for web browsing. The reason is the current dominant dummy packet padding method for anonymization against traffic analysis attacks. This method inherits huge delay and bandwidth waste, which inhibits its use for web browsing. In this paper, we propose a predicted packet padding strategy to replace the dummy packet padding method for anonymous web browsing systems. The proposed strategy mitigates delay and bandwidth waste significantly on average. We formulated the traffic analysis attack and defense problem, and defined a metric, cost coefficient of anonymization (CCA), to measure the performance of anonymization. We thoroughly analyzed the problem with the characteristics of web browsing and concluded that the proposed strategy is better than the current dummy packet padding strategy in theory. We have conducted extensive experiments on two real world data sets, and the results confirmed the advantage of the proposed method.

Xiaogang Wang,Junzhou Luo,Ming Yang,Zhen Ling

DOI: https://doi.org/10.1016/j.future.2010.04.007

IF: 7.307

2011-01-01

Future Generation Computer Systems

Abstract:Tor has become one of the most popular overlay networks for anonymizing TCP traffic, however, the anonymity of Tor clients is threatened by various attacks exploiting traffic analysis or Tor's design features. Although considerable effort has been made to secure and improve Tor networks, little attention has been paid to various application-level attacks against Tor. In this paper, we present a potential HTTP-based application-level attack against Tor, which exploits both Tor's design features and HTTP's vulnerability to man-in-the-middle attacks. Such an application-level attack can efficiently and effectively compromise the anonymity of clients without using invasive plugins like Java or any other active content systems in a web browser, posing a serious threat to Tor. Our analytical and empirical results validate the feasibility and effectiveness of the attack. Based on our analysis of the potential attack mechanism, we propose corresponding countermeasures to thwart such potential application-level attacks against Tor, thereby effectively securing and improving Tor networks. Since the fundamental vulnerability exposed by this paper is not specific to web browsing via Tor but rather to the problem of other low-latency applications based on TCP streams, our study is critical for securing and improving low-latency anonymous communication systems.

Daichong Chao,Dawei Xu,Feng Gao,Chuan Zhang,Weiting Zhang,Liehuang Zhu

DOI: https://doi.org/10.1109/comst.2024.3350006

2024-01-01

Abstract:The importance of safeguarding individuals’ privacy rights in online activities is unmistakable in today’s anonymity networks. Since the introduction of Mixnet by Chaum, numerous anonymity networks with different objectives and design principles have emerged, providing a diverse range of applications for privacy-conscious users. However, security issues in anonymity networks have persistently existed and continue to impact their survival and development. Each anonymity network presents distinct security challenges, making it more challenging for researchers to achieve a comprehensive and systematic understanding of their security. The current literature exhibits some unavoidable gaps, including the lack of vulnerability perspectives, a unified understanding of diverse attack types, defense perspectives, and theoretical perspectives. To address these gaps, we investigate prevailing attacks targeting anonymity networks from the viewpoint of network designers and operators. We use Tor, I2P, and Freenet (arguably the three most popular anonymity networks) as case studies. Starting with these attacks, we conduct an in-depth analysis of the vulnerabilities underlying them and explore related defense mechanisms and formal security. Specifically, we classify vulnerabilities into external and internal categories, utilizing the protocol stack of an anonymity network to guide the categorization of internal vulnerabilities. Furthermore, we examine their root causes. In addition to these aspects, we emphasize the importance of formal security in researching the security of anonymity networks by integrating the investigated vulnerabilities, attacks, and defenses. Through this comprehensive, thorough, and unified approach, this paper aims to provide insights into the security of anonymity networks and offer general research findings. Finally, we discuss ongoing challenges and future directions in this specific area.

Hooman Mohajeri Moghaddam,Arsalan Mosenia

DOI: https://doi.org/10.48550/arXiv.1911.09642

2019-11-21

Cryptography and Security

Abstract:In an era of pervasive online surveillance, Internet users are in need of better anonymity solutions for online communications without sacrificing performance. Existing overlay anonymity tools, such as the Tor network, suffer from performance limitations and recent proposals to embed anonymity into Internet protocols face fundamental deployment challenges. In this paper, we introduce Practical Anonymity at the NEtwork Level (PANEL), a practical light-weight anonymity solution based on hardware switching. We implement a prototype of PANEL on a high-performance hardware switch (namely, Barefoot Tofino) using P4 network programming language, and examine the validity and performance of the prototype. Based on our empirical results, PANEL achieves 96% of the actual throughput of the switch and adds a low-latency overhead (e.g., 3% overhead in Skype calls), while offering partial deployablility and transparency (i.e., PANEL requires neither client-side nor server-side modifications).

Wei Wang,Mehul Motani,Vikram Srinivasan

DOI: https://doi.org/10.1145/1455770.1455812

2008-01-01

Abstract:Low latency anonymity systems are susceptive to traffic analysis attacks. In this paper, we propose a dependent link padding scheme to protect anonymity systems from traffic analysis attacks while providing a strict delay bound. The covering traffic generated by our scheme uses the minimum sending rate to provide full anonymity for a given set of flows. The relationship between user anonymity and the minimum covering traffic rate is then studied via analysis and simulation. When user flows are Poisson processes with the same sending rate, the minimum covering traffic rate to provide full anonymity to m users is O(log m). For Pareto traffic, we show that the rate of the covering traffic converges to a constant when the number of flows goes to infinity. Finally, we use real Internet trace files to study the behavior of our algorithm when user flows have different rates.

Jing Tian,Gaopeng Gou,Yangyang Guan,Wei Xia,Gang Xiong,Chang Liu

DOI: https://doi.org/10.1109/milcom52596.2021.9653038

2021-01-01

Abstract:Tor is an important tool for anonymous communication. However, due to its popularity, Tor is also concerned by censors or other malicious attackers. A large body of existing work examines Tor's susceptibility to flow correlation attacks, which are a form of deanonymization attack. Currently, a variety of traffic obfuscation plugs are deployed on Tor to defeat flow correlation attacks. However, whether plug-based defense can effectively resist those attacks has not been tested and verified. This paper focuses on how to effectively defeat the threat of flow correlation attacks on Tor. We first conduct experiments to illustrate the actual defense effect of obfuscation plugs against flow correlation attacks, and the results show their effectiveness. However, the obfuscation-based defense also faces many other problems such as censorship. So we explore the techniques used in differential privacy ($FPA_{k}$ and $d^{\ast}$-private) to apply a tiny perturbation on Tor traffic. Our findings on differential privacy suggest that the perturbations generated by the two mechanisms can successfully flaw the existing flow correlation attacks on Tor.

Yun He,Min Zhang,Xiaolong Yang,Jingtang Luo,Yiming Chen

DOI: https://doi.org/10.1109/access.2020.2981517

IF: 3.9

2020-01-01

IEEE Access

Abstract:In an untrusted Internet environment, there is a large amount of user privacy information being vulnerable to various attacks, and it is an important security concern for users on how to protect their privacy, and to further provide the anonymity guarantee. Recently, most privacy-sensitive users prefer anonymous communication to protect their private information from eavesdropping by attackers. Each user has different privacy protection demands for anonymous communication. However, anonymous communication methods cannot meet the various anonymity needs of users. Hence, the user on-demand anonymous communication is proposed, which can dynamically adjust the anonymity level according to a user's anonymity needs. However, the defense capabilities against attacks are insufficient in the existing user on-demand anonymous communication. Some malicious users in the network employ anonymous communication to hide their identities and attack the Internet. Moreover, the existing user on-demand anonymous communication is weak against traffic classification attacks based on machine learning. Therefore, this paper investigates its progresses and defects in privacy protection and network security. User on-demand anonymous communication is mainly composed of the user side and the transmission side. We separately investigate privacy protection and network security of user on-demand anonymous communication from the user side and the transmission side. By surveying various identity anonymity of users on the user side and the hierarchical anonymous transmission on the transmission side, we find two kinds of serious attacks in user on-demand anonymous communication, i.e., abuse of anonymous communication and traffic classification attacks based on machine learning. To solve the above security issues, we suggest the balancing mechanism of anonymous communication and behavior tracking which is used to prevent anonymous abuse, and the secure defense mechanism which is u-ed to resist traffic classification attacks. To inspire follow-up research, we identify some open problems and emphasize future trends concerning user on-demand anonymous communication.

computer science, information systems,telecommunications,engineering, electrical & electronic

Christoph Döpmann,Maximilian Weisenseel,Florian Tschorsch

2024-10-11

Abstract:Streams of data have become the ubiquitous communication model on today's Internet. For strong anonymous communication, this conflicts with the traditional notion of single, independent messages, as assumed e.g. by many mixnet designs. In this work, we investigate the anonymity factors that are inherent to stream communication. We introduce Progressive Pruning}, a methodology suitable for estimating the anonymity level of streams. By mimicking an intersection attack, it captures the susceptibility of streams against traffic analysis attacks. We apply it to simulations of tailored examples of stream communication as well as to large-scale simulations of Tor using our novel TorFS simulator, finding that the stream length, the number of users, and how streams are distributed over the network have interdependent impacts on anonymity. Our work draws attention to challenges that need to be solved in order to provide strong anonymity for stream-based communication in the future.

Cryptography and Security,Networking and Internet Architecture

Ming Zheng,Jianping Wu,Haixin Duan

DOI: https://doi.org/10.1109/TrustCom.2013.79

2013-01-01

Abstract:Low-latency anonymous communication is widely used in privacy protection. However, the attacks against anonymous communication are critical threats to the privacy protection. Many efforts have been conducted to provide robustness by establishing anti-attack principles. In this paper we present a brief survey on attack methods and summarize up four underlying anti-attack principles. In order to better understand the background of anonymous communication, we demonstrate the processes of attack and introduce some typical attack methods, ranging from active attacks to passive attacks. Based on our analysis, we propose four underlying principles, including information leaking prevention, key node protection, data stream signatures elimination and connection characteristics elimination, to improve the anti-attack ability of low-latency anonymous communication. To validate these principles, we design a protocol named Hermit-crab, which follows the four anti-attack principles. The analysis shows the protocol can effectively defend common attacks in low-latency anonymous communication.

Zheng Ming,Wu Jianping

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.10.003

2012-01-01

Abstract:Anonymous communication is a very effective measure for privacy protection.However,the attacks against anonymous communication are also increasing at the time of the development of anonymous communication.In this paper,we first analyse the method and the process of attack against low-latency anonymous communication by malicious attacker and present some defense methods.According to those methods,we then propose a protocol of anonymous communication over invisible mix rings(AMIMR),which utilises the extended source address.We analyse the features of nodes,structure,topology and function in AMIMR.Our analysis on attack tolerance of AMIMR shows that this protocol has strong attack tolerance in blocking attack process and resisting passive attacks and active attacks.Simulation indicates that AMIMR still has high anonymity even in circumstance of quite high malicious node rate.The limitation of AMIMR is that part of its nodes may be restricted by the rule of networks where it is.

Karwan Mustafa Kareem

2024-05-12

Abstract:Onion routing networks, also known as darknets, are private networks that enable anonymous communication over the Internet. They are used by individuals and organizations to protect their privacy, but they also attract cybercriminals who exploit the anonymity provided by these networks for illegal activities. This paper comprehensively analyzes cybercrime threats and countermeasures in onion routing networks. We review the various types of cybercrime that occur in these networks, including drug trafficking, fraud, hacking, and other illicit activities. We then discuss the challenges associated with detecting and mitigating cybercrime in onion routing networks, such as the difficulty of tracing illegal activities back to their source due to the strong anonymity guarantees provided by these networks. We also explore the countermeasures that have been proposed and implemented to combat cybercrime in onion routing networks, including law enforcement efforts, technological solutions, and policy interventions. Finally, we highlight the limitations of existing countermeasures and identify potential directions for future research in this area, including the need for interdisciplinary approaches that combine technical, legal, and social perspectives to effectively combat cybercrime in onion routing networks.

Cryptography and Security,Networking and Internet Architecture

Ming Yang,Junzhou Luo,Wenjia Wu

DOI: https://doi.org/10.1109/JCPC.2009.5420156

2009-01-01

Abstract:Anonymous routing algorithm determines the performance and security of an anonymous communication system directly, which are two conflicting considerable factors for the practicality of the whole system. Most of existing anonymous routing algorithms care little about the tradeoff between performance and anonymity. Some algorithms aim to achieve better performance, while others aim to acquire higher security. To analyze the performance and anonymity provided by a certain anonymous system, a unified performance model employing throughput metric is established and a security measuring method is also proposed from attackers' view. Based on the experiment results on two typical anonymous routing algorithms, the relationship between the two properties are analyzed, which will guide the design of new anonymous routing algorithms.

Javeriah Saleem,Rafiqul Islam,Zahidul Islam

DOI: https://doi.org/10.48550/arXiv.2311.16276

2023-11-28

Abstract:The primary objective of an anonymity tool is to protect the anonymity of its users through the implementation of strong encryption and obfuscation techniques. As a result, it becomes very difficult to monitor and identify users activities on these networks. Moreover, such systems have strong defensive mechanisms to protect users against potential risks, including the extraction of traffic characteristics and website fingerprinting. However, the strong anonymity feature also functions as a refuge for those involved in illicit activities who aim to avoid being traced on the network. As a result, a substantial body of research has been undertaken to examine and classify encrypted traffic using machine learning techniques. This paper presents a comprehensive examination of the existing approaches utilized for the categorization of anonymous traffic as well as encrypted network traffic inside the darknet. Also, this paper presents a comprehensive analysis of methods of darknet traffic using machine learning techniques to monitor and identify the traffic attacks inside the darknet.

Cryptography and Security

Ludovic Barman,Italo Dacosta,Mahdi Zamani,Ennan Zhai,Apostolos Pyrgelis,Bryan Ford,Joan Feigenbaum,Jean-Pierre Hubaux

DOI: https://doi.org/10.2478/popets-2020-0061

2020-08-17

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Organizational networks are vulnerable to trafficanalysis attacks that enable adversaries to infer sensitive information fromnetwork traffic—even if encryption is used. Typical anonymous communication networks are tailored to the Internet and are poorly suited for organizational networks.We present PriFi, an anonymous communication protocol for LANs, which protects users against eavesdroppers and provides high-performance traffic-analysis resistance. PriFi builds onDining Cryptographers networks (DC-nets), but reduces the high communication latency of prior designs via a new client/relay/server architecture, in which a client’s packets remain on their usual network path without additional hops, and in which a set of remote servers assist the anonymization process without adding latency. PriFi also solves the challenge of equivocation attacks, which are not addressed by related work, by encrypting traffic based on communication history. Our evaluation shows that PriFi introduces modest latency overhead (≈ 100ms for 100 clients) and is compatible with delay-sensitive applications such as Voice-over-IP.

Pere Manils,Chaabane Abdelberri,Stevens Le Blond,Mohamed Ali Kaafar,Claude Castelluccia,Arnaud Legout,Walid Dabbous

DOI: https://doi.org/10.48550/arXiv.1004.1461

2010-04-09

Networking and Internet Architecture

Abstract:Privacy of users in P2P networks goes far beyond their current usage and is a fundamental requirement to the adoption of P2P protocols for legal usage. In a climate of cold war between these users and anti-piracy groups, more and more users are moving to anonymizing networks in an attempt to hide their identity. However, when not designed to protect users information, a P2P protocol would leak information that may compromise the identity of its users. In this paper, we first present three attacks targeting BitTorrent users on top of Tor that reveal their real IP addresses. In a second step, we analyze the Tor usage by BitTorrent users and compare it to its usage outside of Tor. Finally, we depict the risks induced by this de-anonymization and show that users' privacy violation goes beyond BitTorrent traffic and contaminates other protocols such as HTTP.