Repelling Detour Attack Against Onions with Re-encryption
- Cite this paper as:
- Klonowski M., Kutyłowski M., Lauks A. (2008) Repelling Detour Attack Against Onions with Re-encryption. In: Bellovin S.M., Gennaro R., Keromytis A., Yung M. (eds) Applied Cryptography and Network Security. ACNS 2008. Lecture Notes in Computer Science, vol 5037. Springer, Berlin, Heidelberg
This paper is devoted to ModOnions – an anonymous communication protocol, for which a message is encoded as a set of onions and sent through intermediate nodes so that each node knows only its predecessor and its successor on the routing path. Moreover, encoding details enable universal re-encryption: each node re-encrypts the message so that no observer can link together the ciphertexts before and after re-encryption and re-encryption can be performed without any public key. ModOnions were supposed to offer many additional features over classical onion protocols, such as resilience against replay attack. However, during ISC’2006 George Danezis presented a detour attack against this construction. It enables to redefine the routing path by inserting intermediate corrupt nodes between each two nodes of the original routing path. In this way anonymity becomes completely broken. We show that after slight changes in the protocol the attack does not work anymore. The patch proposed can also be seen as a general method of enforcing who is the final addressee of a message encrypted with the ElGamal scheme and multiple public keys.
Unable to display preview. Download preview PDF.