Securing Anonymous Communication Channels under the Selective DoS Attack

  • Anupam Das
  • Nikita Borisov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7859)


Anonymous communication systems are subject to selective denial-of-service (DoS) attacks. Selective DoS attacks lower anonymity as they force paths to be rebuilt multiple times to ensure delivery, which increases the opportunity for more attack. We present a detection algorithm that filters out compromised communication channels for one of the most widely used anonymity networks, Tor. Our detection algorithm uses two levels of probing to filter out potentially compromised tunnels. We probabilistically analyze our detection algorithm and show its robustness against selective DoS attacks through simulation. We also analyze the overhead of our algorithm and show that we can achieve better security guarantee than the conventional Tor path selection algorithm, while adding only approximately 5% bandwidth overhead to the Tor network. Finally, we validate our design with experiments using the live Tor network.


Anonymity Tor network denial of service (DoS) attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
    Top sites on the web,
  6. 6.
  7. 7.
    Tor metrics portal,
  8. 8.
  9. 9.
  10. 10.
  11. 11.
    Bauer, K., Juen, J., Borisov, N., Grunwald, D., Sicker, D., Mccoy, D.: On the optimal path length for Tor. In: 3rd Workshop on Hot Topics in Privacy Enhancing Technologies (2010)Google Scholar
  12. 12.
    Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against Tor. In: ACM Workshop on Privacy in Electronic Society, pp. 11–20 (2007)Google Scholar
  13. 13.
    Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? In: 14th ACM Conference on Computer and Communications Security, pp. 92–102 (2007)Google Scholar
  14. 14.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24, 84–90 (1981)CrossRefGoogle Scholar
  15. 15.
    Danner, N., Krizanc, D., Liberatore, M.: Detecting denial of service attacks in Tor. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 273–284. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Das, A., Borisov, N.: Securing Tor tunnels under the selective-DoS attack,
  17. 17.
    Dingledine, R., Mathewson, N.: Tor path specification,
  18. 18.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: 13th USENIX Security Symposium, pp. 303–320 (2004)Google Scholar
  19. 19.
    Hahn, S., Loesing, K.: Privacy-preserving ways to estimate the number of Tor users (2010),
  20. 20.
    Levine, B.N., Reiter, M.K., Wang, C.-X., Wright, M.: Timing attacks in low-latency mix systems. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 251–265. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Loesing, K.: Measuring the Tor network: Evaluation of client requests to the directories. Tech. rep. (2009),
  22. 22.
    Nambiar, A., Wright, M.: Salsa: a structured approach to large-scale anonymity. In: 13th ACM Conference on Computer and Communications Security, pp. 17–26 (2006)Google Scholar
  23. 23.
    Overlier, L., Syverson, P.: Locating hidden servers. In: IEEE Symposium on Security and Privacy, pp. 100–114 (2006)Google Scholar
  24. 24.
    Reed, M., Syverson, P., Goldschlag, D.: Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications 16, 482–494 (1998)CrossRefGoogle Scholar
  25. 25.
    Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: Attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Sreeram Ramachandran, G.: Web metrics: Size and number of resources,
  27. 27.
    Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Anonymity 2000. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)Google Scholar
  28. 28.
    Wright, M., Adler, M., Levine, B.N., Shields, C.: Defending anonymous communications against passive logging attacks. In: IEEE Symposium on Security and Privacy, pp. 28–41 (2003)Google Scholar
  29. 29.
    Wright, M.K., Adler, M., Levine, B.N., Shields, C.: An analysis of the degradation of anonymous protocols. In: Network and Distributed System Security Symposium (2002)Google Scholar
  30. 30.
    Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 207–225. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Anupam Das
    • 1
  • Nikita Borisov
    • 1
  1. 1.University of Illinois at Urbana ChampaignUSA

Personalised recommendations