Advertisement

Bridging and Fingerprinting: Epistemic Attacks on Route Selection

  • George Danezis
  • Paul Syverson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5134)

Abstract

Users building routes through an anonymization network must discover the nodes comprising the network. Yet, it is potentially costly, or even infeasible, for everyone to know the entire network. We introduce a novel attack, the route bridging attack, which makes use of what route creators do not know of the network. We also present new discussion and results concerning route fingerprinting attacks, which make use of what route creators do know of the network. We prove analytic bounds for both route fingerprinting and route bridging and describe the impact of these attacks on published anonymity-network designs. We also discuss implications for network scaling and client-server vs. peer-to-peer systems.

Keywords

Distribute Hash Table Route Selection Analytic Bound Threat Model Exit Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? How attacks on reliability can compromise anonymity. In: De Capitani di Vimercati, S., Syverson, P., Evans, D. (eds.) CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 92–102. ACM Press, New York (2007)CrossRefGoogle Scholar
  2. 2.
    Boucher, P., Shostack, A., Goldberg, I.: Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc. (December 2000)Google Scholar
  3. 3.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2), 84–88 (1981)CrossRefGoogle Scholar
  4. 4.
    Danezis, G., Clayton, R.: Route fingerprinting in anonymous communications. In: Sixth IEEE International Conference on Peer-to-Peer Computing, P2P 2006, pp. 69–72. IEEE Computer Society Press, Los Alamitos (2006)CrossRefGoogle Scholar
  5. 5.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, August 2004, pp. 303–319. USENIX Association (2004)Google Scholar
  7. 7.
    Feigenbaum, J., Johnson, A., Syverson, P.: A probabilistic analysis of onion routing in a black-box model. In: Yu, T. (ed.) WPES 2007: Proceedings of the 2007 ACM Workshop on Privacy in the Electronic Society, pp. 1–10. ACM Press, New York (2007)CrossRefGoogle Scholar
  8. 8.
    Freedman, M.J., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, November 2002, pp. 193–206. ACM Press, New York (2002)CrossRefGoogle Scholar
  9. 9.
    Freedman, M.J., Sit, E., Cates, J., Morris, R.: Introducing Tarzan, a peer-to-peer anonymizing network layer. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 121–129. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007, vol. 4776, pp. 167–183. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Nambiar, A., Wright, M.: Salsa: A structured approach to large-scale anonymity. In: Wright, R.N., De Capitani di Vimercati, S., Shmatikov, V. (eds.) CCS 2006: Proceedings of the 13th ACM Conference on Computer and Communications Security, October 2006, pp. 17–26. ACM Press, New York (2006)CrossRefGoogle Scholar
  13. 13.
    Øverlier, L., Syverson, P.: Locating hidden servers. In: IEEE Symposium on Security and Privacy (S&P 2006), May 2006, pp. 100–114. IEEE Computer Society Press, Los Alamitos (2006)CrossRefGoogle Scholar
  14. 14.
    Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  15. 15.
    Rennhard, M., Plattner, B.: Practical anonymity for the masses with morphmix. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 233–250. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: Active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Serjantov, A., Sewell, P.: Passive attack analysis for connection-based anonymity systems. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 116–131. Springer, Heidelberg (2003)Google Scholar
  19. 19.
    Shmatikov, V.: Probabilistic model checking of an anonymity system. Journal of Computer Security 12(3-4), 355–377 (2004)Google Scholar
  20. 20.
    Stoica, I., Morris, R., Liben-Nowell, D., Karger, D.R., Kaashoek, M.F., Dabek, F., Balakrishnan, H.: Chord: a scalable peer-to-peer lookup protocol for internet applications. IEEE/ACM Trans. Netw. 11(1), 17–32 (2003)CrossRefGoogle Scholar
  21. 21.
    Syverson, P., Reed, M., Goldschlag, D.: Onion Routing access configurations. In: Proceedings of the DARPA Information Survivability Conference & Exposition, DISCEX 2000, vol. 1, pp. 34–40. IEEE Computer Society Press, Los Alamitos (1999)CrossRefGoogle Scholar
  22. 22.
    Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Venkitasubramaniam, P., He, T., Tong, L.: Anonymous networking amidst eavesdroppers (October 2007) arXiv:0710.4903v1 at arxiv.orgGoogle Scholar
  24. 24.
    Wright, M., Adler, M., Levine, B.N., Shields, C.: Defending anonymous communication against passive logging attacks. In: 2003 IEEE Symposium on Security and Privacy, May 2003, pp. 28–43. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  25. 25.
    Wright, M., Adler, M., Levine, B.N., Shields, C.: The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC) 4(7), 489–522 (2004)CrossRefGoogle Scholar
  26. 26.
    Zhuang, L., Zhou, F., Zhao, B.Y., Rowstron, A.I.T.: Cashmere: Resilient anonymous routing. In: 2nd USENIX Symposium on Networked Systems Design and Implementation (NSDI 2005), pp. 301–314. USENIX Association (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • George Danezis
    • 1
  • Paul Syverson
    • 2
  1. 1.Microsoft ResearchCambridgeUK
  2. 2.Naval Research LaboratoryUSA

Personalised recommendations