Sampled Traffic Analysis by Internet-Exchange-Level Adversaries

  • Steven J. Murdoch
  • Piotr Zieliński
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4776)


Existing low-latency anonymity networks are vulnerable to traffic analysis, so location diversity of nodes is essential to defend against attacks. Previous work has shown that simply ensuring geographical diversity of nodes does not resist, and in some cases exacerbates, the risk of traffic analysis by ISPs. Ensuring high autonomous-system (AS) diversity can resist this weakness. However, ISPs commonly connect to many other ISPs in a single location, known as an Internet eXchange (IX). This paper shows that IXes are a single point where traffic analysis can be performed. We examine to what extent this is true, through a case study of Tor nodes in the UK. Also, some IXes sample packets flowing through them for performance analysis reasons, and this data could be exploited to de-anonymize traffic. We then develop and evaluate Bayesian traffic analysis techniques capable of processing this sampled data.


Autonomous System Internet Service Provider Random Delay Border Gateway Protocol Traffic Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  2. 2.
    Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster Protocol – Version 2. Draft (2003)Google Scholar
  3. 3.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (2004)Google Scholar
  4. 4.
    Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A system for anonymous and unobservable Internet access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Boucher, P., Shostack, A., Goldberg, I.: Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc. (2000)Google Scholar
  6. 6.
    Serjantov, A., Murdoch, S.J.: Message splitting against the partial adversary. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Serjantov, A., Sewell, P.: Passive attack analysis for connection-based anonymity systems. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Levine, B.N., Reiter, M.K., Wang, C., Wright, M.K.: Timing attacks in low-latency mix-based systems. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Danezis, G.: The traffic analysis of continuous-time mixes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Dai, W.: Pipenet 1.1. Post to Cypherpunks mailing list (1998),
  11. 11.
    Øverlier, L., Syverson, P.: Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, IEEE CS, Los Alamitos (2006)Google Scholar
  12. 12.
    Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against anonymous systems. Technical Report CU-CS-1025-07, University of Colorado at Boulder (2007)Google Scholar
  13. 13.
    Acquisti, A., Dingledine, R., Syverson, P.: On the Economics of Anonymity. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, Springer, Heidelberg (2003)Google Scholar
  14. 14.
    Feamster, N., Dingledine, R.: Location diversity in anonymity networks. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2004), Washington, DC, USA (2004)Google Scholar
  15. 15.
    Jacobson, V.: Traceroute (1) (1987),
  16. 16.
    Team Cymru: IP to ASN lookup (v1.0),
  17. 17.
    Jacobson, V., Leres, C., McCanne, S.: Tcpdump (1) (1989),
  18. 18.
    Claise, B.: Cisco systems NetFlow services export version 9. RFC 3954, IETF (2004)Google Scholar
  19. 19.
    Phaal, P., Panchen, S., McKee, N.: InMon corporation’s sFlow: A method for monitoring traffic in switched and routed networks. RFC 3176, IETF (2001)Google Scholar
  20. 20.
    Jasinska, E.: sFlow – I can feel your traffic. In: 23C3: 23rd Chaos Communication Congress (2006),
  21. 21.
    Hughes, M.: LINX news (2006),
  22. 22.
    Clayton, R.: spamHINTS project (2006),
  23. 23.
    Jaynes, E.T.: Probability Theory: The Logic of Science. Cambridge University Press, Cambridge (2003)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Steven J. Murdoch
    • 1
  • Piotr Zieliński
    • 1
  1. 1.University of Cambridge, Computer Laboratory 

Personalised recommendations