Preventing Active Timing Attacks in Low-Latency Anonymous Communication

(Extended Abstract)
  • Joan Feigenbaum
  • Aaron Johnson
  • Paul Syverson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6205)


Low-latency anonymous communication protocols in general, and the popular onion-routing protocol in particular, are broken against simple timing attacks. While there have been few proposed solutions to this problem when the adversary is active, several padding schemes have been proposed to defend against a passive adversary that just observes timing patterns. Unfortunately active adversaries can break padding schemes by inserting delays and dropping messages.

We present a protocol that provides anonymity against an active adversary by using a black-box padding scheme that is effective against a passive adversary. Our protocol reduces, in some sense, providing anonymous communication against active attacks to providing a padding scheme against passive attacks.

Our analytical results show that anonymity can be made arbitrarily good at the cost of some added latency and required bandwidth. We also perform measurements on the Tor network to estimate the real-world performance of our protocol, showing that the added delay is not excessive.


Timing Attack Timing Pattern Processing Delay Return Path Layered Mesh 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Back, A., Möller, U., Stiglic, A.: Traffic analysis attacks and trade-offs in anonymity providing systems. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 245–257. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against Tor. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society (WPES 2007), pp. 11–20 (2007)Google Scholar
  3. 3.
    Berthold, O., Pfitzmann, A., Standtke, R.: The disadvantages of free MIX routes and how to overcome them. In: Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, pp. 30–45 (2000)Google Scholar
  4. 4.
    Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 92–102 (2007)Google Scholar
  5. 5.
    Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Dingledine, R., Mathewson, N.: Anonymity loves company: Usability and the network effect. In: 5th Workshop on the Economics of Information Security, WEIS 2006 (2006)Google Scholar
  7. 7.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, pp. 303–320 (2004)Google Scholar
  8. 8.
    Dingledine, R., Shmatikov, V., Syverson, P.: Synchronous batching: From cascades to free routes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 186–206. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Feigenbaum, J., Johnson, A., Syverson, P.: Preventing active timing attacks in low-latency anonymous communication. Technical Report TR-10-15, The University of Texas at Austin (2010),
  10. 10.
    Fu, X., Graham, B., Bettati, R., Zhao, W.: Active traffic analysis attacks and countermeasures. In: 2003 International Conference on Computer Networks and Mobile Computing (ICCNMC 2003), pp. 31–39 (2003)Google Scholar
  11. 11.
    Fu, X., Graham, B., Bettati, R., Zhao, W.: Analytical and empirical analysis of countermeasures to traffic analysis attacks. In: Proceedings of the 2003 International Conference on Parallel Processing, pp. 483–492 (2003)Google Scholar
  12. 12.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  13. 13.
    Hopper, N., Vasserman, E.Y., Chan-TIN, E.: How much anonymity does network latency leak? ACM Transactions on Information and System Security 13(2), 1–28 (2010)CrossRefGoogle Scholar
  14. 14.
    Iwanik, J., Klonowski, M., Kutylowski, M.: DUO–onions and hydra–onions – failure and adversary resistant onion protocols. In: Communications and Multimedia Security: 8th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, pp. 1–15 (2004)Google Scholar
  15. 15.
    Kesdogan, D., Egner, J., Büschkes, R.: Stop-and-go-MIXes providing probabilistic anonymity in an open system. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 83–98. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Levine, B.N., Reiter, M.K., Wang, C., Wright, M.K.: Timing attacks in low-latency mix-based systems (extended abstract). In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 251–265. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    McCoy, D., Bauer, K., Grunwald, D., Kohno, T., Sicker, D.: Shining light in dark places: Understanding the Tor network. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 63–76. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Mills, D.: Network time protocol (version 3) specification, implementation. RFC 1305, Internet Engineering Task Force (March 1992)Google Scholar
  19. 19.
    Mittal, P., Borisov, N.: Information leaks in structured peer-to-peer anonymous communication systems. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 267–278 (2008)Google Scholar
  20. 20.
    Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: 2005 IEEE Symposium on Security and Privacy (SP 2005), pp. 183–195 (2005)Google Scholar
  21. 21.
    Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 167–183. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Nambiar, A., Wright, M.: Salsa: a structured approach to large-scale anonymity. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 17–26 (2006)Google Scholar
  23. 23.
    Øverlier, L., Syverson, P.: Locating hidden servers. In: 2006 IEEE Symposium on Security and Privacy (SP 2006), pp. 100–114 (2006)Google Scholar
  24. 24.
    Raymond, J.-F.: Traffic analysis: Protocols, attacks, design issues, and open problems. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 10–29. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: Attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Syverson, P.: Onion routing for resistance to traffic analysis. In: Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III), vol. 2, pp. 108–110 (2003)Google Scholar
  27. 27.
    Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    TorStatus - Tor network status (April 2010),
  29. 29.
    Wang, X., Chen, S., Jajodia, S.: Network flow watermarking attack on low-latency anonymous communication systems. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 116–130 (2007)Google Scholar
  30. 30.
    Wang, M.M.W., Srinivasan, V.: Dependent link padding algorithms for low latency anonymity systems. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 323–332 (2008)Google Scholar
  31. 31.
    Yu, W., Fu, X., Graham, S., Xuan, D., Zhao, W.: DSSS-based flow marking technique for invisible traceback. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), Washington, DC, USA, pp. 18–32 (2007)Google Scholar
  32. 32.
    Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 207–225. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Joan Feigenbaum
    • 1
  • Aaron Johnson
    • 2
  • Paul Syverson
    • 3
  1. 1.Yale UniversityUSA
  2. 2.The University of Texas at AustinUSA
  3. 3.Naval Research LaboratoryUSA

Personalised recommendations