Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection

  • Benedikt Westermann
  • Dogan Kesdogan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7035)


In this paper we investigate the impact of missing replay protection as well as missing integrity protection concerning a local attacker in AN.ON. AN.ON is a low latency anonymity network mostly used to anonymize web traffic. We demonstrate that both protection mechanisms are important by presenting two attacks that become feasible as soon as the mechanisms are missing. We mount both attacks on the AN.ON network which neither implements replay protection nor integrity protection yet.


Advanced Encryption Standard Replay Attack Dedicated Server Exit Node Entry Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: USENIX Security Symposium, USENIX, pp. 303–320 (2004)Google Scholar
  2. 2.
    Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A System for Anonymous and Unobservable Internet Access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Westermann, B., Wendolsky, R., Pimenidis, L., Kesdogan, D.: Cryptographic Protocol Analysis of AN.ON. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 114–128. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Köpsell, S.: Entwicklung und Betrieb eines Anonymisierungsdienstes für das WWW. PhD thesis, TU Dresden University (2010)Google Scholar
  5. 5.
    Köpsell, S.: AnonDienst - Design und Implementierung. Technical report, TU Dresden University (2004)Google Scholar
  6. 6.
    Janc, A., Olejnik, L.: Web Browser History Detection as a Real-World Privacy Threat. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 215–231. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext transfer protocol: HTTP/1.1. Internet Engineering Task Force: RFC 2616 (June 1999)Google Scholar
  8. 8.
    Stamm, S.: Mozilla security blog: Plugging the css history leak (March 2010), (visited September 30, 2010)
  9. 9.
    Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, pp. 31–42. ACM, New York (2009)CrossRefGoogle Scholar
  10. 10.
    Evans, N., Dingledine, R., Grothoff, C.: A practical congestion attack on Tor using long paths. In: USENIX Security Symposium, USENIX, pp. 33–50 (2009)Google Scholar
  11. 11.
    Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: IEEE Symposium on Security and Privacy, pp. 183–195. IEEE Computer Society (2005)Google Scholar
  12. 12.
    Hopper, N., Vasserman, E.Y., Chan-TIN, E.: How much anonymity does network latency leak? ACM Transactions on Information and System Security 13(2), 1–28 (2010)CrossRefGoogle Scholar
  13. 13.
    Chakravarty, S., Stavrou, A., Keromytis, A.D.: Traffic Analysis Against Low-Latency Anonymity Networks Using Available Bandwidth Estimation. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 249–267. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell counter based attack against tor. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) ACM Conference on Computer and Communications Security, pp. 578–589. ACM (2009)Google Scholar
  15. 15.
    Pries, R., Yu, W., Fu, X., Zhao, W.: A new replay attack against anonymous communication networks. In: IEEE International Conference on Communications, pp. 1578–1582. IEEE (2008)Google Scholar
  16. 16.
    Bauer, K.S., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.C.: Low-resource routing attacks against tor. In: Ning, P., Yu, T. (eds.) WPES, pp. 11–20. ACM (2007)Google Scholar
  17. 17.
    Back, A., Möller, U., Stiglic, A.: Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 245–257. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Raymond, J.-F.: Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 10–29. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Benedikt Westermann
    • 1
  • Dogan Kesdogan
    • 1
    • 2
  1. 1.Q2S, NTNUTrondheimNorway
  2. 2.IT Security, FB5University of SiegenSiegenGermany

Personalised recommendations