Abstract
Users building routes through an anonymization network must discover the nodes comprising the network. Yet, it is potentially costly, or even infeasible, for everyone to know the entire network. We introduce a novel attack, the route bridging attack, which makes use of what route creators do not know of the network. We also present new discussion and results concerning route fingerprinting attacks, which make use of what route creators do know of the network. We prove analytic bounds for both route fingerprinting and route bridging and describe the impact of these attacks on published anonymity-network designs. We also discuss implications for network scaling and client-server vs. peer-to-peer systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? How attacks on reliability can compromise anonymity. In: De Capitani di Vimercati, S., Syverson, P., Evans, D. (eds.) CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 92–102. ACM Press, New York (2007)
Boucher, P., Shostack, A., Goldberg, I.: Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc. (December 2000)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2), 84–88 (1981)
Danezis, G., Clayton, R.: Route fingerprinting in anonymous communications. In: Sixth IEEE International Conference on Peer-to-Peer Computing, P2P 2006, pp. 69–72. IEEE Computer Society Press, Los Alamitos (2006)
DÃaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, August 2004, pp. 303–319. USENIX Association (2004)
Feigenbaum, J., Johnson, A., Syverson, P.: A probabilistic analysis of onion routing in a black-box model. In: Yu, T. (ed.) WPES 2007: Proceedings of the 2007 ACM Workshop on Privacy in the Electronic Society, pp. 1–10. ACM Press, New York (2007)
Freedman, M.J., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, November 2002, pp. 193–206. ACM Press, New York (2002)
Freedman, M.J., Sit, E., Cates, J., Morris, R.: Introducing Tarzan, a peer-to-peer anonymizing network layer. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 121–129. Springer, Heidelberg (2002)
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)
Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007, vol. 4776, pp. 167–183. Springer, Heidelberg (2007)
Nambiar, A., Wright, M.: Salsa: A structured approach to large-scale anonymity. In: Wright, R.N., De Capitani di Vimercati, S., Shmatikov, V. (eds.) CCS 2006: Proceedings of the 13th ACM Conference on Computer and Communications Security, October 2006, pp. 17–26. ACM Press, New York (2006)
Øverlier, L., Syverson, P.: Locating hidden servers. In: IEEE Symposium on Security and Privacy (S&P 2006), May 2006, pp. 100–114. IEEE Computer Society Press, Los Alamitos (2006)
Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)
Rennhard, M., Plattner, B.: Practical anonymity for the masses with morphmix. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 233–250. Springer, Heidelberg (2004)
Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)
Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: Active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003)
Serjantov, A., Sewell, P.: Passive attack analysis for connection-based anonymity systems. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 116–131. Springer, Heidelberg (2003)
Shmatikov, V.: Probabilistic model checking of an anonymity system. Journal of Computer Security 12(3-4), 355–377 (2004)
Stoica, I., Morris, R., Liben-Nowell, D., Karger, D.R., Kaashoek, M.F., Dabek, F., Balakrishnan, H.: Chord: a scalable peer-to-peer lookup protocol for internet applications. IEEE/ACM Trans. Netw. 11(1), 17–32 (2003)
Syverson, P., Reed, M., Goldschlag, D.: Onion Routing access configurations. In: Proceedings of the DARPA Information Survivability Conference & Exposition, DISCEX 2000, vol. 1, pp. 34–40. IEEE Computer Society Press, Los Alamitos (1999)
Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)
Venkitasubramaniam, P., He, T., Tong, L.: Anonymous networking amidst eavesdroppers (October 2007) arXiv:0710.4903v1 at arxiv.org
Wright, M., Adler, M., Levine, B.N., Shields, C.: Defending anonymous communication against passive logging attacks. In: 2003 IEEE Symposium on Security and Privacy, May 2003, pp. 28–43. IEEE Computer Society Press, Los Alamitos (2003)
Wright, M., Adler, M., Levine, B.N., Shields, C.: The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC) 4(7), 489–522 (2004)
Zhuang, L., Zhou, F., Zhao, B.Y., Rowstron, A.I.T.: Cashmere: Resilient anonymous routing. In: 2nd USENIX Symposium on Networked Systems Design and Implementation (NSDI 2005), pp. 301–314. USENIX Association (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Danezis, G., Syverson, P. (2008). Bridging and Fingerprinting: Epistemic Attacks on Route Selection. In: Borisov, N., Goldberg, I. (eds) Privacy Enhancing Technologies. PETS 2008. Lecture Notes in Computer Science, vol 5134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70630-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-70630-4_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70629-8
Online ISBN: 978-3-540-70630-4
eBook Packages: Computer ScienceComputer Science (R0)