![Page 1: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/1.jpg)
1
Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
Aaron Johnson1 Chris Wacek2 Rob Jansen1
Micah Sherr2 Paul Syverson1
1 U.S. Naval Research Laboratory, Washington, DC2 Georgetown University, Washington, DC
MPI-SWSJuly 29, 2013
![Page 2: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/2.jpg)
2
Summary: What is Tor?
![Page 3: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/3.jpg)
3
Tor is a system for anonymous communication.
Summary: What is Tor?
![Page 4: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/4.jpg)
4
Summary: What is Tor?
Tor is a system for anonymous communication.popular^
Over 500000 daily users and 2.4GiB/s aggregate
![Page 5: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/5.jpg)
5
Summary: Who uses Tor?
![Page 6: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/6.jpg)
6
Summary: Who uses Tor?
• Individuals avoiding censorship
• Individuals avoiding surveillance
• Journalists protecting themselves or sources
• Law enforcement during investigations
• Intelligence analysts for gathering data
![Page 7: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/7.jpg)
7
Summary: Tor’s Big Problem
![Page 8: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/8.jpg)
8
Summary: Tor’s Big Problem
![Page 9: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/9.jpg)
9
Summary: Tor’s Big Problem
![Page 10: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/10.jpg)
10
Summary: Tor’s Big Problem
![Page 11: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/11.jpg)
11
Summary: Tor’s Big Problem
Traffic Correlation Attack
![Page 12: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/12.jpg)
12
Summary: Tor’s Big Problem
Traffic Correlation Attack• Congestion attacks• Throughput attacks• Latency leaks
• Website fingerprinting• Application-layer leaks• Denial-of-Service attacks
![Page 13: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/13.jpg)
13
Summary: Our Contributions
![Page 14: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/14.jpg)
14
Summary: Our Contributions
1. Empirical analysis of traffic correlation threat
2. Develop adversary framework and security metrics
3. Develop analysis methodology and tools
![Page 15: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/15.jpg)
15
Overview• Summary• Tor Background• Tor Security Analysis
o Adversary Frameworko Security Metricso Evaluation MethodologyoNode Adversary Analysiso Link Adversary Analysis
• Future Work
![Page 16: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/16.jpg)
16
Overview• Summary• Tor Background• Tor Security Analysis
o Adversary Frameworko Security Metricso Evaluation MethodologyoNode Adversary Analysiso Link Adversary Analysis
• Future Work
![Page 17: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/17.jpg)
17
Users DestinationsOnion Routers
Background: Onion Routing
![Page 18: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/18.jpg)
18
Users DestinationsOnion Routers
Background: Onion Routing
![Page 19: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/19.jpg)
19
Users DestinationsOnion Routers
Background: Onion Routing
![Page 20: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/20.jpg)
20
Users DestinationsOnion Routers
Background: Onion Routing
![Page 21: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/21.jpg)
21
Users DestinationsOnion Routers
Background: Onion Routing
![Page 22: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/22.jpg)
22
Background: Using Circuits
![Page 23: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/23.jpg)
23
Background: Using Circuits
1. Clients begin all circuits with a selected guard.
![Page 24: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/24.jpg)
24
Background: Using Circuits
1. Clients begin all circuits with a selected guard.2. Relays define individual exit policies.
![Page 25: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/25.jpg)
25
Background: Using Circuits
1. Clients begin all circuits with a selected guard.2. Relays define individual exit policies.3. Clients multiplex streams over a circuit.
![Page 26: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/26.jpg)
26
Background: Using Circuits
1. Clients begin all circuits with a selected guard.2. Relays define individual exit policies.3. Clients multiplex streams over a circuit.4. New circuits replace existing ones periodically.
![Page 27: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/27.jpg)
27
Overview• Summary• Tor Background• Tor Security Analysis
o Adversary Frameworko Security Metricso Evaluation MethodologyoNode Adversary Analysiso Link Adversary Analysis
• Future Work
![Page 28: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/28.jpg)
28
Adversary Framework
![Page 29: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/29.jpg)
29
Adversary Framework
![Page 30: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/30.jpg)
30
Adversary Framework
![Page 31: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/31.jpg)
31
Adversary Framework
![Page 32: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/32.jpg)
32
Adversary Framework
Resource Types• Relays• Bandwidth• Autonomous
Systems (ASes)
• Internet Exchange Points (IXPs)
• Money
![Page 33: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/33.jpg)
33
Adversary Framework
Resource Types• Relays• Bandwidth• Autonomous
Systems (ASes)
• Internet Exchange Points (IXPs)
• Money
Resource Endowment• Destination
host• 5% Tor
bandwidth• Source AS• Equinix IXPs
![Page 34: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/34.jpg)
34
Adversary Framework
Resource Types• Relays• Bandwidth• Autonomous
Systems (ASes)
• Internet Exchange Points (IXPs)
• Money
Resource Endowment• Destination
host• 5% Tor
bandwidth• Source AS• Equinix IXPs
Goal• Target a given
user’s communication
• Compromise as much traffic as possible
• Learn who uses Tor
• Learn what Tor is used for
![Page 35: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/35.jpg)
35
Overview• Summary• Tor Background• Tor Security Analysis
o Adversary Frameworko Security Metricso Evaluation MethodologyoNode Adversary Analysiso Link Adversary Analysis
• Future Work
![Page 36: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/36.jpg)
Prior metrics
Security Metrics
![Page 37: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/37.jpg)
Prior metrics1. Probability of choosing bad guard and exit
a. c2 / n2 : Adversary controls c of n relaysb. ge : g guard and e exit BW fractions are bad
Security Metrics
![Page 38: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/38.jpg)
Prior metrics1. Probability of choosing bad guard and exit
a. c2 / n2 : Adversary controls c of n relaysb. ge : g guard and e exit BW fractions are bad
2. Probability some AS/IXP exists on both entry and exit paths (i.e. path independence)
Security Metrics
![Page 39: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/39.jpg)
Prior metrics1. Probability of choosing bad guard and exit
a. c2 / n2 : Adversary controls c of n relaysb. ge : g guard and e exit BW fractions are bad
2. Probability some AS/IXP exists on both entry and exit paths (i.e. path independence)
3. gt : Probability of choosing malicious guard within time t
Security Metrics
![Page 40: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/40.jpg)
40
Principles1. Probability distribution2. Measure on human timescales3. Based on adversaries
Security Metrics
![Page 41: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/41.jpg)
41
Metrics1. Probability distribution of time until first path
compromise2. Probability distribution of number of path
compromises for a given user over given time period
Principles1. Probability distribution2. Measure on human timescales3. Based on adversaries
Security Metrics
![Page 42: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/42.jpg)
42
Overview• Background• Onion Routing Security Analysis
o Problem: Traffic correlationo Adversary Modelo Security Metricso Evaluation MethodologyoNode Adversary Analysiso Link Adversary Analysis
• Future Work
![Page 43: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/43.jpg)
43
TorPS: The Tor Path Simulator
User Model Client Software Model
Streams
Network Model
Relay statuses
StreamCircuit mappings
![Page 44: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/44.jpg)
44
TorPS: The Tor Path Simulator
User Model Client Software Model
Streams
Network Model
Relay statuses
StreamCircuit mappings
![Page 45: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/45.jpg)
45
TorPS: User Model
20-minute traces
Gmail/GChat
Gcal/GDocs
Web search
IRC
BitTorrent
![Page 46: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/46.jpg)
46
TorPS: User Model
20-minute traces
Gmail/GChat
Gcal/GDocs
Web search
IRC
BitTorrent
Typical
![Page 47: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/47.jpg)
47
TorPS: User Model
20-minute traces
Gmail/GChat
Gcal/GDocs
Web search
IRC
BitTorrent
Typical
Session schedule
One session at9:00, 12:00,15:00, and 18:00Su-Sa
Repeated sessions8:00-17:00, M-F
Repeated sessions0:00-6:00, Sa-Su
![Page 48: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/48.jpg)
48
TorPS: User Model
20-minute traces
Gmail/GChat
Gcal/GDocs
Web search
IRC
BitTorrent
Typical
Session schedule
One session at9:00, 12:00,15:00, and 18:00Su-Sa
Repeated sessions8:00-17:00, M-F
Repeated sessions0:00-6:00, Sa-Su
Worst Port (6523)Best Port (443)
![Page 49: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/49.jpg)
49
Rank Port # Exit BW %
Long-Lived Application
1 8300 19.8 Yes iTunes?
2 6523 20.1 Yes Gobby
3 26 25.3 No (SMTP+1)
65312 993 89.8 No IMAP SSL
65313 80 90.1 No HTTP
65314 443 93.0 No HTTPS
TorPS: User Model
Default-accept ports by exit capacity.
![Page 50: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/50.jpg)
50
TorPS: User Model
Model Streams/week IPs Ports (#s)
Typical 2632 205 2 (80, 443) IRC 135 1 1 (6697) BitTorrent 6768 171 118 WorstPort 2632 205 1 (6523) BestPorst 2632 205 1 (443)
User model stream activity
![Page 51: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/51.jpg)
51
TorPS: The Tor Path Simulator
User Model Client Software Model
Streams
Network Model
Relay statuses
StreamCircuit mappings
![Page 52: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/52.jpg)
52
TorPS: The Tor Path Simulator
Network Model
metrics.torproject.org
Hourly consensuses
Monthly server descriptors archive
![Page 53: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/53.jpg)
53
TorPS: The Tor Path Simulator
User Model Client Software Model
Streams
Network Model
Relay statuses
StreamCircuit mappings
![Page 54: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/54.jpg)
54
TorPS: The Tor Path Simulator
• Reimplemented path selection in Python• Based on current Tor stable version (0.2.3.25)• Major path selection features include
– Bandwidth weighting– Exit policies– Guards and guard rotation– Hibernation– /16 and family conflicts
• Omits effects of network performance
Client Software Model
![Page 55: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/55.jpg)
55
Overview• Background• Onion Routing Security Analysis
o Problem: Traffic correlationo Adversary Modelo Security Metricso Evaluation MethodologyoNode Adversary Analysiso Link Adversary Analysis
• Future Work
![Page 56: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/56.jpg)
56
Rank Bandwidth (MiB/s) Family
1 260.5 torservers.net2 115.7 Chaos
Computer Club3 107.8 DFRI4 95.3 Team Cymru5 80.5 Paint
Top Tor families, 3/31/13
Node Adversary
100 MiB/s total bandwidth
Relay Type Number Bandwidth (GiB/s)
Any 2646 3.10
Guard only 670 1.25
Exit only 403 0.30Guard & Exit 272 0.98
Tor relay capacity, 3/31/13
![Page 57: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/57.jpg)
57
Node Adversary
100 MiB/s total bandwidth
Probability to compromise at least one stream and rate of compromise, 10/12 – 3/13.
![Page 58: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/58.jpg)
58
Node Adversary
100 MiB/s total bandwidth83.3 MiB/s guard,16.7 MiB/s exit
![Page 59: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/59.jpg)
59
Node Adversary Results
Time to first compromised stream, 10/12 – 3/13
Fraction compromised streams, 10/12 – 3/13
![Page 60: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/60.jpg)
60
Node Adversary Results
Time to first compromised guard, 10/12 – 3/13
Fraction streams with compromised guard, 10/12 – 3/13
![Page 61: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/61.jpg)
61
Node Adversary Results
Time to first compromised exit, 10/12 – 3/13
Fraction compromised exits, 10/12 – 3/13
![Page 62: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/62.jpg)
62
Time to first compromised circuit, 10/12-3/13
Node Adversary Results
![Page 63: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/63.jpg)
63
Overview• Background• Onion Routing Security Analysis
o Problem: Traffic correlationo Adversary Modelo Security Metricso Evaluation MethodologyoNode Adversary Analysiso Link Adversary Analysis
• Future Work
![Page 64: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/64.jpg)
64
Link Adversary
![Page 65: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/65.jpg)
65
Link Adversary
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7
1. Autonomous Systems (ASes)
AS6
![Page 66: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/66.jpg)
66
Link Adversary
1. Autonomous Systems (ASes)2. Internet Exchange Points (IXPs)
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7AS6
![Page 67: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/67.jpg)
67
Link Adversary
1. Autonomous Systems (ASes)2. Internet Exchange Points (IXPs)3. Adversary has fixed location
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7AS6
![Page 68: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/68.jpg)
68
Link Adversary
1. Autonomous Systems (ASes)2. Internet Exchange Points (IXPs)3. Adversary has fixed location
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7AS6
![Page 69: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/69.jpg)
69
Link Adversary
1. Autonomous Systems (ASes)2. Internet Exchange Points (IXPs)3. Adversary has fixed location4. Adversary may control multiple entities
a. “Top” ASesb. IXP organizations
AS1 AS2 AS3 AS4 AS5
AS6
AS8
AS7AS6
![Page 70: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/70.jpg)
70
Link Adversary
AS/IXP Locations• Ranked for client location
by frequency on entry or exit paths
• Exclude src/dst ASes• Top k ASes /top IXP
organization
Client locations• Top 5 non-Chinese
source ASes in Tor (Edman&Syverson 09)
AS# Description Country3320 Deutsche Telekom AG Germany
3209 Arcor Germany
3269 Telecom Italia Italy
13184 HanseNet Telekommunikation
Germany
6805 Telefonica Deutschland Germany
Type ID DescriptionAS 3356 Level 3 Communications
AS 1299 TeliaNet Global
AS 6939 Hurricane Electric
IXP 286 DE-CIX Frankfurt
IXP Org. DE-CIX DE-CIX
Example: Adversary locations for BitTorrent client in AS 3320
![Page 71: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/71.jpg)
71
Link Adversary # IXP Organization Size Country1 Equinix 26 global
2 PTTMetro 8 Brazil
3 PIPE 6 Australia
4 NIXI 6 India
5 XChangePoint 5 global
6 MAE/VERIZON 5 global
7 Netnod 5 Sweden
8 Any2 4 US
9 PIX 4 Canada
10 JPNAP 3 Japan
11 DE-CIX 2 Germany
12 AEPROVI 2 Equador
13 Vietnam 2 Vietnam
14 NorthWestIX 2 Montana, US
15 Terremark 2 global
16 Telx 2 US
17 NorrNod 2 Sweden
18 ECIX 2 Germany
19 JPIX 2 Japan
IXP organizations ranked by size
IXP organizations obtained by manual clustering based on PeerDB and PCH.
![Page 72: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/72.jpg)
72
Link Adversary Adversary controls one AS,Time to first compromised stream, 1/13 – 3/13“Best”: most secure client AS“Worst”: least secure client AS
Adversary controls one AS,Fraction compromised streams,
1/13 – 3/13“Best”: most secure client AS
“Worst”: least secure client AS
![Page 73: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/73.jpg)
73
Adversary controls top ASes,Time to first compromised stream,1/13 – 3/13,Only “best” client AS
Adversary controls IXP organization,Time to first compromised stream,
1/13 – 3/13,“Best”: most secure client AS
“Worst”: least secure client AS
Link Adversary
![Page 74: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/74.jpg)
74
Overview• Background• Onion Routing Security Analysis
o Problem: Traffic correlationo Adversary Modelo Security Metricso Evaluation MethodologyoNode Adversary Analysiso Link Adversary Analysis
• Future Work
![Page 75: Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries](https://reader036.vdocument.in/reader036/viewer/2022062315/56816552550346895dd7cbf5/html5/thumbnails/75.jpg)
75
Future Work
1. Extending analysis2. Improving guard selection3. Using trust-based path selection to
protect against traffic correlation4. Dealing with incomplete and inaccurate
AS and IXP maps5. Include Tor’s performance-based path-
selection features in TorPS