extensive analysis and large-scale empirical evaluation of tor bridge discovery
DESCRIPTION
Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery. Zhen Ling Southeast University. In collaboration with Junzhou Luo, Southeast University Wei Yu, Towson University Ming Yang, Southeast University Xinwen Fu, University of Massachusetts Lowell. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/1.jpg)
Zhen LingSoutheast University
Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery
In collaboration with
Junzhou Luo, Southeast University
Wei Yu, Towson University
Ming Yang, Southeast University
Xinwen Fu, University of Massachusetts Lowell
31th IEEE International Conference on Computer Communications (INFOCOM), 2012
![Page 2: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/2.jpg)
2
Outline Introduction
Discovery of Tor Bridges
Evaluation
Summary
![Page 3: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/3.jpg)
3
Introduction Tor is a popular low-latency anonymous
communication system and supports TCP applications over the Internet Source routing for communication privacy Publicly listed on the Internet
Client
Core Tor Network
Server
Directory Servers
Exit(OR3)
Middle(OR2)Entry
(OR1)
Onion Routers
Legend
Circuit
![Page 4: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/4.jpg)
4
Tor Bridges Tor introduce bridge to resist the censorship
blocking of public Tor routers Bridge information not listed on the Internet Distribution via bridge https server / email server
Client
Bridge
Bridges
Onion Routers
Legend Bridge Directory Servers Email / HTTPS
Server
Middle(OR2)
Exit(OR3)Server
Core Tor Network
![Page 5: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/5.jpg)
6
Two categories of bridge-discovery The enumeration of bridges via bulk emails and
Tor’s https server
The use of malicious middle routers to discover bridges
NormalClient
Bridge Client
Core Tor Network
Server
Directory Servers
BridgeExit
(OR3)
Middle(OR2)
Entry (OR1)
Bridges
Onion Routers
Legend
Bridge Directory Servers Email / HTTPS
ServerMalicious
Middle Router
![Page 6: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/6.jpg)
7
Outline Introduction
Discovery of Tor Bridges
Evaluation
Summary
![Page 7: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/7.jpg)
8
Basic Idea Email and https enumeration
Yahoo and gmail to [email protected] https://bridges.torproject.org/
Discovery by bad middle routers Fact: a circuit passes both bridge and malicious middle router Middle routers at apartments, PlanetLab or Amazon EC2
NormalClient
Bridge Client
Core Tor Network
Server
Directory Servers
BridgeExit
(OR3)
Middle(OR2)
Entry (OR1)
Bridges
Onion Routers
Legend
Bridge Directory Servers Email / HTTP
ServerMalicious
Middle Router
![Page 8: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/8.jpg)
9
Enumerating Bridges via Email
Challenge: Tor limits bridge retrieval from each email account
500 PlanetLab nodes and 500+ Tor exit router as proxies to apply for 2000 email accounts via iMacros
A command-and-control architecture to send bulk emails
A tiny POP3 client Mpop to retrieve Yahoo emails via an emulated POP3 server FreePOPs
PlanetLab
Master
Agent
BridgeAuthority
Yahoo Email Servers
C&CServer
Agent
Agent
![Page 9: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/9.jpg)
10
Enumerating Bridges via HTTPS Challenge: Tor limits
bridge retrieval from each class C network
https via PlanetLab nodes using a C&C architecuture
https via Tor exit nodes using customized two-hop circuits
PlanetLab
Master
Agent
WebSever
C&CServer
Agent
Agent
BridgeAuthority
Tor Network
Client
EntryRouters
ExitRouters
WebSever
BridgeAuthority
ExitRouters
![Page 10: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/10.jpg)
11
Discovering Bridges via Tor Middle Router Deploy malicious Tor
middle routers on PlanetLab to discover bridges connected to these Tor middle routers
Prevent malicious routers from becoming entry or exit routers automatically Reduce their bandwidth or
control their uptime By configuring the exit
policy, we can prevent those malicious routers from becoming exit routers
Tor Network
Client
Middle Routers
Bridge
PlanetLab
ExitRouters
![Page 11: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/11.jpg)
12
Analysis of Enumeration via Email and HTTPS
Coupon collection problem
Classic coupon collection problem: Bridges uniformly selected Collect nlog(n) coupons on average to collect all of the
bridges
A weighted coupon collection problem: Bridges are selected according to the bandwidth Expected number of different bridges generated by
these h samplings can be computed by
![Page 12: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/12.jpg)
13
Analysis of Bridge Discovery via Middle Routers
Assume that k computers are injected into the Tor network with advertised bandwidth b
We can get the catch probability that a TCP stream from a bridge traverses malicious middle routers
Catch probability increases with k and b, i.e., the total bandwidth of malicious middle routers
![Page 13: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/13.jpg)
14
Outline Introduction
Discovery of Tor Bridges
Evaluation
Summary
![Page 14: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/14.jpg)
15
Enumerated Bridges via Emails
![Page 15: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/15.jpg)
16
Enumerated Bridges via HTTPS
![Page 16: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/16.jpg)
17
Number of Samplings v.s. Number of Distinct Bridges via Emails and HTTPs
![Page 17: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/17.jpg)
18
Discovery Bridges via ONE Tor Middle Router
2369 bridges inin two weeks
![Page 18: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/18.jpg)
19
Outline Introduction
Discovery of Tor Bridges
Evaluation
Summary
![Page 19: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/19.jpg)
20
Summary Extensive analysis and large-scale empirical
evaluation of Tor bridge discovery via email, https and malicious Tor middle routers
2365 Tor bridges enumerated via email and https
2369 bridges discoved by only one controlled Tor middle router in just 14 days
Countermeasure needed
![Page 20: Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery](https://reader036.vdocument.in/reader036/viewer/2022062804/568149b7550346895db6ef66/html5/thumbnails/20.jpg)
21Xinwen Fu 21/15
Thank you!