TY - GEN
T1 - A new cell counter based attack against Tor
AU - Ling, Zhen
AU - Luo, Junzhou
AU - Yu, Wei
AU - Fu, Xinwen
AU - Xuan, Dong
AU - Jia, Weijia
PY - 2009
Y1 - 2009
N2 - Various low-latency anonymous communication systems such as Tor and Anoymizer have been designed to provide anonymity service for users. In order to hide the communication of users, many anonymity systems pack the application data into equal-sized cells (e.g., 512 bytes for Tor, a known real-world, circuit-based low-latency anonymous communication network). In this paper, we investigate a new cell counter based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the counter of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then an accomplice of the attacker at the malicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect (e.g. using our hopping-based signal embedding). Copyright 2009 ACM.
AB - Various low-latency anonymous communication systems such as Tor and Anoymizer have been designed to provide anonymity service for users. In order to hide the communication of users, many anonymity systems pack the application data into equal-sized cells (e.g., 512 bytes for Tor, a known real-world, circuit-based low-latency anonymous communication network). In this paper, we investigate a new cell counter based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the counter of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then an accomplice of the attacker at the malicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect (e.g. using our hopping-based signal embedding). Copyright 2009 ACM.
KW - Anonymity
KW - Cell counter
KW - Mix networks
KW - Signal
KW - Tor
UR - https://www.scopus.com/pages/publications/74049162773
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-74049162773&origin=recordpage
U2 - 10.1145/1653662.1653732
DO - 10.1145/1653662.1653732
M3 - RGC 32 - Refereed conference paper (with host publication)
SN - 9781605583525
SP - 578
EP - 589
BT - Proceedings of the ACM Conference on Computer and Communications Security
T2 - 16th ACM Conference on Computer and Communications Security, CCS'09
Y2 - 9 November 2009 through 13 November 2009
ER -