the sniper attack: anonymously deanonymizing and disabling the tor network rob jansen et. al ndss...
TRANSCRIPT
![Page 1: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/1.jpg)
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor
Network
Rob Jansen et. alNDSS 2014
Presenter: Yue LiPart of slides adapted from R. Jansen
![Page 2: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/2.jpg)
Outline
Background & MotivationTor NetworkSniper AttackHidden Service Deanonymization Defense against Sniper AttackDefense against DoS-based Deanonymization
![Page 3: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/3.jpg)
Outline
Background & MotivationTor NetworkSniper AttackHidden Service Deanonymization Defense against Sniper AttackDefense against DoS-based Deanonymization
![Page 4: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/4.jpg)
Background & Motivation
Large scale Internet censorship.
Degree of Internet censorship by country
![Page 5: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/5.jpg)
Background & Motivation
Large scale Internet censorship.
Degree of Internet censorship by country This is not what we want...
![Page 6: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/6.jpg)
Background & Motivation
As a result, people develop new privacy enhancing techniques that Increase the cost of detection.
![Page 7: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/7.jpg)
Background & Motivation
As a result, people develop new privacy enhancing techniques that Increase the cost of detection.The most popular deployed system: Tor
![Page 8: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/8.jpg)
Outline
Background & MotivationTor NetworkSniper AttackHidden Service Deanonymization Defense against Sniper AttackDefense against DoS-based Deanonymization
![Page 9: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/9.jpg)
Tor
Tor● Application-layer overlay network● Enables anonymous communication between clients
and arbitrary Internet destination.
![Page 10: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/10.jpg)
How does Tor work?
● Deploys Onion Routing - Like an Onion● Transmit a package from the user to a destination
![Page 11: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/11.jpg)
How does Tor work?
● Deploys Onion Routing - Like an Onion● Transmit a package from the user to a destination
![Page 12: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/12.jpg)
How does Tor work?
● Deploys Onion Routing - Like an Onion● Transmit a package from the user to a destination
![Page 13: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/13.jpg)
How does Tor work?
● Deploys Onion Routing - Like an Onion● Transmit a package from the user to a destination
![Page 14: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/14.jpg)
How does Tor work?
● Deploys Onion Routing - Like an Onion● Transmit a package from the user to a destination
![Page 15: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/15.jpg)
How does Tor work?
● Deploys Onion Routing - Like an Onion● Transmit a package from the user to a destination
![Page 16: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/16.jpg)
How does Tor work?
● Deploys Onion Routing - Like an Onion● Transmit a package from the user to a destination
Blue: EntryRed: RelayYellow: Exit
![Page 17: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/17.jpg)
Outline
Background & MotivationTor NetworkSniper AttackHidden Service Deanonymization Defense against Sniper AttackDefense against DoS-based Deanonymization
![Page 18: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/18.jpg)
Sniper Attack
Vulnerabilities in Tor:Tor relies on underlying TCP to guarantee reliability and in-order delivery.Tor is an application-layer system.
● Tor does not drop or reorder cells(packets in Tor).
![Page 19: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/19.jpg)
Sniper Attack
Vulnerabilities in Tor:Tor relies on underlying TCP to guarantee reliability and in-order delivery.Tor is an application-layer system.
● Tor does not drop or reorder cells.
![Page 20: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/20.jpg)
Sniper Attack
Sniper Basic Attack● Attacker controls the client and the exit.● Exit keeps sending cells ignoring package window limit.● Client does not read cells from entry.● The entry memory will be used up for queuing cells.
![Page 21: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/21.jpg)
Sniper Attack
Sniper Basic Attack - a second version● Attacker controls the client and the server.● Client keeps sending cells to server ignoring package window limit.● Server does not read cells from exit.● The exit memory will be used up for queuing cells.
![Page 22: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/22.jpg)
Sniper Attack
Recall how Tor does flow control● Exit has a window size of 1000 cells● Client sends SENDME signal to exit to increase the window by 100 cells.● Vice versa when packages are from client to exit
![Page 23: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/23.jpg)
Sniper Attack
Sniper Basic Attack - Efficient Attack● Attacker controls only the client.● Client downloads a large file and keeps sending SENDME signal to exit.● Client does not read cells from exit.● The entry memory will be used up for queuing cells.
![Page 24: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/24.jpg)
Sniper Attack - an illustration
![Page 25: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/25.jpg)
Sniper Attack - an illustration
![Page 26: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/26.jpg)
Sniper Attack - an illustration
![Page 27: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/27.jpg)
Sniper Attack - an illustration
![Page 28: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/28.jpg)
Sniper Attack - an illustration
![Page 29: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/29.jpg)
Sniper Attack - an illustration
![Page 30: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/30.jpg)
Sniper Attack - an illustration
![Page 31: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/31.jpg)
Sniper Attack
Avoid detection● Tor detects protocol violation by checking the circuit
window (>1000)● If violation detected, close the circuit and send a
DESTROY signal backward● How to avoid detection?
o Estimate the circuit throughput by probingo Send SENDME signal according to estimation
![Page 32: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/32.jpg)
Sniper Attack
● The attack can be parallelized to accelerate memory consumption in target
● Hide the Sniper● Use Tor itself
exit1 will use up the 1000 cell limit and stops reading from entry 2
● Other method (public wireless network, botnet, etc)
![Page 33: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/33.jpg)
Sniper Attack
● Implemented Sniper Attack Prototype● Tested in Shadow
o simulated Tor network
● Measuredo Victim Memory Consumptiono Adversary Bandwidth Usage
![Page 34: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/34.jpg)
Sniper Attack - Result
Target Memory
![Page 35: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/35.jpg)
Sniper Attack - Result
Mean BW consumed at Adversary
![Page 36: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/36.jpg)
Sniper Attack - Result
Speed of Sniper Attack
![Page 37: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/37.jpg)
Outline
Background & MotivationTor NetworkSniper AttackHidden Service Deanonymization Defense against Sniper AttackDefense against DoS-based Deanonymization
![Page 38: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/38.jpg)
HS Deanonymization
Hidden Service ● Allows users to hide their locations while offering
various of services. (web publishing, instant messaging etc)
Sniper Attack can be deployed to deanonymize hidden services.
![Page 39: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/39.jpg)
Hidden Services
Client chooses RP
Service chooses IP
Client and Service communicate through RP and IP
![Page 40: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/40.jpg)
Hidden Services
![Page 41: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/41.jpg)
Hidden Services
![Page 42: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/42.jpg)
Hidden Services
![Page 43: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/43.jpg)
Deanonymizing HS
Three steps:● Cause HS to build new rendezvous circuits
to learn its guard● Snipe HS guard to force reselection● Repeat until HS chooses adversarial guard
Guard = Entry
![Page 44: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/44.jpg)
Deanonymizing HS
Try establishing new connections until adversarial relay is chosenIdentify HS entry using methods proposed by A. Biryukov from S&P 13.
A.Biryukov, I. Pustogarov, and R.-P. Weinmann, “Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization”, in SP ‘13, May 2013
![Page 45: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/45.jpg)
Deanonymizing HS
![Page 46: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/46.jpg)
Deanonymizing HS
A.Biryukov, I. Pustogarov, and R.-P. Weinmann, “Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization”, in SP ‘13, May 2013
![Page 47: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/47.jpg)
Deanonymizing HS - Result
Speed of Deanonymization
![Page 48: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/48.jpg)
Outline
Background & MotivationTor NetworkSniper AttackHidden Service Deanonymization Defense against Sniper AttackDefense against DoS-based Deanonymization
![Page 49: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/49.jpg)
Defense against Sniper Attack
How can we defend Sniper Attack?
![Page 50: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/50.jpg)
Defense against Sniper Attack
How can we defend Sniper Attack?Naturally…● Authenticated SENDMEs
o Sending SENDMEs without receiving the cells not allowedo However, each circuit is still able to queue 1000 cells in target
● Queue Length Limito limit the queue lengtho Still can be attacked by parallel Sniper Attack
![Page 51: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/51.jpg)
Defense against Sniper Attack
How can we defend Sniper Attack?So...● Adaptive Circuit Killing
o Kill circuits when total memory consumption remains higher than a threshold
o kill circuits with the earliest time or arrival
o Attacker must read from the Tor network to avoid being killed since Tor is strictly FIFO
![Page 52: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/52.jpg)
Outline
Background & MotivationTor NetworkSniper AttackHidden Service Deanonymization Defense against Sniper AttackDefense against DoS-based Deanonymization
![Page 53: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/53.jpg)
Defende against Deanonymization
Entry-guard Rate-limiting● Limit the rate at which clients will add relays to their
entry guard list. ● Hidden Services use 2 levels of guards.● However, over time the DoS Deanonymization will
eventually succeed unless the guards are limited to a set of trustworthy routers.
![Page 54: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R](https://reader031.vdocuments.net/reader031/viewer/2022032015/56649cb95503460f94980fb4/html5/thumbnails/54.jpg)
QUESTIONS?