Memory-based DoS and Deanonymization Attacks on Tor

DCAPS Seminar October 11th, 2013

Rob Jansen U.S. Naval Research Laboratory rob.g.jansen@nrl.navy.mil

*Joint with Aaron Johnson, Florian Tschorsch, Björn Scheuermann

The Tor Anonymity Network

torproject.org

How Tor Works

Tor protocol aware

Tor Flow Control

exit entry

Tor Flow Control

One TCP Connection Between Each Relay,

Multiple Circuits

exit entry

Tor Flow Control

One TCP Connection Between Each Relay,

Multiple Circuits

Multiple Application Streams

exit entry

Tor Flow Control

No end-to-end TCP!

exit entry

Tor Flow Control

Tor protocol aware

exit entry

Tor Flow Control

Packaging End

Delivery End

exit entry

Tor Flow Control

Packaging End

Delivery End

exit entry

Tor Flow Control

1000 Cell Limit

SENDME Signal Every 100 Cells

exit entry

Outline

●  The Sniper Attack –  Low-cost memory consumption attack that disables

arbitrary Tor relays

●  Deanonymizing Hidden Services –  Using DoS attacks for deanonymization

●  Countermeasures

The Sniper Attack

Start Download

Request

exit entry

The Sniper Attack

DATA exit entry

The Sniper Attack Package and Relay DATA

DATA exit entry

The Sniper Attack

Stop Reading from Connection

Rexit entry

The Sniper Attack

DATA DATA DATA DATA DATA DATA

Rexit entry

Flow Window Closed

The Sniper Attack

Periodically Send SENDME SENDME

DATA DATA DATA DATA DATA

exit entry

The Sniper Attack

Periodically Send SENDME SENDME

exit entry

Flow Window Opened

The Sniper Attack

exit entry

DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA

Out of Memory, Killed by OS

The Sniper Attack

exit entry

DATA DATA DATA DATA DATA DATA DATA DATA DATA DATA

Use Tor to Hide

Memory Consumed over Time

0.0 0.2 0.4 0.6 0.8 1.0Time (m)

20 25 30 35 40 45 50 55 600

5001000150020002500

anonymous

1000150020002500

direct

10 teams100 circs5 teams50 circs1 team10 circs1 team5 circsno attack

Mean RAM Consumed, 50 Relays

0 500 1000 1500 2000 2500Mean Target RAM Consumption Rate (KiB/s)

directanonymous

Mean BW Consumed, 50 Relays

0 20 40 60 80 100Mean Sniper BW Consumption Rates (KiB/s)

direct Txanonymous Txdirect Rxanonymous Rx

Speed of Sniper Attack Direct Anonymous

Relay Groups Select % 1 GiB 8 GiB 1 GiB 8 GiB Top Guard 1.7 Top 5 Guards 6.5 Top 20 Guards 19 Top Exit 3.2 Top 5 Exits 13 Top 20 Exits 35

Path Selection Probability ≈ Network Capacity

Relay Groups Select % 1 GiB 8 GiB 1 GiB 8 GiB Top Guard 1.7 0:01 0:18 0:02 0:14 Top 5 Guards 6.5 0:08 1:03 0:12 1:37 Top 20 Guards 19 0:45 5:58 1:07 8:56 Top Exit 3.2 0:01 0:08 0:01 0:12 Top 5 Exits 13 0:05 0:37 0:07 0:57 Top 20 Exits 35 0:29 3:50 0:44 5:52

Time (hours:minutes) to Consume RAM

Outline

Hidden Services

User wants to hide service

Hidden Services

entry IP

HS chooses and publishes

introduction point IP

Hidden Services

entry IP

Learns about HS on web

Hidden Services

entry IP

Builds Circuit to Chosen Rendezvous

Point RP

Hidden Services

entry IP

Notifies HS of RP through IP

Hidden Services

entry IP

Hidden Services

entry IP

Build New Circuit to

Hidden Services

entry IP

Communicate!

Deanonymizing Hidden Services

Also runs a guard

Build New Circuit to

RP S&P 2006, S&P 2013

RP S&P 2013

PADDING

Send 50 Padding

Identify HS entry if cell count = 52

S&P 2013

Sniper Attack, or any other DoS

Choose new Entry Guard

RP S&P 2006, S&P 2013

Send 50 Padding

S&P 2013

PADDING

Identify HS if cell count = 53

S&P 2013

Outline

Countermeasures

●  Sniper Attack Defenses –  Authenticated SENDMEs –  Queue Length Limit –  Adaptive Circuit Killer

●  Deanonymization Defenses –  Entry-guard Rate-limiting –  Middle Guards

Questions?

cs.umn.edu/~jansen rob.g.jansen@nrl.navy.mil

think like an adversary

Speed of Deanonymization

Guard BW (MiB/s)

Guard Probability

Average # Rounds

Average # Sniped

Average Time (h)

8 GiB 8.41 0.48 66 133 46 279

16.65 0.97 39 79 23 149 31.65 1.9 24 48 13 84 66.04 3.8 13 26 6 44 96.61 5.4 9 19 5 31

1 GiB/s Relay Can Deanonymize HS in

about a day

Circuit Killer Defense

20 25 30 35 40 45 50 55 60Time (m)

iB) direct, no defense

anon, no defensedirect, MaxQMem=500anon, MaxQMem=250no attack

The Sniper Attack

exit entry

Single Adversary

The Sniper Attack

exit entry

Anonymous Tunnel

The Sniper Attack

exit entry

The Sniper Attack

exit entry

DATA DATA DATA

The Sniper Attack

exit entry

DATA DATA DATA

The Sniper Attack

exit entry

DATA DATA DATA

Flow Window Closed

The Sniper Attack

exit entry

DATA DATA DATA

The Sniper Attack

exit entry

DATA DATA

DATA DATA DATA DATA

The Sniper Attack

exit entry

DATA DATA

DATA DATA DATA

Killed by OS

Memory-based DoS and Deanonymization Attacks on Tor · Memory-based DoS and Deanonymization Attacks...

Transcript of Memory-based DoS and Deanonymization Attacks on Tor · Memory-based DoS and Deanonymization Attacks...

Memory-based DoS and Deanonymization Attacks on Tor · Memory-based DoS and Deanonymization Attacks...

Documents

Transcript of Memory-based DoS and Deanonymization Attacks on Tor · Memory-based DoS and Deanonymization Attacks...

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

On the Challenges of Geographical Avoidance for Tor › wp-content › uploads › ... · im Menü über: Start > Absatz > Listenebene Traffic Analysis Attacks Metadata leaks information

Privacy Enhancing Technologies - Previous - SecAppDev Juarez/privacy... · ... (Tor) 5. Trafﬁc analysis attacks and defences in Tor 2. ... former director of the NSA and the CIA,

Tor and (un)provable privacy39 Attacks on Tor Pretty much any Tor bug seems to turn into an anonymity attack. Many of the hard research problems are attacks against all low-latency

Circuit Fingerprinting Attacks: Passive Deanonymization of ... · Passive Deanonymization of Tor Hidden Services ... as opposed to the general web. We evaluate WF at-tacks on the

Anonymity with Tor: A Survey on Tor Attacks

Circuit Fingerprinting Attacks: Passive Deanonymization of ...people.csail.mit.edu/devadas/pubs/circuit_finger.pdf · Circuit Fingerprinting Attacks: Passive Deanonymization of Tor

The Need for Speed: An Analysis of Brazilian Malware ... · tor with 22 + 3 × V, where 22 is the number of numeri-cal attributes and is the size of the vocabulary that V ... deanonymization,

The Onion Router · 2017-12-07 · TOR: The Onion Router 11/09/2017. Looking at an Internet ... Tor network. Traffic correlation attacks require to see client-to-entry ... Manipulate

Human Element Industry Group - Nautical Institute · Human Element Industry Group TOR 1 HEPromotion TOR 3 Training & Education TOR 4 Fatigue TOR 5 Organisation TOR 6 Technology •

Findingthe&Most&Appropriate&Auxiliary&Data&& …...ThetruenodeOverlap(isthefractionofthe nodesinF aux thatappearinF anon $ Findingthe&Most&Appropriate&Auxiliary&Data&& for&Social&Graph&Deanonymization&&

RAPTOR: Routing Attacks on Privacy in Tor - USENIX · particular, we outline the design of a monitoring frame- work for the Tor network that aims to detect suspicious AS-level path

Anonymity - UMD Department of Computer Science | · • Tor instead aims to prevent analysis attacks ... • Using browser characteristics (fonts, ... the-nsa-track-users-with-device-fingerprinting

RAPTOR: Routing Attacks on Privacy in Tor

RAPTOR: Routing Attacks on Privacy in Tormschucha/netsec/readings/... · serve trafﬁc on both segments of the Tor communication channel (i.e., between the server and the Tor network,

Hot or Not: Revealing Hidden Services by their Clock Skewof which Tor is the latest incarnation. 2.1 Tor The attacks presented in this paper are independent of the underlying anonymity

Tor Node Anonymity Systems Requirements and … Systems Requirements and Architecture Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Network Web server

surfing Safely Over The Tor Anonymity Network - Owasp€¦ · Surfing safely over the Tor anonymity network Georg Koppen ... – Looks for common attacks over all exit relays ...

Deanonymization and linkability of cryptocurrency ... · I Dash: mixing by masternodes I Monero: ring signatures I Zcash: zk-SNARKs. Deanonymization and linkability of cryptocurrency

Recent Attacks on the Filter Generator Tor Helleseth Department of Informatics University of Bergen NORWAY Joint work: Sondre Rønjom and Guang Gong.