Towards an analysis of onion routing security
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
TCP congestion control with a misbehaving receiver
ACM SIGCOMM Computer Communication Review
IEEE Internet Computing
Defending Anonymous Communications Against Passive Logging Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Misbehaving TCP receivers can cause internet-wide congestion collapse
Proceedings of the 12th ACM conference on Computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Experiences building PlanetLab
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Low-resource routing attacks against tor
Proceedings of the 2007 ACM workshop on Privacy in electronic society
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Privacy-preserving P2P data sharing with OneSwarm
Proceedings of the ACM SIGCOMM 2010 conference
Vanish: increasing data privacy with self-destructing data
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Strengthening forensic investigations of child pornography on P2P networks
Proceedings of the 6th International COnference
Effective digital forensics research is investigator-centric
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Improving content availability in the i2p anonymous file-sharing environment
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
| Hi-index | 0.00 |
OneSwarm is a system for anonymous p2p file sharing in use by thousands of peers. It aims to provide Onion Routing-like privacy and BitTorrent-like performance. We demonstrate several flaws in OneSwarm's design and implementation through three different attacks available to forensic investigators. First, we prove that the current design is vulnerable to a novel timing attack that allows just two attackers attached to the same target to determine if it is the source of queried content. When attackers comprise 15% of OneSwarm peers, we expect over 90% of remaining peers will be attached to two attackers and therefore vulnerable. Thwarting the attack increases OneSwarm query response times, making them longer than the equivalent in Onion Routing. Second, we show that OneSwarm's vulnerability to traffic analysis by colluding attackers is much greater than was previously reported, and is much worse than Onion Routing. We show for this second attack that when investigators comprise 25% of peers, over 40% of the network can be investigated with 80% precision to find the sources of content. Our examination of the OneSwarm source code found differences with the technical paper that significantly reduce security. For the implementation in use by thousands of people, attackers that comprise 25% of the network can successfully use this second attack against 98% of remaining peers with 95% precision. Finally, we show that a novel application of a known TCP-based attack allows a single attacker to identify whether a neighbor is the source of data or a proxy for it. Users that turn off the default rate-limit setting are exposed. Each attack can be repeated as investigators leave and rejoin the network. All of our attacks are successful in a forensics context: Law enforcement can use them legally ahead of a warrant. Furthermore, private investigators, who have fewer restrictions on their behavior, can use them more easily in pursuit of evidence for such civil suits as copyright infringement.