Breaking Tor anonymity with game theory and data mining

Authors:
Cynthia Wagner;Gerard Wagener;Radu State;Alexandre Dulaunoy;Thomas Engel
Affiliations:
Interdisciplinary Center for Security, Reliability and Trust, University of Luxembourg, L-5326, Luxembourg;CIRCL – Computer Incident Response Center Luxembourg, L-5326, Luxembourg;Interdisciplinary Center for Security, Reliability and Trust, University of Luxembourg, L-5326, Luxembourg;CIRCL – Computer Incident Response Center Luxembourg, L-5326, Luxembourg;Interdisciplinary Center for Security, Reliability and Trust, University of Luxembourg, L-5326, Luxembourg
Venue:
Concurrency and Computation: Practice & Experience
Year:
2012

Citing 14
Cited 0

Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
Embedding an SQL database with SQLite

Linux Journal
Low-Cost Traffic Analysis of Tor

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Locating Hidden Servers

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DSSS-Based Flow Marking Technique for Invisible Traceback

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Low-resource routing attacks against tor

Proceedings of the 2007 ACM workshop on Privacy in electronic society
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions

Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Shining Light in Dark Places: Understanding the Tor Network

PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
A novel flow multiplication attack against Tor

CSCWD '09 Proceedings of the 2009 13th International Conference on Computer Supported Cooperative Work in Design
Fingerprinting websites using traffic analysis

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Browser-based attacks on Tor

PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
On flow correlation attacks and countermeasures in mix networks

PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Attacking anonymous communication networks is very tempting, and many types of attacks have already been observed. In the case for Tor, a widely used anonymous overlay network is considered. Despite the deployment of several protection mechanisms, an attack originated by just one rogue exit node is proposed. The attack is composed of two elements. The first is an active tag injection scheme. The malicious exit node injects image tags into all HTTP replies, which will be cached for upcoming requests and allow different users to be distinguished. The second element is an inference attack that leverages a semi-supervised learning algorithm to reconstruct browsing sessions. Captured traffic flows are clustered into sessions, such that one session is most probably associated to a specific user. The clustering algorithm uses HTTP headers and logical dependencies encountered in a browsing session. A prototype has been implemented and its performance evaluated on the Tor network. The article also describes several countermeasures and advanced attacks, modeled in a game theoretical framework, and their effectiveness assessed with reference to the Nash equilibrium. Copyright © 2011 John Wiley & Sons, Ltd.