Collaborative red teaming for anonymity system evaluation

Authors:
Sandy Clark;Chris Wacek;Matt Blaze;Boon Thau Loo;Micah Sherr;Clay Shields;Jonathan Smith
Affiliations:
University of Pennsylvania;Georgetown University;University of Pennsylvania;University of Pennsylvania;Georgetown University;Georgetown University;University of Pennsylvania
Venue:
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Year:
2012

Citing 11
Cited 0

Information Security: An Integrated Collection of Essays

Information Security: An Integrated Collection of Essays
Vivaldi: a decentralized network coordinate system

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shining Light in Dark Places: Understanding the Tor Network

PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
Operating system penetration

AFIPS '75 Proceedings of the May 19-22, 1975, national computer conference and exposition
Scalable Link-Based Relay Selection for Anonymous Routing

PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
ExperimenTor: a testbed for safe and realistic tor experimentation

CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Securing application-level topology estimation networks: facing the frog-boiling attack

RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
SP 800-115. Technical Guide to Information Security Testing and Assessment

SP 800-115. Technical Guide to Information Security Testing and Assessment
LASTor: A Low-Latency AS-Aware Tor Client

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Enforced community standards for research on users of the tor anonymity network

FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes our experiences as researchers and developers during red teaming exercises of the SAFEST anonymity system. We argue that properly evaluating an anonymity system -- particularly one that makes use of topological information and diverse relay selection strategies, as does SAFEST-- presents unique challenges that are not addressed using traditional red teaming techniques. We present our efforts towards meeting these challenges, and discuss the advantages of a collaborative red teaming paradigm in which developers play a supporting role during the evaluation process.