Changing of the guards: a framework for understanding and improving entry guard selection in tor

Authors:
Tariq Elahi;Kevin Bauer;Mashael AlSabah;Roger Dingledine;Ian Goldberg
Affiliations:
University of Waterloo, Waterloo, ON, Canada;University of Waterloo, Waterloo, ON, Canada;University of Waterloo, Waterloo, ON, Canada;The Tor Project, Inc., Walpole, MA, USA;University of Waterloo, Waterloo, ON, Canada
Venue:
Proceedings of the 2012 ACM workshop on Privacy in the electronic society
Year:
2012

Citing 12
Cited 1

Defending Anonymous Communications Against Passive Logging Attacks

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
The predecessor attack: An analysis of a threat to anonymous communications systems

ACM Transactions on Information and System Security (TISSEC)
Locating Hidden Servers

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Low-resource routing attacks against tor

Proceedings of the 2007 ACM workshop on Privacy in electronic society
Denial of service or denial of security?

Proceedings of the 14th ACM conference on Computer and communications security
Metrics for Security and Performance in Low-Latency Anonymity Systems

PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
Bridging and Fingerprinting: Epistemic Attacks on Route Selection

PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
As-awareness in Tor path selection

Proceedings of the 16th ACM conference on Computer and communications security
Sampled traffic analysis by internet-exchange-level adversaries

PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Browser-based attacks on Tor

PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
The traffic analysis of continuous-time mixes

PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies

Users get routed: traffic correlation on tor by realistic adversaries

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Tor is the most popular low-latency anonymity overlay network for the Internet, protecting the privacy of hundreds of thousands of people every day. To ensure a high level of security against certain attacks, Tor currently utilizes special nodes called entry guards as each client's long-term entry point into the anonymity network. While the use of entry guards provides clear and well-studied security benefits, it is unclear how well the current entry guard design achieves its security goals in practice. We design and implement Changing of the Guards (COGS), a simulation-based research framework to study Tor's entry guard design. Using COGS, we empirically demonstrate that natural, short-term entry guard churn and explicit time-based entry guard rotation contribute to clients using more entry guards than they should, and thus increase the likelihood of profiling attacks. This churn significantly degrades Tor clients' anonymity. To understand the security and performance implications of current and alternative entry guard selection algorithms, we simulate tens of thousands of Tor clients using COGS based on Tor's entry guard selection and rotation algorithms, with real entry guard data collected over the course of eight months from the live Tor network.