Tor - Traffic Analysis Attacks and Defenses

[Nytro]

Traffic Analysis Attacks and Defenses in Low Latency Anonymous Communication

Sambuddho Chakravarty

The recent public disclosure of mass surveillance of electronic communication, involving

powerful government authorities, has drawn the public’s attention to issues regarding

Internet privacy. For almost a decade now, there have been several research efforts towards

designing and deploying open source, trustworthy and reliable systems that ensure users’

anonymity and privacy. These systems operate by hiding the true network identity of communicating

parties against eavesdropping adversaries. Tor, acronym for The Onion Router,

is an example of such a system. Such systems relay the traffic of their users through an

overlay of nodes that are called Onion Routers and are operated by volunteers distributed

across the globe. Such systems have served well as anti-censorship and anti-surveillance

tools. However, recent publications have disclosed that powerful government organizations

are seeking means to de-anonymize such systems and have deployed distributed monitoring

infrastructure to aid their efforts.

Attacks against anonymous communication systems, like Tor, often involve traffic analysis.

In such attacks, an adversary, capable of observing network traffic statistics in several

different networks, correlates the traffic patterns in these networks, and associates otherwise

seemingly unrelated network connections. The process can lead an adversary to the

source of an anonymous connection. However, due to their design, consisting of globally

distributed relays, the users of anonymity networks like Tor, can route their traffic virtually

via any network; hiding their tracks and true identities from their communication peers

and eavesdropping adversaries. De-anonymization of a random anonymous connection is

hard, as the adversary is required to correlate traffic patterns in one network link to those in

virtually all other networks. Past research mostly involved reducing the complexity of this

process by first reducing the set of relays or network routers to monitor, and then identifying

the actual source of anonymous traffic among network connections that are routed via this

reduced set of relays or network routers to monitor. A study of various research efforts in

this field reveals that there have been many more efforts to reduce the set of relays or routers

to be searched than to explore methods for actually identifying an anonymous user amidst

the network connections using these routers and relays. Few have tried to comprehensively

study a complete attack, that involves reducing the set of relays and routers to monitor and

identifying the source of an anonymous connection. Although it is believed that systems

like Tor are trivially vulnerable to traffic analysis, there are various technical challenges and

issues that can become obstacles to accurately identifying the source of anonymous connection.

It is hard to adjudge the vulnerability of anonymous communication systems without

adequately exploring the issues involved in identifying the source of anonymous traffic.

Download: http://cryptome.org/2014/11/sambuddho_thesis.pdf