Toward a Comprehensive Insight Into the Eclipse Attacks of Tor Hidden Services

Tor hidden services (HSs) are used to provide anonymity services to users on the Internet without disclosing the location of the servers so as to enable freedom of speech. However, existing Tor HSs use decentralized architecture that makes it easier for an adversary to launch DHT-based attacks. In this paper, we present practical Eclipse attacks on Tor HSs that allow an adversary with an extremely low cost to block arbitrary Tor HSs. We found that the dominant cost of this attack is IP address resources, the experimental results show that we can use only three IP addresses to eclipse an arbitrary HS with 100% success probability. To understand the severity of the Eclipse attack problems on Tor HSs, and its security implications, we present the first formal analysis to evaluate the extent of threat such vulnerabilities may cause and quantify the costs of Eclipse attacks involved in our attack via probabilistic analysis. Theoretical analysis suggests that adversaries with a modest number of IP address resources can block a large number of HSs at any time. Finally, we discuss countermeasures and future works.

[1]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[2]  Prateek Mittal,et al.  Information leaks in structured peer-to-peer anonymous communication systems , 2008, CCS.

[3]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[4]  Yuanzhang Li,et al.  A Covert Channel Over VoLTE via Adjusting Silence Periods , 2018, IEEE Access.

[5]  George K. Karagiannidis,et al.  Secure Multiple Amplify-and-Forward Relaying With Cochannel Interference , 2016, IEEE Journal of Selected Topics in Signal Processing.

[6]  Christopher Krügel,et al.  Practical Attacks against the I2P Network , 2013, RAID.

[7]  Björn Scheuermann,et al.  The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network , 2014, NDSS.

[8]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[9]  Zhen Ling,et al.  Protocol-level hidden server discovery , 2013, 2013 Proceedings IEEE INFOCOM.

[10]  Steven J. Murdoch,et al.  Hot or not: revealing hidden services by their clock skew , 2006, CCS '06.

[11]  George K. Karagiannidis,et al.  Secrecy Cooperative Networks With Outdated Relay Selection Over Correlated Fading Channels , 2017, IEEE Transactions on Vehicular Technology.

[12]  Sebastian Zander,et al.  An Improved Clock-skew Measurement Technique for Revealing Hidden Services , 2008, USENIX Security Symposium.

[13]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[14]  Alex Biryukov,et al.  Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization , 2013, 2013 IEEE Symposium on Security and Privacy.

[15]  Nicholas Hopper,et al.  Hashing it out in public: common failure modes of DHT-based anonymity schemes , 2009, WPES '09.

[16]  G. Danezis,et al.  Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity , 2007 .

[17]  Jian Shen,et al.  Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks , 2018, J. Netw. Comput. Appl..

[18]  Mahmood Mahmoudi,et al.  A generalization of the negative binomial distribution , 2016 .

[19]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[20]  Feng Jiang,et al.  Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security , 2020, IEEE Transactions on Sustainable Computing.

[21]  Juan Caballero,et al.  CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services , 2015, CCS.

[22]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.