A potential HTTP-based application-level attack against Tor

Tor has become one of the most popular overlay networks for anonymizing TCP traffic, however, the anonymity of Tor clients is threatened by various attacks exploiting traffic analysis or Tor's design features. Although considerable effort has been made to secure and improve Tor networks, little attention has been paid to various application-level attacks against Tor. In this paper, we present a potential HTTP-based application-level attack against Tor, which exploits both Tor's design features and HTTP's vulnerability to man-in-the-middle attacks. Such an application-level attack can efficiently and effectively compromise the anonymity of clients without using invasive plugins like Java or any other active content systems in a web browser, posing a serious threat to Tor. Our analytical and empirical results validate the feasibility and effectiveness of the attack. Based on our analysis of the potential attack mechanism, we propose corresponding countermeasures to thwart such potential application-level attacks against Tor, thereby effectively securing and improving Tor networks. Since the fundamental vulnerability exposed by this paper is not specific to web browsing via Tor but rather to the problem of other low-latency applications based on TCP streams, our study is critical for securing and improving low-latency anonymous communication systems.

[1]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[2]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[3]  Micah Adler,et al.  Passive-Logging Attacks Against Anonymous Communications Systems , 2008, TSEC.

[4]  Václav Matyás,et al.  WWW security and trusted third party services , 2000, Future Gener. Comput. Syst..

[5]  Eric C. Price,et al.  Browser-Based Attacks on Tor , 2007, Privacy Enhancing Technologies.

[6]  Kevin Borders,et al.  Web tap: detecting covert web traffic , 2004, CCS '04.

[7]  Sushil Jajodia,et al.  Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[8]  Xinwen Fu,et al.  A New Replay Attack Against Anonymous Communication Networks , 2008, 2008 IEEE International Conference on Communications.

[9]  Michael K. Reiter,et al.  Anonymous Web transactions with Crowds , 1999, CACM.

[10]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[11]  Xinwen Fu,et al.  DSSS-Based Flow Marking Technique for Invisible Traceback , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Rolf Oppliger Privacy protection and anonymity services for the World Wide Web (WWW) , 2000, Future Gener. Comput. Syst..

[13]  Hai Zhuge,et al.  Schema Theory for Semantic Link Network , 2008, 2008 Fourth International Conference on Semantics, Knowledge and Grid.

[14]  Gang Liu,et al.  Discovering phishing target based on semantic link network , 2010 .

[15]  Riccardo Bettati,et al.  On Flow Correlation Attacks and Countermeasures in Mix Networks , 2004, Privacy Enhancing Technologies.

[16]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[17]  Peng Ning,et al.  Tracing Traffic through Intermediate Hosts that Repacketize Flows , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[18]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[19]  Takehiro Takahashi,et al.  An assessment of VoIP covert channel threats , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[20]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[21]  N. Ansari,et al.  Defending against traffic analysis attacks with link padding for bursty traffics , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[22]  Riccardo Bettati,et al.  On Flow Marking Attacks in Wireless Anonymous Communication Networks , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[23]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[24]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[25]  Steven J. Murdoch,et al.  Hot or not: revealing hidden services by their clock skew , 2006, CCS '06.

[26]  Dan Boneh,et al.  Covert channels in privacy-preserving identification systems , 2007, CCS '07.

[27]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[28]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[29]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[30]  Peng Ning,et al.  On the secrecy of timing-based active watermarking trace-back techniques , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[31]  Sushil Jajodia,et al.  Fingerprinting relational databases: schemes and specialties , 2005, IEEE Transactions on Dependable and Secure Computing.

[32]  Douglas R. Stinson,et al.  On the Construction of Practical Key Predistribution Schemes for Distributed Sensor Networks Using Combinatorial Designs , 2008, TSEC.