Bridging and Fingerprinting: Epistemic Attacks on Route Selection

Users building routes through an anonymization network must discover the nodes comprising the network. Yet, it is potentially costly, or even infeasible, for everyone to know the entire network. We introduce a novel attack, the route bridging attack, which makes use of what route creators do notknow of the network. We also present new discussion and results concerning route fingerprinting attacks, which make use of what route creators do know of the network. We prove analytic bounds for both route fingerprinting and route bridging and describe the impact of these attacks on published anonymity-network designs. We also discuss implications for network scaling and client-server vs. peer-to-peer systems.

[1]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[2]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.

[3]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[4]  Lang Tong,et al.  Anonymous Networking Amidst Eavesdroppers , 2008, IEEE Transactions on Information Theory.

[5]  Antony I. T. Rowstron,et al.  Cashmere: resilient anonymous routing , 2005, NSDI.

[6]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[7]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[9]  Joan Feigenbaum,et al.  Probabilistic analysis of onion routing in a black-box model , 2007, WPES '07.

[10]  Peter Sewell,et al.  Passive-attack analysis for connection-based anonymity systems , 2004, International Journal of Information Security.

[11]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[12]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[13]  K. F. Johnson The Second Generation , 2008 .

[14]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[15]  G. Danezis,et al.  Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity , 2007 .

[16]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[17]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[18]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[19]  George Danezis,et al.  Route Fingerprinting in Anonymous Communications , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[20]  Vitaly Shmatikov,et al.  Probabilistic Model Checking of an Anonymity System , 2004 .

[21]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[22]  Steven J. Murdoch,et al.  Sampled Traffic Analysis by Internet-Exchange-Level Adversaries , 2007, Privacy Enhancing Technologies.

[23]  Bernhard Plattner,et al.  Practical Anonymity for the Masses with MorphMix , 2004, Financial Cryptography.

[24]  David R. Karger,et al.  Chord: a scalable peer-to-peer lookup protocol for internet applications , 2003, TNET.

[25]  Vitaly Shmatikov Probabilistic analysis of an anonymity system , 2004, J. Comput. Secur..

[26]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[27]  Paul Syverson,et al.  Onion routing access configurations , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[28]  Robert Tappan Morris,et al.  Introducing Tarzan, a Peer-to-Peer Anonymizing Network Layer , 2002, IPTPS.

[29]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.