Locating hidden servers

Hidden services were deployed on the Tor anonymous communication network in 2004. Announced properties include server resistance to distributed DoS. Both the EFF and Reporters Without Borders have issued guides that describe using hidden services via Tor to protect the safety of dissidents as well as to resist censorship. We present fast and cheap attacks that reveal the location of a hidden server. Using a single hostile Tor node we have located deployed hidden servers in a matter of minutes. Although we examine hidden services over Tor, our results apply to any client using a variety of anonymity networks. In fact, these are the first actual intersection attacks on any deployed public network: thus confirming general expectations from prior theory and simulation. We recommend changes to route selection design and implementation for Tor. These changes require no operational increase in network overhead and are simple to make; but they prevent the attacks we have demonstrated. They have been implemented

[1]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Roger Dingledine,et al.  On the Economics of Anonymity , 2003, Financial Cryptography.

[3]  R. Anderson The Eternity Service , 1996 .

[4]  Roger Dingledine,et al.  Reliable MIX Cascade Networks through Reputation , 2002, Financial Cryptography.

[5]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[6]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[7]  Nick Mathewson,et al.  Challenges in deploying low-latency anonymity , 2005 .

[8]  Ian Goldberg,et al.  A pseudonymous communications infrastructure for the internet , 2000 .

[9]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[10]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[11]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[12]  Peter Sewell,et al.  Passive Attack Analysis for Connection-Based Anonymity Systems , 2003, ESORICS.

[13]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[14]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[15]  Roger M. Needham,et al.  Denial of service: an example , 1994, CACM.

[16]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[17]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[18]  David Mazières,et al.  Tangler: a censorship-resistant publishing system based on document entanglements , 2001, CCS '01.

[19]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[20]  Anton Stiglic,et al.  Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems , 2001, Information Hiding.

[21]  André Årnes,et al.  Non-expanding Transaction Specific Pseudonymization for IP Traffic Monitoring , 2005, CANS.

[22]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[23]  Oliver Berthold,et al.  Dummy Traffic against Long Term Intersection Attacks , 2002, Privacy Enhancing Technologies.

[24]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[25]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.