论文信息 - Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication

Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication

The Tor network has established itself as de-facto standard for anonymous communication on the Internet, providing an increased level of privacy to over a million users worldwide. As a result, interest in the security of Tor is steadily growing, attracting researchers from academia as well as industry and even nation-state actors. While various attacks based on traffic analysis have been proposed, low accuracy and high false-positive rates in real-world settings still prohibit their application on a large scale. In this paper, we present Torben, a novel deanonymization attack against Tor. Our approach is considerably more reliable than existing traffic analysis attacks, simultaneously far less intrusive than browser exploits. The attack is based on an unfortunate interplay of technologies: (a) web pages can be easily manipulated to load content from untrusted origins and (b) despite encryption, low-latency anonymization networks cannot effectively hide the size of request-response pairs. We demonstrate that an attacker can abuse this interplay to design a side channel in the communication of Tor, allowing short web page markers to be transmitted to expose the web page a user visits over Tor. In an empirical evaluation with 60,000 web pages, our attack enables detecting these markers with an accuracy of over 91% and no false positives.

[1] Nikita Borisov,et al. SWIRL: A Scalable Watermark to Detect Correlated Network Flows , 2011, NDSS.

[2] Nick Mathewson,et al. Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[3] Matthew K. Wright,et al. Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[4] Thomas Engel,et al. Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[5] Vitaly Shmatikov,et al. Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[6] Sushil Jajodia,et al. Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[7] Brijesh Joshi,et al. Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[8] Brian Neil Levine,et al. Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[9] Konrad Rieck,et al. — Technical Report — Torben: Deanonymizing Tor Communication using Web Page Markers , 2014 .

[10] Hannes Federrath,et al. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.