Onions in the Crosshairs: When The Man really is out to get you

We introduce and investigate targeting adversaries who selectively attack users of Tor or other secure-communication networks. We argue that attacks by such adversaries are more realistic and more significant threats to those most relying on Tor's protection than are attacks in prior analyses of Tor security. Previous research and Tor design decisions have focused on protecting against adversaries who are equally interested in any user of the network. Our adversaries selectively target users - e.g., those who visit a particular website or chat on a particular private channel - and essentially disregard Tor users other than these. We investigate three example cases where particular users might be targeted: a cabal conducting meetings using MTor, a published Tor multicast protocol; a cabal meeting on a private IRC channel; and users visiting a particular .onion website. In general for our adversaries, compromise is much faster and provides more feedback and possibilities for adaptation than do attacks examined in prior work. We also discuss selection of websites for targeting of their users based on the distribution across users of site activity. We describe adversaries attempting to learn the size of either a cabal meeting online or a set of sufficiently active visitors to a targeted site, and we describe adversaries attempting to identify guards of each targeted user. We compare the threat of targeting adversaries versus previously considered adversaries, and we briefly sketch possible countermeasures for resisting targeting adversaries.

[1]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[2]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[3]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[4]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[5]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[6]  Andrew Hintz Fingerprinting Websites Using TraÆ Analysis , 2002 .

[7]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[9]  Nick Feamster,et al.  Location diversity in anonymity networks , 2004, WPES '04.

[10]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[11]  Nicholas Hopper,et al.  How much anonymity does network latency leak? , 2007, TSEC.

[12]  George Danezis,et al.  Bridging and Fingerprinting: Epistemic Attacks on Route Selection , 2008, Privacy Enhancing Technologies.

[13]  Paul F. Syverson,et al.  More Anonymous Onion Routing Through Trust , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[14]  Margaret A. Gibson,et al.  The Onion , 1888, Hall's journal of health.

[15]  Nick Mathewson,et al.  Trust-based anonymous communication: adversary models and routing algorithms , 2011, CCS '11.

[16]  Alex Biryukov,et al.  Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization , 2013, 2013 IEEE Symposium on Security and Privacy.

[17]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[18]  Björn Scheuermann,et al.  The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network , 2014, NDSS.

[19]  R. Dingledine,et al.  One Fast Guard for Life ( or 9 months ) , 2014 .

[20]  Nicola Accettura,et al.  The Capture-Recapture approach for population estimation in computer networks , 2015, Comput. Networks.

[21]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[22]  Alec Muffett,et al.  The ".onion" Special-Use Domain Name , 2015, RFC.

[23]  George Danezis,et al.  Guard Sets for Onion Routing , 2015, Proc. Priv. Enhancing Technol..

[24]  Joan Feigenbaum,et al.  20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables , 2015, Proc. Priv. Enhancing Technol..

[25]  Nick Savage,et al.  The tor dark net , 2015 .

[26]  Ping Wang,et al.  Targeted Online Password Guessing: An Underestimated Threat , 2016, CCS.

[27]  Micah Sherr,et al.  Scalable and Anonymous Group Communication with MTor , 2016, Proc. Priv. Enhancing Technol..

[28]  Tao Wang,et al.  On Realistically Attacking Tor with Website Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[29]  M. Wright,et al.  Poster : Fingerprinting Hidden Service Circuits from a Tor Middle Relay , 2017 .

[30]  Thomas Eisenbarth,et al.  PerfWeb: How to Violate Web Privacy with Hardware Performance Events , 2017, ESORICS.