The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

Abstract : Tor is a distributed onion-routing network used for achieving anonymity and resisting censorship online. Because of Tor's growing popularity, it is attracting increasingly larger threats against which it was not securely designed. In this paper we present the Sniper Attack, an extremely low cost but highly destructive denial of service attack against Tor that an adversary may use to anonymously disable arbitrary Tor relays. The attack utilizes valid protocol messages to boundlessly consume memory by exploiting Tor's end-to-end reliable data transport. We design and evaluate a prototype of the attack to show its feasibility and efficiency: our experiments show that an adversary may consume a victim relay's memory by as much as 2187 KiB/s while using at most only 92 KiB/s of upstream bandwidth. We extend our experimental results to estimate the threat against the live Tor network and find that a strategic adversary could disable all of the top 20 exit relays in only 29 minutes, thereby reducing Tor's bandwidth capacity by 35 percent. We also show how the attack enables the deanonymization of hidden services through selective denial of service by forcing them to choose guard nodes in control of the adversary. Finally, we discuss defenses against the Sniper Attack that provably render the attack ineffective, and suggest defenses against deanonymization by denial-of-service attacks in general that significantly mitigate the threat.

[1]  Virgil D. Gligor,et al.  A formal specification and verification method for the prevention of denial of service , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[2]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[3]  Stefan Savage,et al.  TCP congestion control with a misbehaving receiver , 1999, CCRV.

[4]  Vern Paxson,et al.  Computing TCP's Retransmission Timer , 2000, RFC.

[5]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[6]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[7]  Rob Sherwood,et al.  Misbehaving TCP receivers can cause internet-wide congestion collapse , 2005, CCS '05.

[8]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2003, IEEE/ACM Transactions on Networking.

[9]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[10]  Paul F. Syverson,et al.  Valet Services: Improving Hidden Servers with a Personal Touch , 2006, Privacy Enhancing Technologies.

[11]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[12]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[13]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[14]  Sotiris Ioannidis,et al.  Compromising Anonymity Using Packet Spinning , 2008, ISC.

[15]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[16]  Prateek Mittal,et al.  Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting , 2011, CCS '11.

[17]  Ian Goldberg,et al.  DefenestraTor: Throwing Out Windows in Tor , 2011, PETS.

[18]  Björn Scheuermann,et al.  Tor is unfair — And what to do about it , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[19]  Muttukrishnan Rajarajan,et al.  Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver , 2012, 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[20]  Ian Goldberg,et al.  Changing of the guards: a framework for understanding and improving entry guard selection in tor , 2012, WPES '12.

[21]  Danny Krizanc,et al.  Effectiveness and detection of denial-of-service attacks in tor , 2012, TSEC.

[22]  Stefan Lindskog,et al.  How the Great Firewall of China is Blocking Tor , 2012, FOCI.

[23]  Roger Dingledine,et al.  Methodically Modeling the Tor Network , 2012, CSET.

[24]  Nicholas Hopper,et al.  Shadow: Running Tor in a Box for Accurate and Efficient Experimentation , 2011, NDSS.

[25]  I. Goldberg,et al.  A Taxonomy of Internet Censorship Resistance Strategies , 2012 .

[26]  Nikita Borisov,et al.  Securing Anonymous Communication Channels under the Selective DoS Attack , 2013, Financial Cryptography.

[27]  Nicholas Hopper,et al.  How Low Can You Go: Balancing Performance with Anonymity in Tor , 2013, Privacy Enhancing Technologies.

[28]  Alex Biryukov,et al.  Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization , 2013, 2013 IEEE Symposium on Security and Privacy.

[29]  Angelos D. Keromytis,et al.  CellFlood: Attacking Tor Onion Routers on the Cheap , 2013, ESORICS.