CellFlood: Attacking Tor Onion Routers on the Cheap

In this paper, we introduce a new Denial-of-Service attack against Tor Onion Routers and we study its feasibility and implications. In particular, we exploit a design flaw in the way Tor software builds virtual circuits and demonstrate that an attacker needs only a fraction of the resources required by a network DoS attack for achieving similar damage. We evaluate the effects of our attack on real Tor routers and we propose an estimation methodology for assessing the resources needed to attack any publicly accessible Tor node. Finally, we present the design and implementation of an effective solution to the problem that relies on cryptographic client puzzles, and we present results from its performance and effectiveness evaluation.

[1]  Steven J. Murdoch,et al.  Sampled Traffic Analysis by Internet-Exchange-Level Adversaries , 2007, Privacy Enhancing Technologies.

[2]  Barry E. Mullins,et al.  Using Client Puzzles to Mitigate Distributed Denial of Service Attacks in the Tor Anonymous Routing Environment , 2007, 2007 IEEE International Conference on Communications.

[3]  Steven M. Bellovin,et al.  Using Link Cuts to Attack Internet Routing , 2003 .

[4]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[5]  Stefan Lindskog,et al.  How China Is Blocking Tor , 2012, ArXiv.

[6]  kc claffy,et al.  Bandwidth estimation: metrics, measurement techniques, and tools , 2003, IEEE Netw..

[7]  Bart Preneel,et al.  Computer Security - ESORICS 2010, 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. Proceedings , 2010, ESORICS.

[8]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[9]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[10]  Nicholas Hopper,et al.  Shadow: Running Tor in a Box for Accurate and Efficient Experimentation , 2011, NDSS.

[11]  Danny Krizanc,et al.  Detecting Denial of Service Attacks in Tor , 2009, Financial Cryptography.

[12]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[13]  Nicholas Hopper,et al.  On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design , 2009, WPES '09.

[14]  Steven J. Murdoch,et al.  Hot or not: revealing hidden services by their clock skew , 2006, CCS '06.

[15]  Prateek Mittal,et al.  Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting , 2011, CCS '11.

[16]  Ian Goldberg,et al.  Anonymity and one-way authentication in key exchange protocols , 2012, Designs, Codes and Cryptography.

[17]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[18]  Yi Shi,et al.  Fingerprinting Attack on the Tor Anonymity System , 2009, ICICS.

[19]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[20]  Elisa Bertino,et al.  Computer Security — ESORICS 96 , 1996, Lecture Notes in Computer Science.

[21]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[22]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[23]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[24]  Kevin Jeffay,et al.  Tracking the evolution of Web traffic: 1995-2003 , 2003, 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003..

[25]  Paul F. Syverson,et al.  As-awareness in Tor path selection , 2009, CCS.

[26]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[27]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[28]  Zhen Ling,et al.  One Cell is Enough to Break Tor's Anonymity , 2009 .

[29]  Sotiris Ioannidis,et al.  Compromising Anonymity Using Packet Spinning , 2008, ISC.

[30]  Angelos D. Keromytis,et al.  Traffic Analysis against Low-Latency Anonymity Networks Using Available Bandwidth Estimation , 2010, ESORICS.