AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
Tor uses a small group of redundant, well-known onion routers to track changes in network topology and node state, including keys and exit policies

Tor: the second-generation onion router

USENIX Security Symposium, pp.21-21, (2004)

Cited by: 4325|Views187
EI
Full Text
Bibtex
Weibo

Abstract

We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services ...More

Code:

Data:

Introduction
  • Separation of “protocol cleaning” from anonymity: Onion Routing originally required a separate “application proxy” for each supported application protocol—most of which were never written, so many applications were never supported.
  • PipeNet [5, 12], another low-latency design proposed around the same time as Onion Routing, gave stronger anonymity but allowed a single user to shut down the network by not sending.
  • Tarzan and MorphMix allow unknown users to run servers, and use a limited resource to prevent an attacker from controlling too much of the network.
Highlights
  • Separation of “protocol cleaning” from anonymity: Onion Routing originally required a separate “application proxy” for each supported application protocol—most of which were never written, so many applications were never supported
  • PipeNet [5, 12], another low-latency design proposed around the same time as Onion Routing, gave stronger anonymity but allowed a single user to shut down the network by not sending
  • Many of the open problems in low-latency anonymity networks, such as generating dummy traffic or preventing Sybil attacks [22], may be solvable independently from the issues solved by Tor
  • If the packaging window reaches 0, the onion router stops reading from TCP connections for all streams on the corresponding circuit, and sends no more relay data cells until receiving a relay sendme cell
  • We provide location-hiding for Bob by allowing him to advertise several onion routers as contact points
  • Tor uses a small group of redundant, well-known onion routers to track changes in network topology and node state, including keys and exit policies
Results
  • Many of the open problems in low-latency anonymity networks, such as generating dummy traffic or preventing Sybil attacks [22], may be solvable independently from the issues solved by Tor. Hopefully future systems will not need to reinvent Tor’s design.
  • Once the circuit has been established, Alice and Bob can send one another relay cells encrypted with the negotiated key.1 More detail is given .
  • Because the old Onion Routing design used a stream cipher without integrity checking, traffic was vulnerable to a malleability attack: though the attacker could not decrypt cells, any changes to encrypted data would create corresponding changes to the data leaving the network.
  • If the packaging window reaches 0, the OR stops reading from TCP connections for all streams on the corresponding circuit, and sends no more relay data cells until receiving a relay sendme cell.
  • The current Tor design treats such attacks as intermittent network failures, and depends on users and applications to respond or recover as appropriate.
  • Most onion routers in the current network function as restricted exits that permit connections to the world at large, but prevent access to certain abuse-prone addresses and services such as SMTP.
  • Tor uses a small group of redundant, well-known onion routers to track changes in network topology and node state, including keys and exit policies.
Conclusion
  • To avoid attacks where a router connects to all the directory servers but refuses to relay traffic from other routers, the directory servers must build circuits and use them to anonymously test router reliability [18].
  • While filtering content is not a primary goal of Onion Routing, Tor can directly use Privoxy and related filtering services to anonymize application data streams.
  • (Thanks to the perfect forward secrecy of session keys, the attacker cannot force nodes to decrypt recorded traffic once the circuits have been closed.) building circuits that cross jurisdictions can make legal coercion harder—this phenomenon is commonly called “jurisdictional arbitrage.” The Java Anon Proxy project recently experienced the need for this approach, when a German court forced them to add a backdoor to their nodes [51].
Related work
  • Modern anonymity systems date to Chaum’s Mix-Net design [10]. Chaum proposed hiding the correspondence between sender and recipient by wrapping messages in layers of public-key cryptography, and relaying them through a path composed of “mixes.” Each mix in turn decrypts, delays, and re-orders messages before relaying them onward.

    Subsequent relay-based anonymity designs have diverged in two main directions. Systems like Babel [28], Mixmaster [36], and Mixminion [15] have tried to maximize anonymity at the cost of introducing comparatively large and variable latencies. Because of this decision, these highlatency networks resist strong global adversaries, but introduce too much lag for interactive tasks like web browsing, Internet chat, or SSH connections.

    Tor belongs to the second category: low-latency designs that try to anonymize interactive network traffic. These systems handle a variety of bidirectional protocols. They also provide more convenient mail delivery than the high-latency anonymous email networks, because the remote mail server provides explicit and timely delivery confirmation. But because these designs typically involve many packets that must be delivered quickly, it is difficult for them to prevent an attacker who can eavesdrop both ends of the communication from correlating the timing and volume of traffic entering the anonymity network with traffic leaving it [45]. These protocols are similarly vulnerable to an active adversary who introduces timing patterns into traffic entering the network and looks for correlated patterns among exiting traffic. Although some work has been done to frustrate these attacks, most designs protect primarily against traffic analysis rather than traffic confirmation (see Section 3.1).
Funding
  • This work has been supported by ONR and DARPA
Reference
  • A. Acquisti, R. Dingledine, and P. Syverson. On the economics of anonymity. In R. N. Wright, editor, Financial Cryptography. Springer-Verlag, LNCS 2742, 2003.
    Google ScholarFindings
  • R. Anderson. The eternity service. In Pragocrypt ’96, 1996.
    Google ScholarLocate open access versionFindings
  • The Anonymizer. <http://anonymizer.com/>.
    Findings
  • A. Back, I. Goldberg, and A. Shostack. Freedom systems 2.1 security issues and analysis. White paper, Zero Knowledge Systems, Inc., May 2001.
    Google ScholarFindings
  • A. Back, U. Moller, and A. Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. In I. S. Moskowitz, editor, Information Hiding (IH 2001), pages 245– 257. Springer-Verlag, LNCS 2137, 2001.
    Google ScholarFindings
  • M. Bellare, P. Rogaway, and D. Wagner. The EAX mode of operation: A two-pass authenticated-encryption scheme optimized for simplicity and efficiency. In Fast Software Encryption 2004, February 2004.
    Google ScholarLocate open access versionFindings
  • O. Berthold, H. Federrath, and S. Kopsell. Web MIXes: A system for anonymous and unobservable Internet access. In H. Federrath, editor, Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability. Springer-Verlag, LNCS 2009, 2000.
    Google ScholarLocate open access versionFindings
  • P. Boucher, A. Shostack, and I. Goldberg. Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc., December 2000.
    Google ScholarFindings
  • Z. Brown. Cebolla: Pragmatic IP Anonymity. In Ottawa Linux Symposium, June 2002.
    Google ScholarLocate open access versionFindings
  • D. Chaum. Untraceable electronic mail, return addresses, and digital pseudo-nyms. Communications of the ACM, 4(2), February 1981.
    Google ScholarLocate open access versionFindings
  • F. Dabek, M. F. Kaashoek, D. Karger, R. Morris, and I. Stoica. Wide-area cooperative storage with CFS. In 18th ACM Symposium on Operating Systems Principles (SOSP ’01), Chateau Lake Louise, Banff, Canada, October 2001.
    Google ScholarLocate open access versionFindings
  • W. Dai. Pipenet 1.1. Usenet post, August 1996. <http://www.eskimo.com/̃weidai/pipenet.txt> First mentioned in a post to the cypherpunks list, Feb.1995.
    Locate open access versionFindings
  • G. Danezis. Mix-networks with restricted routes. In R. Dingledine, editor, Privacy Enhancing Technologies (PET 2003). Springer-Verlag LNCS 2760, 2003.
    Google ScholarFindings
  • G. Danezis. Statistical disclosure attacks. In Security and Privacy in the Age of Uncertainty (SEC2003), pages 421–426, Athens, May 2003. IFIP TC11, Kluwer.
    Google ScholarLocate open access versionFindings
  • G. Danezis, R. Dingledine, and N. Mathewson. Mixminion: Design of a type III anonymous remailer protocol. In 2003 IEEE Symposium on Security and Privacy, pages 2–IEEE CS, May 2003.
    Google ScholarLocate open access versionFindings
  • D. Dean and A. Stubblefield. Using Client Puzzles to Protect TLS. In Proceedings of the 10th USENIX Security Symposium. USENIX, Aug. 2001.
    Google ScholarLocate open access versionFindings
  • T. Dierks and C. Allen. The TLS Protocol — Version 1.0. IETF RFC 2246, January 1999.
    Google ScholarLocate open access versionFindings
  • R. Dingledine, M. J. Freedman, D. Hopwood, and D. Molnar. A Reputation System to Increase MIX-net Reliability. In I. S. Moskowitz, editor, Information Hiding (IH 2001), pages 126– 141. Springer-Verlag, LNCS 2137, 2001.
    Google ScholarFindings
  • R. Dingledine, M. J. Freedman, and D. Molnar. The free haven project: Distributed anonymous storage service. In H. Federrath, editor, Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability. Springer-Verlag, LNCS 2009, July 2000.
    Google ScholarLocate open access versionFindings
  • R. Dingledine and N. Mathewson. Tor protocol specifications. <http://freehaven.net/tor/tor-spec.txt>.
    Findings
  • R. Dingledine and P. Syverson. Reliable MIX Cascade Networks through Reputation. In M. Blaze, editor, Financial Cryptography. Springer-Verlag, LNCS 2357, 2002.
    Google ScholarFindings
  • J. Douceur. The Sybil Attack. In Proceedings of the 1st International Peer To Peer Systems Workshop (IPTPS), Mar. 2002.
    Google ScholarLocate open access versionFindings
  • H. Federrath, A. Jerichow, and A. Pfitzmann. MIXes in mobile communication systems: Location management with privacy. In R. Anderson, editor, Information Hiding, First International Workshop, pages 121–135. Springer-Verlag, LNCS 1174, May 1996.
    Google ScholarLocate open access versionFindings
  • M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, November 2002.
    Google ScholarLocate open access versionFindings
  • S. Goel, M. Robson, M. Polte, and E. G. Sirer. Herbivore: A scalable and efficient protocol for anonymous communication. Technical Report TR2003-1890, Cornell University Computing and Information Science, February 2003.
    Google ScholarFindings
  • I. Goldberg. A Pseudonymous Communications Infrastructure for the Internet. PhD thesis, UC Berkeley, Dec 2000.
    Google ScholarFindings
  • D. M. Goldschlag, M. G. Reed, and P. F. Syverson. Hiding routing information. In R. Anderson, editor, Information Hiding, First International Workshop, pages 137–150. SpringerVerlag, LNCS 1174, May 1996.
    Google ScholarLocate open access versionFindings
  • C. Gulcuand G. Tsudik. Mixing E-mail with Babel. In Network and Distributed Security Symposium (NDSS 96), pages 2–16. IEEE, February 1996.
    Google ScholarLocate open access versionFindings
  • A. Hintz. Fingerprinting websites using traffic analysis. In R. Dingledine and P. Syverson, editors, Privacy Enhancing Technologies (PET 2002), pages 171–178. Springer-Verlag, LNCS 2482, 2002.
    Google ScholarFindings
  • A. Jerichow, J. Muller, A. Pfitzmann, B. Pfitzmann, and M. Waidner. Real-time mixes: A bandwidth-efficient anonymity protocol. IEEE Journal on Selected Areas in Communications, 16(4):495–509, May 1998.
    Google ScholarLocate open access versionFindings
  • D. Kesdogan, D. Agrawal, and S. Penz. Limits of anonymity in open environments. In F. Petitcolas, editor, Information Hiding Workshop (IH 2002). Springer-Verlag, LNCS 2578, October 2002.
    Google ScholarLocate open access versionFindings
  • D. Koblas and M. R. Koblas. SOCKS. In UNIX Security III Symposium (1992 USENIX Security Symposium), pages 77– 83. USENIX, 1992.
    Google ScholarLocate open access versionFindings
  • B. N. Levine, M. K. Reiter, C. Wang, and M. Wright. Timing analysis in low-latency mix-based systems. In A. Juels, editor, Financial Cryptography. Springer-Verlag, LNCS (forthcoming), 2004.
    Google ScholarFindings
  • B. N. Levine and C. Shields. Hordes: A multicast-based protocol for anonymity. Journal of Computer Security, 10(3):213– 240, 2002.
    Google ScholarLocate open access versionFindings
  • C. Meadows. The NRL protocol analyzer: An overview. Journal of Logic Programming, 26(2):113–131, 1996.
    Google ScholarLocate open access versionFindings
  • U. Moller, L. Cottrell, P. Palfrader, and L. Sassaman. Mixmaster Protocol — Version 2. Draft, July 2003. <http://www.abditum.com/mixmaster-spec.txt>.
    Findings
  • V. S. Pai, L. Wang, K. Park, R. Pang, and L. Peterson. The Dark Side of the Web: An Open Proxy’s View. <http://codeen.cs.princeton.edu/>.
    Findings
  • A. Pfitzmann, B. Pfitzmann, and M. Waidner. ISDN-mixes: Untraceable communication with very small bandwidth overhead. In GI/ITG Conference on Communication in Distributed Systems, pages 451–463, February 1991.
    Google ScholarLocate open access versionFindings
  • Privoxy. <http://www.privoxy.org/>.
    Findings
  • M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Protocols using anonymous connections: Mobile applications. In B. Christianson, B. Crispo, M. Lomas, and M. Roe, editors, Security Protocols: 5th International Workshop, pages 13–23. Springer-Verlag, LNCS 1361, April 1997.
    Google ScholarLocate open access versionFindings
  • M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 16(4):482–494, May 1998.
    Google ScholarLocate open access versionFindings
  • M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. ACM TISSEC, 1(1):66–92, June 1998.
    Google ScholarLocate open access versionFindings
  • M. Rennhard and B. Plattner. Practical anonymity for the masses with morphmix. In A. Juels, editor, Financial Cryptography. Springer-Verlag, LNCS (forthcoming), 2004.
    Google ScholarFindings
  • M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. Analysis of an Anonymity Network for Web Browsing. In IEEE 7th Intl. Workshop on Enterprise Security (WET ICE 2002), Pittsburgh, USA, June 2002.
    Google ScholarLocate open access versionFindings
  • A. Serjantov and P. Sewell. Passive attack analysis for connection-based anonymity systems. In Computer Security – ESORICS 2003. Springer-Verlag, LNCS 2808, October 2003.
    Google ScholarLocate open access versionFindings
  • R. Sherwood, B. Bhattacharjee, and A. Srinivasan. p5: A protocol for scalable anonymous communication. In IEEE Symposium on Security and Privacy, pages 58–70.
    Google ScholarLocate open access versionFindings
  • A. Shubina and S. Smith. Using caching for browsing anonymity. ACM SIGEcom Exchanges, 4(2), Sept 2003.
    Google ScholarLocate open access versionFindings
  • P. Syverson, M. Reed, and D. Goldschlag. Onion Routing access configurations. In DARPA Information Survivability Conference and Exposition (DISCEX 2000), volume 1, pages 34–40. IEEE CS Press, 2000.
    Google ScholarLocate open access versionFindings
  • P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an Analysis of Onion Routing Security. In H. Federrath, editor, Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability, pages 96– 114. Springer-Verlag, LNCS 2009, July 2000.
    Google ScholarLocate open access versionFindings
  • A. Tannenbaum. Computer networks, 1996.
    Google ScholarLocate open access versionFindings
  • The AN.ON Project. German police proceeds against anonymity service. Press release, September 2003. <http://www.datenschutzzentrum.de/
    Findings
  • M. Waldman and D. Mazieres. Tangler: A censorshipresistant publishing system based on document entanglements. In 8th ACM Conference on Computer and Communications Security (CCS-8), pages 86–135. ACM Press, 2001.
    Google ScholarLocate open access versionFindings
  • M. Waldman, A. Rubin, and L. Cranor. Publius: A robust, tamper-evident, censorship-resistant and source-anonymous web publishing system. In Proc. 9th USENIX Security Symposium, pages 59–72, August 2000.
    Google ScholarLocate open access versionFindings
  • M. Wright, M. Adler, B. N. Levine, and C. Shields. Defending anonymous communication against passive logging attacks. In IEEE Symposium on Security and Privacy, pages 28–41.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科