Push and pull Tor users' guards through optimized resource portfolios
ZHANG Guoqiang1, XU Mingwei1,2
1. Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China; 2. Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China
Abstract:[Objective] The second-generation onion router (Tor), as the most popular low-latency anonymous communication network on the Internet, is vulnerable to deanonymization attacks caused by traffic analysis. Evaluating the cost associated with acquiring user traffic is crucial to the measurement of the severity of this threat. Because of the direct correlation between Tor network entry nodes and user identities and the fact that these nodes can also be deployed by adversaries, Tor network entry nodes play a vital role in obtaining user traffic. When constructing communication circuits, Tor clients need to be compelled to select the entry nodes of adversaries, commonly referred to as guards. However, the existing approaches used to obtain user traffic by manipulating guard nodes often overlook cost-effectiveness, leading to cost evaluations that do not truthfully reflect the potential capabilities of adversaries. [Methods] To address the cost optimization issue of acquiring Tor user traffic, this study presents a novel model, i.e., the push and pull Tor users' guards through optimized resource portfolios (P-Group). The proposed method deploys controllable nodes to draw user traffic. Meanwhile, the proposed method expedites user traffic migration by utilizing general traffic to congest noncontrollable nodes that are currently used by users. This study unifies the resource measurements of both node deployment and bandwidth attacks and analyzes their correlation to enhance resource allocation efficiency. Through in-depth research into the traffic control and congestion mechanisms of the Tor protocol, P-Group employs queuing theory to quantify the reduction in the observed bandwidth of noncontrollable nodes. Moreover, the impact of attacking noncontrollable nodes with identical traffic can vary based on their bandwidth capacities. P-Group utilizes adapted flow deviation techniques to effectively coordinate the total amount of attack resources and target bandwidth capacity to optimize resource allocation. Considering the extensive operational scope and competitiveness of contemporary cloud service providers, this study assumes that the bandwidth requirements of adversaries are readily obtainable from various sources. By investigating standard hosting product prices across ten cloud service providers, including GoDaddy, the average cost of attack bandwidth is determined and integrated into the experimental assessment. [Results] The analysis and simulation results show that P-Group improves the utility and security levels while achieving a more advantageous cost-effectiveness ratio. Solely focusing on deploying controllable nodes, once their total bandwidth reaches 2% of the entire Tor network capacity, the marginal gain from investing resources decreases significantly. The utility of resource distribution has been improved by 20.5% by the proposed method compared with that of an equal split strategy between node deployment and bandwidth attacking. Furthermore, in the context of bandwidth attacks, the likelihood of planted nodes being selected by Tor clients is 15% higher than those of six traditional traffic distribution methods. With the implementation of P-Group, the average duration of the migration of user traffic from noncontrollable nodes to adversary-controllable nodes is approximately 200h, incurring costs of several hundred dollars. [Conclusions] In summary, while challenges persist in cost management within the existing methods of acquiring Tor user traffic, optimization can mitigate these hurdles to attain practical and feasible goals, thereby elevating traffic analysis attacks to a substantial threat.
[1] DINGLEDINE R, MATHEWSON N, SYVERSON P F. Tor:The second-generation onion router[C]//13th USENIX Security Symposium. San Diego, USA:USENIX, 2004:303-320. [2] LOESING K, MURDOCH S J, DINGLEDINE R. A case study on measuring statistical data in the Tor anonymity network[C]//FC 2010 Workshops on Financial Cryptography and Data Security. Tenerife, Canary Islands, Spain:Springer, 2010:203-215. [3] ISIS L, GEORGE K, OLA B, et al. Tor guard specification[EB/OL].(2023-08-25)[2023-09-21]. https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/attic/text_formats/guard-spec.txt. [4] WAN G, JOHNSON A, WAILS R, et al. Guard placement attacks on path selection algorithms for Tor[J]. Proceedings on Privacy Enhancing Technologies, 2019, 2019(4):272-291. [5] BAUER K, MCCOY D, GRUNWALD D, et al. Low-resource routing attacks against Tor[C]//Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society. Alexandria, USA:ACM, 2007:11-20. [6] THILL F. Hidden service tracking detection and bandwidth cheating in Tor anonymity network[D]. Luxembourg:University of Luxembourg, 2014. [7] TAN Q F, WANG X B, SHI W, et al. An anonymity vulnerability in Tor[J]. IEEE/ACM Transactions on Networking, 2022, 30(6):2574-2587. [8] SUN Y X, EDMUNDSON A, VANBEVER L, et al. RAPTOR:Routing attacks on privacy in Tor[C]//24th USENIX Conference on Security Symposium. Washington, USA:USENIX Association, 2015:271-286. [9] PAPPAS V, ATHANASOPOULOS E, IOANNIDIS S, et al. Compromising anonymity using packet spinning[C]//11th International Conference on Information Security. Taipei, China:Springer, 2008:161-174. [10] BARBERA M V, KEMERLIS V P, PAPPAS V, et al. CellFlood:Attacking Tor onion routers on the cheap[C]//18th European Symposium on Computer Security. Egham, UK:Springer, 2013:664-681. [11] PERRY M. TorFlow:Tor network analysis[C]//Proceedings of the 2nd Hot Topics in Privacy Enhancing Technologies. Seattle, USA:IEEE, 2009:1-14. [12] Anon. Tor metrics[EB/OL][2023-09-21]. https://metrics.torproject.org. [13] ISIS L, GEORGE K, OLA B, et al. Tor directory protocol, version 2[EB/OL].(2023-08-25)[2024-02-01]. https://gitlab.torproject.org/tpo/core/torspec/blob/main/attic/dir-spec-v2.txt. [14] REKHTER Y, LI T, HARES S. A border gateway protocol 4(BGP-4)[R]. San Francisco:IETF, 2006. [15] 张瑾. Tor匿名通信系统路由选择技术研究[D].北京:北京交通大学, 2021. ZHANG J. Research on path selection technology of Tor anonymous communication system[D]. Beijing:Beijing Jiaotong University, 2021.(in Chinese) [16] JOHNSON A, WACEK C, JANSEN R, et al. Users get routed:Traffic correlation on Tor by realistic adversaries[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer&Communications Security. Berlin, Germany:ACM, 2013:337-348. [17] JANSEN R, HOPPER N. Shadow:Running Tor in a box for accurate and efficient experimentation[C]//19th Annual Network and Distributed System Security Symposium. San Diego, USA:The Internet Society, 2012. [18] LI C L, XUE Y B, DONG Y F, et al. "Super nodes" in Tor:Existence and security implication[C]//Proceedings of the 27th Annual Computer Security Applications Conference. Orlando, USA:ACM, 2011:217-226. [19] OLDENBURG L, ACAR G, DIAZ C. From "onion not found" to guard discovery[J]. Proceedings on Privacy Enhancing Technologies, 2022, 2022(1):522-543. [20] JANSEN R, VAIDYA T, SHERR M. Point break:A study of bandwidth denial-of-service attacks against Tor[C]//28th USENIX Conference on Security Symposium. Santa Clara, USA:USENIX Association, 2019:1823-1840. [21] ALSABAH M, BAUER K, GOLDBERG I, et al. DefenestraTor:Throwing out windows in Tor[C]//11th International Symposium on Privacy Enhancing Technologies. Waterloo, Canada:Springer, 2011:134-154. [22] Bose S K. An introduction to queueing systems[M]. Boston:Springer, 2013. [23] FRATTA L, GERLA M, KLEINROCK L. The flow deviation method:An approach to store-and-forward communication network design[J]. Networks, 1973, 3(2):97-133. [24] FRATTA L, GERLA M, KLEINROCK L. Flow deviation:40 years of incremental flows for packets, waves, cars and tunnels[J]. Computer Networks, 2014, 66:18-31.
2024, Vol. 64 
