Defending Tor from Network Adversaries: A Case Study of Network Path Prediction
Abstract
The Tor anonymity network has been shown vulnerable to traffic analysis attacks by autonomous systems and Internet exchanges, which can observe different overlay hops belonging to the same circuit. We evaluate whether network path prediction techniques provide an accurate picture of the threat from such adversaries, and whether they can be used to avoid this threat. We perform a measurement study by collecting 17.2 million traceroutes from Tor relays to destinations around the Internet. We compare the collected traceroute paths to predicted paths using state-of-the-art path inference techniques. We find that only 20.0% of predicted paths match paths seen in the traceroutes. We also consider the impact that prediction errors have on Tor security. Using a simulator to choose paths over a week, our traceroutes indicate a user could expect 10.9% of paths to contain an AS compromise and 0.9% to have an IX compromise with default Tor selection. We find modifying the path selection to choose paths predicted to be safe still presents a 5.3-1% chance of compromise in a week while making 5.1% of paths fail with 96% failing unnecessarily due to false positives in path inferences. Our results demonstrate more measurement and better path prediction is necessary to mitigate the risk of AS and IX adversaries to Tor.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2015
- Accession Number
- ADA619170
Entities
People
- Aaron M. Johnson
- Anupam Das
- Joshua Juan
- Matthew Caesar
- Nikita Borisov
Organizations
- United States Naval Research Laboratory