Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman
advertisement
Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Large Scale Simulation of Tor: Stream Correlation Attacks Mix Networks Low latency Networks Network Simulation Results Attacks Gavin O’ Gorman Dublin City University December 8, 2007 Conclusion Anonymous networks Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Proxy Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Simple Mix Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Cascade Mix Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Free Cascade Mix Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Low latency network Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Traffic Analysis Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Currently deployed anonymous networks Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks I Over 1500 nodes I Over 100 countries I Hundreds of thousands on connections through the network I Theorized traffic analysis attacks Network Simulation Results Attacks Conclusion Currently deployed anonymous networks Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks I Over 1500 nodes I Over 100 countries I Hundreds of thousands on connections through the network I Theorized traffic analysis attacks I How anonymous is a user ? Network Simulation Results Attacks Conclusion SSFNet Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman I Scalable Simulation Framework Network (SSFNet) I Simulate TCP/IP, Ethernet, Socket interfaces I Has HTTP/TCP generators. I TCPDump compatible output Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion I Simulated Tor circuits, routing, traffic fragmentation I US ISP Topology I 6,000 nodes I Run the simulation for 1060 seconds to settle and then 60 for data Tor Simulation Process Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Large Scale Simulation of Tor: Stream Correlation Attacks Results Gavin O’ Gorman Anonymous Networks I I Probability of correctly identifying streams entering the network with streams exiting the network Several attacks used I I I Start and End timing Packet counting Cross-Correlation - Pearson Function I Run the attacks with increasing numbers of streams I Don’t know the transit time, so have to test Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion Start & End stream timing Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation I Compare the start and end times of streams I 98% to 94% of streams filtered Results Attacks Conclusion Packet counting Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation I Count the number of cells in a stream I 5% to 15% of streams are removed. Results Attacks Conclusion Large Scale Simulation of Tor: Stream Correlation Attacks Cross-Correlation Gavin O’ Gorman Anonymous Networks 0 0 i ((xi − µ)(xi+d − µ )) q r (d) = pP P 0 2 0 2 i (xi − µ) i (xi+d − µ ) P Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion I Set a windows size W and count the number of packets received I xi is the ith packet count of stream x I xi0 is the ith packet count of stream x 0 I µ is the average of packet counts in stream x I d is the variable delay value Large Scale Simulation of Tor: Stream Correlation Attacks Cross-Correlation Gavin O’ Gorman Fixed time window of 1s attack Anonymous Networks 100 Percentage of streams correctly correlated Mix Networks Low latency Networks Network Simulation 80 Results Attacks 60 Conclusion 40 20 0 0 5 10 15 Number of ASs 20 25 Conclusion Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks I I Initial results show promise Future work the simulation will allow us to: I I I Introduce delay and measure QoS & Anonymity Test active attacks Modify Tor protocol to account for specific attacks scenarios Network Simulation Results Attacks Conclusion Thank you! Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks I Thanks for listening and thanks to Science Foundation Ireland Network Simulation Results Attacks Conclusion Any questions ? Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O’ Gorman Anonymous Networks Mix Networks Low latency Networks Network Simulation Results Attacks Conclusion
