Analysis of Onion Routing Security and Adversary-based Metrics

Slide Note
Embed
Share

In this comprehensive analysis, the security aspects of Onion Routing are scrutinized along with adversary-based metrics. Various security vulnerabilities such as compromised relays and potential attacks on the first and last routers are examined. Existing metrics like entropy coefficients and probability distributions are explored to understand the threats posed by adversarial entities. Additionally, adversary-based metrics shed light on the resources and strategies employed by potential attackers. The study delves into the temporal nature of protocols and user behavior, highlighting the evolving nature of security challenges in anonymous communication networks.

rus_n
rus_n Follow

Uploaded on Sep 06, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar

  2. Onion Routing 1 2 u d 3 5 User u running client Internet destination d 4 Onion routing relays Encrypted onion-routing hop Unencrypted onion-routing hop

  3. Basic Onion Routing Security u 1 2 d v e 3 5 4 w f 1. 2. 3. 4.

  4. Basic Onion Routing Security u 1 2 d v e 3 5 4 w f 1. First router compromised 2. 3. 4.

  5. Basic Onion Routing Security u 1 2 d v e 3 5 4 w f 1. First router compromised 2. Last router compromised 3. 4.

  6. Basic Onion Routing Security u 1 2 d v e 3 5 4 w f 1. First router compromised 2. Last router compromised 3. First and last compromised 4.

  7. Basic Onion Routing Security u 1 2 d v e 3 5 4 w f 1. First router compromised 2. Last router compromised 3. First and last compromised 4. Neither first nor last compromised

  8. Existing Metrics 1. Entropy / Gini coefficient of path distribution 2. Source entropy of given connection 3. Probability of selecting adversarial routers in a circuit 4. Probability of crossing an Autonomous System to entry and from exit

  9. Analysis Ideas 1. Adversary-based 2. Defined over time 3. Probability distributions

  10. Adversary-based Metrics Resources Bandwidth Compromised relays Money Autonomous Systems Locations (IXPs, NAPs, cable landing points) Governments Game structure Actions Resource reallocation Blocking/modifying traffic Move order Strategy / Goal Targeting users Dragnet

  11. Defined over time Protocols have dependencies over time Guards User behavior has time dependencies Patterns in long-term behavior Short-term patterns (browsing, application sessions) Adversaries have time dependencies Control network resources over time

  12. Onion Routing 1 2 u d 3 5 User u running client Internet destination d 4 Onion routing relays Encrypted onion-routing hop Unencrypted onion-routing hop

  13. Onion Routing 1 2 u d 3 5 User u running client Internet destination d 4 Onion routing relays Encrypted onion-routing hop Unencrypted onion-routing hop

  14. Onion Routing 1 2 u d 3 5 User u running client Internet destination d 4 Onion routing relays Encrypted onion-routing hop Unencrypted onion-routing hop

  15. Probability distributions Bad things happen with non-negligible probability Average/worst-case analysis loses useful information Experiments give samples, but generally lack statistical validity

  16. Example Onion Routing Metrics A runs m relays PDF of number of compromised paths in a week A controls a ASs PDF of number of correct guesses about cxn source A compromises k relays PDF of number of destinations observed A contributes b bandwidth PDF of time until client chooses compromised path

  17. Evaluation on Tor April November 2011 Observed BW avg: 4947442 KBps Observed Guard BW avg 2697602 KBps Observed Exit BW avg: 1333764 KBps Adversary controls: 2/2 top guard/exit relays: (3.5/7% of guard/exit) 4/4 top guard/exit relays: (6.7/13% of guard/exit) 8/8 top guard/exit relays: (10/20% of guard/exit) 3000 clients

  18. Adversary has 4/4 top guards/exits Adversary has 2/2 top guards/exits Adversary has 8/8 top guards/exits

  19. Adversary has 4/4 top guards/exits Adversary has 2/2 top guards/exits Adversary has 8/8 top guards/exits

  20. ISP adversary w/ 8 top exits ISP adversary w/ 4 top exits Adversary has 16 top exits

  21. Challenges Making good adversary models What resources are limiting? What strategies are the greatest threats? Statistically-valid probability distributions Sample space over time is huge Protocols may depend on network dynamics Virtual Coordinate Systems Congestion-aware routing

Related


Geometric Routing Concepts and Byzantine Fault Tolerance

Geometric Routing Concepts and Byzantine Fault Tolerance

korilynnp
Adaptive Resilient Routing via Preorders in SDN

Adaptive Resilient Routing via Preorders in SDN

ryad
Preventing Active Timing Attacks in Low-Latency Anonymous Communication

Preventing Active Timing Attacks in Low-Latency Anonymous Communication

kmike
Trust-Based Anonymous Communication Models and Routing Algorithms

Trust-Based Anonymous Communication Models and Routing Algorithms

real885
Metrics and Lessons Learned for Object-Oriented Projects

Metrics and Lessons Learned for Object-Oriented Projects

leda_66
Understanding EIGRP: A Comprehensive Overview

Understanding EIGRP: A Comprehensive Overview

rebeca
Updates and Changes in SPA/SPAC Processes

Updates and Changes in SPA/SPAC Processes

bzir
Understanding Onion Routing for Enhanced Privacy Protection

Understanding Onion Routing for Enhanced Privacy Protection

marleyn
Understanding IP Routing and Switching in Computer Networks

Understanding IP Routing and Switching in Computer Networks

cabsh
Understanding Static Routing in Network Infrastructure Workshops

Understanding Static Routing in Network Infrastructure Workshops

raid_52
Understanding Security Onion: Network Security Monitoring Tools

Understanding Security Onion: Network Security Monitoring Tools

sadhbh
Understanding Greedy Distributed Spanning Tree Routing in Wireless Sensor Networks

Understanding Greedy Distributed Spanning Tree Routing in Wireless Sensor Networks

sprio
Understanding Evaluation Metrics in Machine Learning

Understanding Evaluation Metrics in Machine Learning

mattywo
Understanding Routing Protocols in Network Layer

Understanding Routing Protocols in Network Layer

yawn_den
Understanding Networking Principles and Routing Algorithms in Distributed Systems

Understanding Networking Principles and Routing Algorithms in Distributed Systems

brantso
Challenges in Establishing a Secure Inter-Domain Routing System

Challenges in Establishing a Secure Inter-Domain Routing System

karlish
Understanding Non-Optimal Routing and 32-Bit ASN Compatibility

Understanding Non-Optimal Routing and 32-Bit ASN Compatibility

abdulmo
EOSDIS FY2010 Annual Metrics Report

EOSDIS FY2010 Annual Metrics Report

lyer495
The Onion as a Metaphor for Love

The Onion as a Metaphor for Love

cai_iel
Exploring Cellular Structures: Microscopic Examination of Onion Cells

Exploring Cellular Structures: Microscopic Examination of Onion Cells

gjam
Understanding BGP Basics and Routing Security

Understanding BGP Basics and Routing Security

cobe_53
Responsible Use of Publication Metrics in Research Assessment

Responsible Use of Publication Metrics in Research Assessment

holland
Understanding Software Measurement and Metrics in Software Engineering

Understanding Software Measurement and Metrics in Software Engineering

asmodeus
Evaluation Metrics for IEEE 802.11-14/0107 HEW Proposal

Evaluation Metrics for IEEE 802.11-14/0107 HEW Proposal

suon919

More Related Content