DOCSLIB.ORG

Selfrando: Securing the Tor Browser Against De-Anonymization Exploits

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Selfrando: Securing the Tor Browser Against De-Anonymization Exploits Proceedings on Privacy Enhancing Technologies ; 2016 (4):454–469 Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Georg Koppen, Per Larsen, Christopher Liebchen, Mike Perry, and Ahmad-Reza Sadeghi Selfrando: Securing the Tor Browser against De-anonymization Exploits Abstract: Tor is a well-known anonymous communica- 1 Introduction tion system used by millions of users, including jour- nalists and civil rights activists all over the world. The The Tor Project provides a suite of free software and Tor Browser gives non-technical users an easy way to a worldwide network designed to facilitate anonymous access the Tor Network. However, many government or- information exchange and to prevent surveillance and ganizations are actively trying to compromise Tor not fingerprinting of these interactions. The Tor network only in regions with repressive regimes but also in the is open to anyone and widely used by civil rights ac- free world, as the recent FBI incidents clearly demon- tivists, whistleblowers, journalists, citizens of oppressive strate. Exploiting software vulnerabilities in general, regimes, etc. Many sensitive websites, including the late and browser vulnerabilities in particular, constitutes a Silk Road black market, are only accessible over Tor. clear and present threat to the Tor software. The Tor Consequently, the Tor Network is continually facing de- Browser shares a large part of its attack surface with the anonymization attacks by law enforcement, intelligence Firefox browser. Therefore, Firefox vulnerabilities (even agencies, and foreign nation states. A de-anonymization patched ones) are highly valuable to attackers trying to attack aims to disclose information, such as the identity monitor users of the Tor Browser. or the location, of an anonymous user. While many de- In this paper, we present selfrando—an enhanced and anonymization attacks rely on weaknesses in the net- practical load-time randomization technique for the Tor work protocol, they often require that adversaries con- Browser that defends against exploits, such as the one trol a large number of Tor nodes [26] or only work in a FBI allegedly used against Tor users. Our solution sig- lab environment [39]. nificantly improves security over standard address space An alternative and practical way to de-anonymize layout randomization (ASLR) techniques currently used Tor users is to exploit security vulnerabilities in the soft- by Firefox and other mainstream browsers. Moreover, ware used to access the Tor network. The most common we collaborated closely with the Tor Project to ensure way to access Tor is via the Tor Browser (TB) [73], that selfrando is fully compatible with AddressSanitizer which includes a pre-configured Tor client. Since TB is (ASan), a compiler feature to detect memory corrup- based on Mozilla’s Firefox browser, they share a large tion. ASan is used in a hardened version of Tor Browser part of their attack surfaces. In 2013, the Federal Bu- for test purposes. The Tor Project decided to include reau of Investigation (FBI) exploited a known software our solution in the hardened releases of the Tor Browser, vulnerability in Firefox [71] to de-anonymize Tor users which is currently undergoing field testing. that had not updated to the most recent version of Keywords: De-anonymization exploits, code- TB [27, 57, 74]. Due to the success of this operation, randomization, privacy-oriented software, Tor Browser. exploit brokers [79] (and, presumably, governments and criminals) are currently soliciting exploits for the TB. DOI 10.1515/popets-2016-0050 Received 2016-02-29; revised 2016-06-02; accepted 2016-06-02. In early 2016, it was confirmed that the FBI contin- ues to monitor the Tor network, this time using a de- Mauro Conti: Università degli Studi di Padova, E-mail: [email protected] Christopher Liebchen: CASED/Technische Stephen Crane: Immunant, Inc., E-mail: [email protected] Universität Darmstadt, Germany, Tommaso Frassetto: CASED/Technische Universität Darm- E-mail: [email protected] stadt, Germany, E-mail: [email protected] Mike Perry: The Tor Project, Andrei Homescu: Immunant, Inc., E-mail: [email protected] E-mail: [email protected] Ahmad-Reza Sadeghi: CASED/Technische Universität Georg Koppen: The Tor Project, E-mail: [email protected] Darmstadt, Germany, E-mail: [email protected] Per Larsen: Immunant, Inc., E-mail: [email protected] Selfrando: Securing the Tor Browser against De-anonymization Exploits 455 anonymization attack devised by Carnegie Mellon Uni- avoids risky binary rewriting or the need to use a versity researchers [19]. custom compiler, and instead works with existing The Open Technology Fund commissioned a study build tools. Moreover, it is fully compatible with on current and future hardening efforts to reduce the ASan, which required additional implementation ef- attack surface of the TB [58]. One of the recommenda- fort since the randomization interferes with ASan. tions was to use compiler techniques to detect mem- – Increased Entropy and Leakage Resilience ory corruption (buffer overflow, use-after-free, unini- selfrando reduces the impact of information leak- tialized variables, etc.) such as the AddressSanitizer age vulnerabilities and increases entropy relative (ASan) feature [61]. Another key recommendation was to ASLR, making selfrando more effective against to use address space layout randomization (ASLR) to guessing attacks. Our use of load-time randomiza- prevent exploitation of memory corruption vulnerabili- tion mitigates threats from attackers observing bi- ties. While ASan imposes a high runtime overhead [61], naries during download or after the executable files ASLR is very efficient. However, ASLR was recom- have been stored on disk. mended because it is widely supported by compilers – Hardening the Tor Browser We demonstrate and operating systems, not for its security properties. In the practicality of selfrando by applying it to the en- fact, the shortcomings of ASLR are well documented in tire TB without requiring any code changes. Our de- the academic literature [8, 16, 33, 62, 64, 68]. ASLR can tailed and careful evaluation shows that the startup be made significantly stronger by randomizing not just and performance overheads of selfrando are negligi- the base address of modules but also the code inside each ble. module. Address space layout permutation (ASLP) [44], for instance, randomizes the location of each function individually, thwarting many of the techniques used to 2 Background bypass ASLR. Until now, however, the ASLR improve- ments suggested in the literature have suffered from one or more drawbacks that have prevented their use 2.1 Exploiting Memory Corruption in practice. Some techniques rely on binary rewriting, ++ which does not scale to complex programs such as web Unlike modern programming languages, C and C rely browsers [22, 38]; others randomize the code using a cus- on manual memory management, trading reliability for tomized compiler [35], or require each user to download flexibility and performance. Hence, memory manage- their own unique binary [42]. ment errors often create vulnerabilities that can be ex- Goals and Contributions The goal of this ploited to hijack control flow and perform other mali- paper is to demonstrate a load-time randomization cious operations that were never intended by the pro- technique—named selfrando—that improves security gram authors. over ASLR while preserving the features that enabled Traditionally, attackers used a buffer overflow to di- ASLR’s widespread adoption. While technically chal- rectly inject malicious code into a program and exe- lenging, our use of load-time function layout permuta- cute it [6]. However, the introduction of the W⊕X pol- tion ensures that the attack surface changes from one icy that requires memory pages to either be writable run to another. Load-time randomization also ensures or executable, but not both, made most code-injection compatibility with code signing and distribution mech- attacks [49] obsolete. As W⊕X became commonplace, anisms that use caching to efficiently serve millions of attackers changed their tactics from code injection to users. Finally, we worked in close collaboration with the code reuse. These attacks reuse existing, legitimate code TB developers to ensure that selfrando was fully com- for malicious purposes and have therefore proven far patible with ASan so that users can use both techniques harder to stop than code injection. Return-into-libc simultaneously. ASan is used in a hardened version of (RILC) attacks, for example, arrange the stack con- TB to detect and diagnose memory corruption errors. tents so the attacker can call dangerous functions inside Summing up, our main contributions are: the C library with attacker-controlled arguments [52]. – Practical Randomization Framework Unlike Researchers later demonstrated a more general class of other solutions that have only been tested on bench- code reuse attacks called return-oriented programming marks, selfrando can be applied to the TB with- (ROP) [63]. The insight behind ROP is that attackers out any changes to the source code. To the best of can build a malicious virtual machine out of short in- our knowledge, selfrando is the first approach that struction sequences—called gadgets in ROP parlance— Selfrando: Securing the Tor Browser against De-anonymization Exploits 456 ending with a return (or some other indirect branch). 2.3 Trust in Privacy-preserving Software These gadgets are
Load more

Recommended publications
  • A Generic Data Exchange System for F2F Networks
    The Retroshare project The GXS system Decentralize your app! A Generic Data Exchange System for F2F Networks Cyril Soler C.Soler The GXS System 03 Feb. 2018 1 / 19 The Retroshare project The GXS system Decentralize your app! Outline I Overview of Retroshare I The GXS system I Decentralize your app! C.Soler The GXS System 03 Feb. 2018 2 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows, (+ Android). C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows.
    [Show full text]
  • Anonymous Rate Limiting with Direct Anonymous Attestation
    Anonymous rate limiting with Direct Anonymous Attestation Alex Catarineu Philipp Claßen Cliqz GmbH, Munich Konark Modi Josep M. Pujol 25.09.18 Crypto and Privacy Village 2018 Data is essential to build services 25.09.18 Crypto and Privacy Village 2018 Problems with Data Collection IP UA Timestamp Message Payload Cookie Type 195.202.XX.XX FF.. 2018-07-09 QueryLog [face, facebook.com] Cookie=966347bfd 14:01 1e550 195.202.XX.XX Chrome.. 2018-07-09 Page https://analytics.twitter.com/user/konark Cookie=966347bfd 14:06 modi 1e55040434abe… 195.202.XX.XX Chrome.. 2018-07-09 QueryLog [face, facebook.com] Cookie=966347bfd 14:10 1e55040434abe… 195.202.XX.XX Chrome.. 2018-07-09 Page https://booking.com/hotels/barcelona Cookie=966347bfd 16:15 1e55040434abe… 195.202.XX.XX Chrome.. 2018-07-09 QueryLog [face, facebook.com] Cookie=966347bfd 14:10 1e55040434abe… 195.202.XX.XX FF.. 2018-07-09 Page https://shop.flixbus.de/user/resetting/res Cookie=966347bfd 18:40 et/hi7KTb1Pxa4lXqKMcwLXC0XzN- 1e55040434abe… 47Tt0Q 25.09.18 Crypto and Privacy Village 2018 Anonymous data collection Timestamp Message Type Payload 2018-07-09 14 Querylog [face, facebook.com] 2018-07-09 14 Querylog [boo, booking.com] 2018-07-09 14 Page https://booking.com/hotels/barcelona 2018-07-09 14 Telemetry [‘engagement’: 0 page loads last week, 5023 page loads last month] More details: https://gist.github.com/solso/423a1104a9e3c1e3b8d7c9ca14e885e5 http://josepmpujol.net/public/papers/big_green_tracker.pdf 25.09.18 Crypto and Privacy Village 2018 Motivation: Preventing attacks on anonymous data collection Timestamp Message Type Payload 2018-07-09 14 querylog [book, booking.com] 2018-07-09 14 querylog [fac, facebook.com] … ….
    [Show full text]
  • DARK WEB INVESTIGATION GUIDE Contents 1
    DARK WEB INVESTIGATION GUIDE Contents 1. Introduction 3 2. Setting up Chrome for Dark Web Access 5 3. Setting up Virtual Machines for Dark Web Access 9 4. Starting Points for Tor Investigations 20 5. Technical Clues for De-Anonymizing Hidden Services 22 5.1 Censys.io SSL Certificates 23 5.2 Searching Shodan for Hidden Services 24 5.3 Checking an IP Address for Tor Usage 24 5.4 Additional Resources 25 6. Conclusion 26 2 Dark Web Investigation Guide 1 1. Introduction 3 Introduction 1 There is a lot of confusion about what the dark web is vs. the deep web. The dark web is part of the Internet that is not accessible through traditional means. It requires that you use a technology like Tor (The Onion Router) or I2P (Invisible Internet Project) in order to access websites, email or other services. The deep web is slightly different. The deep web is made of all the webpages or entire websites that have not been crawled by a search engine. This could be because they are hidden behind paywalls or require a username and password to access. We are going to be setting up access to the dark web with a focus on the Tor network. We are going to accomplish this in two different ways. The first way is to use the Tor Browser to get Google Chrome connected to the the Tor network. This is the less private and secure option, but it is the easiest to set up and use and is sufficient for accessing material on the dark web.
    [Show full text]
  • An Analysis of Private Browsing Modes in Modern Browsers
    An Analysis of Private Browsing Modes in Modern Browsers Gaurav Aggarwal Elie Bursztein Collin Jackson Dan Boneh Stanford University CMU Stanford University Abstract Even within a single browser there are inconsistencies. We study the security and privacy of private browsing For example, in Firefox 3.6, cookies set in public mode modes recently added to all major browsers. We first pro- are not available to the web site while the browser is in pose a clean definition of the goals of private browsing private mode. However, passwords and SSL client cer- and survey its implementation in different browsers. We tificates stored in public mode are available while in pri- conduct a measurement study to determine how often it is vate mode. Since web sites can use the password man- used and on what categories of sites. Our results suggest ager as a crude cookie mechanism, the password policy that private browsing is used differently from how it is is inconsistent with the cookie policy. marketed. We then describe an automated technique for Browser plug-ins and extensions add considerable testing the security of private browsing modes and report complexity to private browsing. Even if a browser ad- on a few weaknesses found in the Firefox browser. Fi- equately implements private browsing, an extension can nally, we show that many popular browser extensions and completely undermine its privacy guarantees. In Sec- plugins undermine the security of private browsing. We tion 6.1 we show that many widely used extensions un- propose and experiment with a workable policy that lets dermine the goals of private browsing.
    [Show full text]
  • The Potential Harms of the Tor Anonymity Network Cluster Disproportionately in Free Countries
    The potential harms of the Tor anonymity network cluster disproportionately in free countries Eric Jardinea,1,2, Andrew M. Lindnerb,1, and Gareth Owensonc,1 aDepartment of Political Science, Virginia Tech, Blacksburg, VA 24061; bDepartment of Sociology, Skidmore College, Saratoga Springs, NY 12866; and cCyber Espion Ltd, Portsmouth PO2 0TP, United Kingdom Edited by Douglas S. Massey, Princeton University, Princeton, NJ, and approved October 23, 2020 (received for review June 10, 2020) The Tor anonymity network allows users to protect their privacy However, substantial evidence has shown that the preponder- and circumvent censorship restrictions but also shields those ance of Onion/Hidden Services traffic connects to illicit sites (7). distributing child abuse content, selling or buying illicit drugs, or With this important caveat in mind, our data also show that the sharing malware online. Using data collected from Tor entry distribution of potentially harmful and beneficial uses is uneven, nodes, we provide an estimation of the proportion of Tor network clustering predominantly in politically free regimes. In particular, users that likely employ the network in putatively good or bad the average rate of likely malicious use of Tor in our data for ways. Overall, on an average country/day, ∼6.7% of Tor network countries coded by Freedom House as “not free” is just 4.8%. In users connect to Onion/Hidden Services that are disproportion- countries coded as “free,” the percentage of users visiting Onion/ ately used for illicit purposes. We also show that the likely balance Hidden Services as a proportion of total daily Tor use is nearly of beneficial and malicious use of Tor is unevenly spread globally twice as much or ∼7.8%.
    [Show full text]
  • Technical and Legal Overview of the Tor Anonymity Network
    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5
    [Show full text]
  • The Tor Dark Net
    PAPER SERIES: NO. 20 — SEPTEMBER 2015 The Tor Dark Net Gareth Owen and Nick Savage THE TOR DARK NET Gareth Owen and Nick Savage Copyright © 2015 by Gareth Owen and Nick Savage Published by the Centre for International Governance Innovation and the Royal Institute of International Affairs. The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of the Centre for International Governance Innovation or its Board of Directors. This work is licensed under a Creative Commons Attribution — Non-commercial — No Derivatives License. To view this license, visit (www.creativecommons.org/licenses/by-nc- nd/3.0/). For re-use or distribution, please include this copyright notice. 67 Erb Street West 10 St James’s Square Waterloo, Ontario N2L 6C2 London, England SW1Y 4LE Canada United Kingdom tel +1 519 885 2444 fax +1 519 885 5450 tel +44 (0)20 7957 5700 fax +44 (0)20 7957 5710 www.cigionline.org www.chathamhouse.org TABLE OF CONTENTS vi About the Global Commission on Internet Governance vi About the Authors 1 Executive Summary 1 Introduction 2 Hidden Services 2 Related Work 3 Study of HSes 4 Content and Popularity Analysis 7 Deanonymization of Tor Users and HSes 8 Blocking of Tor 8 HS Blocking 9 Conclusion 9 Works Cited 12 About CIGI 12 About Chatham House 12 CIGI Masthead GLOBAL COMMISSION ON INTERNET GOVERNANCE PAPER SERIES: NO. 20 — SEPTEMBER 2015 ABOUT THE GLOBAL ABOUT THE AUTHORS COMMISSION ON INTERNET Gareth Owen is a senior lecturer in the School of GOVERNANCE Computing at the University of Portsmouth.
    [Show full text]
  • Security Audit of Safeplug “Tor in a Box”
    Security Audit of Safeplug “Tor in a Box” Anne Edmundson Anna Kornfeld Simpson Joshua A. Kroll Princeton University Princeton University Princeton University [email protected] [email protected] [email protected] Edward W. Felten Princeton University [email protected] Abstract hardware, software, network behavior, and usability of the device. The following are some of our findings: We present the first public third-party security audit of Pogoplug’s Safeplug device, which markets “complete security and anonymity online” by using Tor technology • The Safeplug functions as a HTTP proxy for the to protect users’ IP addresses. We examine the hardware, browser, which then uses Tor for outgoing traffic. software, and network behavior of the Safeplug device, • Despite the use of Privoxy as an ad-blocker, the as well as the user experience in comparison to other Safeplug does nothing to prevent users’ browsers forms of web browsing. Although the Safeplug appears from collecting both first- and third-party tracking to use Tor as advertised, users may still be identified in cookies, allowing users to be de-anonymized across ways they may not expect. Furthermore, an engineer- websites despite the presence of Tor [27]. ing vulnerability in how the Safeplug accepts settings • Safeplug users are vulnerable to a Cross-Site Re- changes would allow an adversary internal or external to quest Forgery (CSRF) attack that allows an attacker a user’s home network to silently disable Tor or modify external to their home network to modify the Safe- other Safeplug settings, which completely invalidates the plug settings (including silently turning off the use security claims of the device.
    [Show full text]
  • Defending Against Malicious Cyber Activity Originating From
    TLP:WHITE Product ID: A20-183A July 1, 2020 Defending Against Malicious Cyber Activity Originating from Tor This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)—highlights risks associated with Tor, along with technical details and recommendations for mitigation. Cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.1,2,3 Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes. This software is maintained by the Tor Project, a nonprofit organization that provides internet anonymity and anti-censorship tools. While Tor can be used to promote democracy and free, anonymous use of the internet, it also provides an avenue for malicious actors to conceal their activity because identity and point of origin cannot be determined for a Tor software user. Using the Onion Routing Protocol, Tor software obfuscates a user’s identity from anyone seeking to monitor online activity (e.g., nation states, surveillance organizations, information security tools). This is possible because the online activity of someone using Tor software appears to originate from the Internet Protocol (IP) address of a Tor exit node, as opposed to the IP address of the user’s computer. CISA and the FBI recommend that organizations assess their individual risk of compromise via Tor and take appropriate mitigations to block or closely monitor inbound and outbound traffic from known Tor nodes. 1 CISA Alert published April 2020: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching.
    [Show full text]
  • Guide to Retroshare Tor Or I2P Routing Update Some Quick Notes To
    A Guide to Retroshare Tor or I2P routing Update Some quick notes to supplement the existing Help Guides for setting up Retroshare Regular and Hidden Nodes routed via Tor and/or I2P. Snapshot in this update 1) Point out the torrc exit node command is not needed for Regular and Hidden Node Retroshare Tor routing with torrc examples. 2) Steps, guides for setting up multiple Tor binary folders each using a different Socks Port for concurrent TorS applications to enable different specific listening ports, Tor proxys. 3) Guide for setting up a I2P 4/4a/5 client tunnel and need to turn off unused I2P default tunnels. Retroshare Regular nodes using the optional Tor proxy client does not need nor use any Tor Exit Nodes. Unless you are using the same Tor binary for applications which require a Exit Node to clearnet such as with a FeedReader RSS server or website, do not include Exit Node commands in your Tor torrc file. Retroshare Regular Node using the optional Tor Proxy client Working Torrc Example (adjust the file paths for your needs, system) # This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamedm to torrc.orig.1 or similar, and Tor will ignore it DataDirectory /usr/local/etc/tor GeoIPFile /usr/local/etc/tor/geoip GeoIPv6File /usr/local/etc/tor/geoip6 SocksPort 9050 Retroshare Hidden nodes routed solely to and inside the Tor Network should not have any Exit Node commands in your Tor torrc file. Working example of a Retroshare Hidden node operating as a Tor Hidden Service torrc file # This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it DataDirectory /usr/local/etc/tor GeoIPFile /usr/local/etc/tor/geoip GeoIPv6File /usr/local/etc/tor/geoip6i HiddenServiceDir /home/name/hideserv HiddenServicePort 11040 127.0.0.1:13080 SocksPort 9050 Running Multiple concurrentt applications routing each through the tor network as a Tor proxy client or as a Tor hidden service.
    [Show full text]
  • Download (1MB)
    Universit¨atdes Saarlandes Naturwissenschaftlich-Technische Fakult¨atI Fachrichtung Informatik Bachelorarbeit The MatoR Addon Accessible Quantification of Tor Anonymity for the Tor Browser vorgelegt von Markus Bauer am 13.08.2015 Begutachtet von: Prof. Dr. Michael Backes Dr. Christian Rossow Eidesstattliche Erkl¨arung Ich erkl¨arehiermit an Eides Statt, dass ich die vorliegende Arbeit selbst¨andig verfasst und keine anderen als die angegebenen Quellen und Hilfsmittel verwendet habe. Statement in Lieu of an Oath I hereby confirm that I have written this thesis on my own and that I have not used any other media or materials than the ones referred to in this thesis Einverst¨andniserkl¨arung Ich bin damit einverstanden, dass meine (bestandene) Arbeit in beiden Versionen in die Bibliothek der Informatik aufgenommen und damit ver¨offentlicht wird. Declaration of Consent I agree to make both versions of my thesis (with a passing grade) accessible to the public by having them added to the library of the Computer Science Department. Saarbr¨ucken, (Datum/Date) (Unterschrift/Signature) Eidesstattliche Erkl¨arung Ich erkl¨arehiermit an Eides Statt, dass die vorliegende Arbeit mit der elektronischen Version ¨ubereinstimmt. Statement in Lieu of an Oath I hereby confirm the congruence of the contents of the printed data and the electronic version of the thesis. Saarbr¨ucken, (Datum/Date) (Unterschrift/Signature) Abstract Since 2004, the anonymous communication network Tor provides anonymity to its users. However, no assessment of the degree of anonymity was available to Tor users. The anonymity monitor MATor (CCS'14) was built to rigorously assess the current degree of anonymity in the Tor network.
    [Show full text]
  • Compromising Tor Anonymity Exploiting P2P Information Leakage
    Compromising Tor Anonymity Exploiting P2P Information Leakage Pere Manils, Chaabane Abdelberi, Stevens Le Blond, Mohamed Ali Kaafar, Claude Castelluccia, Arnaud Legout, Walid Dabbous To cite this version: Pere Manils, Chaabane Abdelberi, Stevens Le Blond, Mohamed Ali Kaafar, Claude Castelluccia, et al.. Compromising Tor Anonymity Exploiting P2P Information Leakage. [Research Report] 2010. inria-00471556 HAL Id: inria-00471556 https://hal.inria.fr/inria-00471556 Submitted on 8 Apr 2010 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Compromising Tor Anonymity Exploiting P2P Information Leakage Pere Manils, Abdelberi Chaabane, Stevens Le Blond, Mohamed Ali Kaafar, Claude Castelluccia, Arnaud Legout, Walid Dabbous ABSTRACT etc.) present in the victim’s browser to reveal browser’s his- Privacy of users in P2P networks goes far beyond their tory, location information, and other sensitive data [7, 2, 4, current usage and is a fundamental requirement to the adop- 17]. tion of P2P protocols for legal usage. In a climate of cold In order to prevent or at least reduce these attacks, the war between these users and anti-piracy groups, more and Tor project recommends the use of web proxy solutions like more users are moving to anonymizing networks in an at- Privoxy or Polipo [19, 5, 21].
    [Show full text]