Browser-Based Attacks on Tor

Total Page:16

File Type:pdf, Size:1020Kb

Browser-Based Attacks on Tor Browser-Based Attacks on Tor Tim Abbott, Katherine Lai, Michael Lieberman, Eric Price {tabbott, k lai, mathmike, ecprice}@mit.edu Abstract. This paper describes a new attack on the anonymity of web browsing with Tor. The attack tricks a user’s web browser into sending a distinctive signal over the Tor network that can be detected using traffic analysis. It is delivered by a malicious exit node using a man-in-the- middle attack on HTTP. Both the attack and the traffic analysis can be performed by an adversary with limited resources. While the attack can only succeed if the attacker controls one of the victim’s entry guards, the method reduces the time required for a traffic analysis attack on Tor from O(nk) to O(n + k), where n is the number of exit nodes and k is the number of entry guards. This paper presents techniques that exploit the Tor exit policy system to greatly simplify the traffic analysis. The fundamental vulnerability exposed by this paper is not specific to Tor but rather to the problem of anonymous web browsing itself. This paper also describes a related attack on users who toggle the use of Tor with the popular Firefox extension Torbutton. 1 Introduction The Internet was not designed with anonymity in mind; in fact, one of the original design goals was accountability [3]. Every packet sent by established protocols identifies both parties. However, most users expect that their Internet communications are and should remain anonymous. As was recently highlighted by the uproar over AOL’s release of a large body of “anonymized” search query data [10], this disparity violates the security principle that systems meet the secu- rity expectations of their users. Some countries have taken a policy of arresting people for expressing dissident opinions on the Internet. Anonymity prevents these opinions from being traced back to their originators, increasing freedom of speech. For applications that can tolerate high latencies, such as electronic mail, there are systems that achieve nearly perfect anonymity [1]. Such anonymity is difficult to achieve with low latency systems such as web browsing, however, because of the conflict between preventing traffic analysis on the flow of packets through the network and delivering packets in an efficient and timely fashion. Because of the obvious importance of the problem, there has been a great deal of recent research on low-latency anonymity systems. Tor, the second-generation onion router, is the largest anonymity network in existence today. In this paper we describe a new scheme for executing a practical timing attack on browsing the web anonymously with Tor. Using this attack, an adversary can identify a fraction of the Tor users who use a malicious exit node and then leave a browser window open for an hour. With current entry guard implementations, the attack requires the adversary to control only a single Tor server in order to identify as much as 0.4% of Tor users targeted by the malicious node (and this probability can be increased roughly linearly by adding more machines). The targeting can be done based on the potential victim’s HTTP traffic (so, for example, one could eventually identify 0.4% of Tor users who read Slashdot). 2 How Tor Works Tor [5] is an anonymizing protocol that uses onion routing to hide the source of TCP traffic. Onion routing is a scheme based on layered encryption, which was first developed for anonymizing electronic mail [1]. As of December 15, 2006, Tor was used by approximately 200,000 users and contained about 750 nodes (also sometimes referred to as “servers” or “routers”) [4]. Fig. 1. A Tor circuit. The client chooses an entry node, a middle node, and an exit node, allowing the exit node to fetch content from a web server. In Tor, a client routes his traffic through a chain of three nodes that he selects from the Tor network, as shown in Figure 1. A client constructs this path of nodes, or “circuit”, by performing Diffie-Hellman handshakes with each of the nodes to exchange symmetric keys for encryption and decryption. These Tor nodes are picked from a list of current servers that are published by a signed directory service.1 To send TCP data through the circuit, the client starts by breaking the stream into fixed sized cells that are successively encrypted with the keys that have been negotiated with each of the nodes in the path, starting with the exit node’s key and ending with the entry node’s key. Fixed size cells are important so that anyone reading the encrypted traffic cannot use cell size to help identify a client [7][9]. Using this protocol, the entry node is the only node that is told the client’s identity, the exit node is the only node that is told the destination’s identity and the actual TCP data sent, and the middle node simply exchanges encrypted cells between the entry node and the exit node along a particular circuit. The nodes are selected approximately randomly using an algorithm dependent on various Tor node statistics distributed by the directory server, some client history, and client preferences. 3 Related Work In May 2006, S. Murdoch and G. Danezis discussed how a website can include “traffic analysis bugs”—invisible signal generators which are used to shape traffic in the Tor network [11]. Our attack uses similar signal generators to attack a Tor client. We rely on the ideas of the papers discussed in the next two sections to deliver the attack and to identify the Tor client. 3.1 Browser Attacks To browse the Internet anonymously using Tor, a user must use an HTTP proxy such as Privoxy so that traffic will be diverted through Tor rather than sent directly over the Internet. This is especially important because browsers will not automatically send DNS queries through a SOCKS proxy. However, pieces of software that plug into the browser, such as Flash, Java, and ActiveX Controls, do not necessarily use the browser’s proxy for their network traffic. Thus, when any of these programs are downloaded and subsequently executed by the web browser, any Internet connections that the programs make will not go through Tor first. Instead, they will establish direct TCP connections, compromising the user’s anonymity, as shown in Figure 2. This attack allows a website to iden- tify its visitors but does not allow a third party to identify Tor users visiting a given website. These active content systems are well-known problems in anony- mous web-browsing, and most anonymizing systems warn users to disable active content systems in their browsers. In October 2006, FortConsult Security [2] described how to extend this attack so that parties could identify Tor users visiting a website they do not control. The attacker uses a malicious exit node to modify HTTP traffic and thus conduct a man-in-the-middle attack, as shown in Figure 3. In particular, it inserts an 1 While the directory service is signed, anyone can add an entry, and claim to have a long uptime and high bandwidth. This makes getting users to use a malicious node a little easier, because clients prefer to use servers with good statistics. Fig. 2. A browser attack using Flash included in a website. The client’s web browser executes a Flash program, which then opens a direct connection to a logger machine, compromising the client’s anonymity. invisible iframe with a reference to some malicious web server and a unique cookie. In rendering the page, the web browser will make a request to the web server and will retrieve a malicious Flash application. If Flash is enabled in the browser, then the Flash movie is played invisibly. The Flash application sends the cookie given to the user directly to the evil web server, circumventing Tor. The web server can then identify which webpages were sent to which users by matching the cookies with the Flash connections. In other words, all Tor users who use HTTP through that exit node while Flash is enabled will have their HTTP traffic associated with their respective IP addresses. However, if we assume that the number of malicious Tor servers is small compared to the total number of Tor servers, a normal user will get a malicious exit node only once in a while. As a result, this attack only works to associate traffic with the particular user for the length of time that the user keeps the same Tor circuit, or at most ten minutes by default. 3.2 Finding Hidden Servers Along with hiding the locations of clients, Tor also supports location-hidden servers, where the clients of a service (for example, visitors to a website) are not able to identify the machine hosting the service. To connect to a hidden server, a client sends a message through an introduction point that is advertised as Fig. 3. A browser attack executed by an exit node. The client’s web browser exe- cutes a Flash program inserted into a webpage by the exit node, which opens a direct connection to a logger machine. being associated with the hidden service by the Tor directory. A clever anony- mous interaction results in the hidden client and hidden server both opening Tor connections to a rendezvous point (chosen by the client). The rendezvous point patches the connections together to form an anonymous channel between the hidden client and hidden server. In May 2006, L. Øverlier and P. Syverson [12] described an attack to locate hidden servers in Tor. The attacker begins by inserting a malicious Tor node into the Tor network and using a Tor client to repeatedly connect to the targeted hidden server, sending a distinctive signal over each Tor connection.
Recommended publications
  • Pairing-Based Onion Routing with Improved Forward Secrecy ∗
    Pairing-Based Onion Routing with Improved Forward Secrecy ∗ Aniket Kate Greg M. Zaverucha Ian Goldberg David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, Canada N2L 3G1 {akate,gzaveruc,iang}@cs.uwaterloo.ca Abstract This paper presents new protocols for onion routing anonymity networks. We define a provably secure privacy-preserving key agreement scheme in an identity-based infrastructure setting, and use it to forge new onion routing circuit constructions. These constructions, based on a user’s selection, offer immediate or eventual forward secrecy at each node in a circuit and require significantly less computation and communication than the telescoping mechanism used by Tor. Further, the use of the identity-based infrastructure also leads to a reduction in the required amount of authenticated directory information. Therefore, our constructions provide practical ways to allow onion routing anonymity networks to scale gracefully. Keywords: onion routing, Tor, pairing-based cryptography, anonymous key agreement, forward secrecy 1 Introduction Over the years, a large number of anonymity networks have been proposed and some have been implemented. Common to many of them is onion routing [RSG98], a technique whereby a message is wrapped in multiple layers of encryption, forming an onion. As the message is delivered via a number of intermediate onion routers (ORs), or nodes, each node decrypts one of the layers, and forwards the message to the next node. This idea goes back to Chaum [Cha81] and has been used to build both low- and high-latency communication networks. A common realization of an onion routing system is to arrange a collection of nodes that will relay traffic for users of the system.
    [Show full text]
  • Copyrighted Material
    Anonymizing 1 Your Activities In our daily lives we like to have a certain level of privacy. We have curtains on our win- dows, doors for our offices, and even special screen protectors for computers to keep out prying eyes. This idea of wanting privacy also extends to the use of the Internet. We do not want people knowing what we typed in Google, what we said in our Instant Message conversations, or what websites we visited. Unfortunately, your private information is largely available if someone is watching. When doing any number of things on the Internet, there are plenty of reasons you might want to go incognito. However, that does not mean you’re doing anything wrong or illegal. he justification for anonymity when researching malware and bad guys is pretty Tstraightforward. You do not want information to show up in logs and other records that might tie back to you or your organization. For example, let’s say you work at a finan- cial firm and you recently detected that a banking trojan infected several of your systems. You collected malicious domain names, IP addresses, and other data related to the malware. The next steps you take in your research may lead you to websites owned by the criminals. As a result, if you are not taking precautions to stay anonymous, your IP address will show up in various logs and be visible to miscreants. If the criminals can identify you or the organization from which you conduct your research, they may COPYRIGHTEDchange tactics or go into hiding, MATERIAL thus spoiling your investigation.
    [Show full text]
  • Into the Reverie: Exploration of the Dream Market
    Into the Reverie: Exploration of the Dream Market Theo Carr1, Jun Zhuang2, Dwight Sablan3, Emma LaRue4, Yubao Wu5, Mohammad Al Hasan2, and George Mohler2 1Department of Mathematics, Northeastern University, Boston, MA 2Department of Computer & Information Science, Indiana University - Purdue University, Indianapolis, IN 3Department of Mathematics and Computer Science, University of Guam, Guam 4Department of Mathematics and Statistics, University of Arkansas at Little Rock, AK 5Department of Computer Science, Georgia State University, Atlanta, GA [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—Since the emergence of the Silk Road market in Onymous" in 2014, a worldwide action taken by law enforce- the early 2010s, dark web ‘cryptomarkets’ have proliferated and ment and judicial agencies aimed to put a kibosh on these offered people an online platform to buy and sell illicit drugs, illicit behaviors [5]. Law enforcement interventions such as relying on cryptocurrencies such as Bitcoin for anonymous trans- actions. However, recent studies have highlighted the potential for Onymous, along with exit scams and hacks, have successfully de-anonymization of bitcoin transactions, bringing into question shut down numerous cryptomarkets, including AlphaBay, Silk the level of anonymity afforded by cryptomarkets. We examine a Road, Dream, and more recently, Wall Street [6]. Despite these set of over 100,000 product reviews from several cryptomarkets interruptions, new markets have continued to proliferate. The collected in 2018 and 2019 and conduct a comprehensive analysis authors of [7] note that there appears to be a consistent daily of the markets, including an examination of the distribution of drug sales and revenue among vendors, and a comparison demand of about $500,000 for illicit products on the dark web, of incidences of opioid sales to overdose deaths in a US city.
    [Show full text]
  • A Framework for Identifying Host-Based Artifacts in Dark Web Investigations
    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Fall 11-2020 A Framework for Identifying Host-based Artifacts in Dark Web Investigations Arica Kulm Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Databases and Information Systems Commons, Information Security Commons, and the Systems Architecture Commons Recommended Citation Kulm, Arica, "A Framework for Identifying Host-based Artifacts in Dark Web Investigations" (2020). Masters Theses & Doctoral Dissertations. 357. https://scholar.dsu.edu/theses/357 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A FRAMEWORK FOR IDENTIFYING HOST-BASED ARTIFACTS IN DARK WEB INVESTIGATIONS A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Defense November 2020 By Arica Kulm Dissertation Committee: Dr. Ashley Podhradsky Dr. Kevin Streff Dr. Omar El-Gayar Cynthia Hetherington Trevor Jones ii DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy in Cyber Defense degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Arica Kulm Dissertation Title: A Framework for Identifying Host-based Artifacts in Dark Web Investigations Dissertation Chair: Date: 11/12/20 Committee member: Date: 11/12/2020 Committee member: Date: Committee member: Date: Committee member: Date: iii ACKNOWLEDGMENT First, I would like to thank Dr.
    [Show full text]
  • Optical Onion Routing
    Optical Onion Routing Anna Engelmann and Admela Jukan Technische Universitat¨ Carolo-Wilhelmina zu Braunschweig, Germany Email: fa.engelmann, [email protected] Abstract—As more and more data is transmitted in the depend on number and dependability of volunteer systems, configurable optical layer, – whereby all optical switches forward the privacy features in optical network need to be approached packets without electronic layers involved, we envision privacy as differently: for instance, it is a telecom operator that should the intrinsic property of future optical networks. In this paper, we be able offer a private optical communication service as a propose Optical Onion Routing (OOR) routing and forwarding value added feature. For instance, for some client networks techniques, inspired by the onion routing in the Internet layer, - an optical network can grant anonymous access to third-party the best known realization of anonymous communication today, – but designed with specific features innate to optical networks. servers in the cloud, whereby the traffic contents and the origin We propose to design the optical anonymization network system of requests can remain secret for both the attacker as well as with a new optical anonymization node architecture, including the cloud provider. In designing an anonymous optical network the optical components and their electronic counterparts to akin to Tor, however, several obstacles need to be overcome, realize layered encryption. We propose modification to the secret since the main features need to be primarily implemented in key generation using Linear Feedback Shift Register (LFSR), – photonics, i.e., without intervention of electronics, such as able to utilize different primitive irreducible polynomials, and encryption, traffic routing, and session key distribution.
    [Show full text]
  • Privacy-Enhancing Technologies for the Internet
    Privacy-enhancing technologies for the Internet Ian Goldberg David Wagner Eric Brewer University of California, Berkeley iang,daw,brewer ¡ @cs.berkeley.edu Abstract ing privacy issues on the Internet, and Section 3 provides some relevant background. We then discuss Internet pri- The increased use of the Internet for everyday activi- vacy technology chronologically, in three parts: Section 4 ties is bringing new threats to personal privacy. This pa- describes the technology of yesterday, Section 5 explains per gives an overview of existing and potential privacy- today’s technology, and Section 6 explores the technology enhancing technologies for the Internet, as well as moti- of tomorrow. Finally, we conclude in Section 7. vation and challenges for future work in this field. 2. Motivation 1. Introduction The threats to one’s privacy on the Internet are two-fold: your online actions could be (1) monitored by unauthorized Recently the Internet has seen tremendous growth, with parties and (2) logged and preserved for future access many the ranks of new users swelling at ever-increasing rates. years later. You might not realize that your personal infor- This expansion has catapulted it from the realm of academic mation has been monitored, logged, and subsequently dis- research towards new-found mainstream acceptance and in- closed; those who would compromise your privacy have no creased social relevance for the everyday individual. Yet incentive to warn you. this suddenly increased reliance on the Internet has the po- The threat of long-term storage and eventual disclosure tential to erode personal privacies we once took for granted. of personal information is especially acute on the Internet.
    [Show full text]
  • Walking Onions: Scaling Anonymity Networks While Protecting Users
    Walking Onions: Scaling Anonymity Networks while Protecting Users Chelsea H. Komlo Nick Mathewson Ian Goldberg University of Waterloo The Tor Project University of Waterloo Abstract Anonymity networks in practice [13] have prevented these Scaling anonymity networks offers unique security chal- attacks by requiring all participants to share a globally consis- lenges, as attackers can exploit differing views of the net- tent view of the entire state of the network, and giving clients work’s topology to perform epistemic and route capture at- complete control over selecting relays for their paths. While tacks. Anonymity networks in practice, such as Tor, have this approach prevents the described attacks, requiring a glob- opted for security over scalability by requiring participants ally consistent view results in quadratic bandwidth growth as to share a globally consistent view of all relays to prevent the number of clients increases [26], because the number of these kinds of attacks. Such an approach requires each user relays must also increase to provide more capacity, and all to maintain up-to-date information about every relay, causing parties must download information about all relays. While the total amount of data each user must download every epoch today’s Tor network requires only approximately half a per- to scale linearly with the number of relays. As the number cent of its total bandwidth to serve network state [39, 41], of clients increases, more relays must be added to provide increasing the number of clients and relays by one order of bandwidth, further exacerbating the total load on the network. magnitude would result in the consumption of roughly five In this work, we present Walking Onions, a set of proto- percent of the network’s (ten times larger) total bandwidth cols improving scalability for anonymity networks.
    [Show full text]
  • Technical and Legal Overview of the Tor Anonymity Network
    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5
    [Show full text]
  • Defending Against Malicious Cyber Activity Originating From
    TLP:WHITE Product ID: A20-183A July 1, 2020 Defending Against Malicious Cyber Activity Originating from Tor This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)—highlights risks associated with Tor, along with technical details and recommendations for mitigation. Cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.1,2,3 Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes. This software is maintained by the Tor Project, a nonprofit organization that provides internet anonymity and anti-censorship tools. While Tor can be used to promote democracy and free, anonymous use of the internet, it also provides an avenue for malicious actors to conceal their activity because identity and point of origin cannot be determined for a Tor software user. Using the Onion Routing Protocol, Tor software obfuscates a user’s identity from anyone seeking to monitor online activity (e.g., nation states, surveillance organizations, information security tools). This is possible because the online activity of someone using Tor software appears to originate from the Internet Protocol (IP) address of a Tor exit node, as opposed to the IP address of the user’s computer. CISA and the FBI recommend that organizations assess their individual risk of compromise via Tor and take appropriate mitigations to block or closely monitor inbound and outbound traffic from known Tor nodes. 1 CISA Alert published April 2020: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching.
    [Show full text]
  • Provably Secure and Practical Onion Routing
    Provably Secure and Practical Onion Routing Michael Backes Ian Goldberg Saarland University and MPI-SWS, Germany University of Waterloo, Canada [email protected] [email protected] Aniket Kate Esfandiar Mohammadi MPI-SWS, Germany Saarland University, Germany [email protected] [email protected] Abstract The onion routing network Tor is undoubtedly the most widely employed technology for anony- mous web access. Although the underlying onion routing (OR) protocol appears satisfactory, a comprehensive analysis of its security guarantees is still lacking. This has also resulted in a sig- nificant gap between research work on OR protocols and existing OR anonymity analyses. In this work, we address both issues with onion routing by defining a provably secure OR protocol, which is practical for deployment in the next generation Tor network. We start off by presenting a security definition (an ideal functionality) for the OR methodology in the universal composability (UC) framework. We then determine the exact security properties required for OR cryptographic primitives (onion construction and processing algorithms, and a key exchange protocol) to achieve a provably secure OR protocol. We show that the currently deployed onion algorithms with slightly strengthened integrity properties can be used in a provably secure OR construction. In the process, we identify the concept of predictably malleable symmetric encryptions, which might be of independent interest. On the other hand, we find the currently deployed key exchange protocol to be inefficient and difficult to analyze and instead show that a recent, significantly more efficient, key exchange protocol can be used in a provably secure OR construction.
    [Show full text]
  • How Do Tor Users Interact with Onion Services?
    How Do Tor Users Interact With Onion Services? Philipp Winter Anne Edmundson Laura M. Roberts Princeton University Princeton University Princeton University Agnieszka Dutkowska-Zuk˙ Marshini Chetty Nick Feamster Independent Princeton University Princeton University Abstract messaging [4] and file sharing [15]. The Tor Project currently does not have data on the number of onion Onion services are anonymous network services that are service users, but Facebook reported in 2016 that more exposed over the Tor network. In contrast to conventional than one million users logged into its onion service in one Internet services, onion services are private, generally not month [20]. indexed by search engines, and use self-certifying domain Onion services differ from conventional web services names that are long and difficult for humans to read. In in four ways; First, they can only be accessed over the Tor this paper, we study how people perceive, understand, and network. Second, onion domains are hashes over their use onion services based on data from 17 semi-structured public key, which make them difficult to remember. Third, interviews and an online survey of 517 users. We find that the network path between client and the onion service is users have an incomplete mental model of onion services, typically longer, increasing latency and thus reducing the use these services for anonymity and have varying trust in performance of the service. Finally, onion services are onion services in general. Users also have difficulty dis- private by default, meaning that users must discover these covering and tracking onion sites and authenticating them. sites organically, rather than with a search engine.
    [Show full text]
  • Identifying and Reducing Usability Issues in Anonymity Systems
    Why Johnny Can’t Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity Systems Greg Norcie Jim Blythe Kelly Caine L Jean Camp Indiana University Information Sciences Institute Clemson University Indiana University [email protected] [email protected] [email protected] [email protected] Abstract—Tor is one of the most widely used anonymity Tor uses onion routing [24] to prevent third parties from networks in the world. The anonymity provided to any individual observing or transparently interjecting themselves into a user’s Tor user is a function of the total number of Tor users. Adoption web activity. The term “onion routing” refers to Tor’s layered of anonymity tools, including Tor, can be hindered by a lack of usability. Therefore, enhancing Tor’s usability and making it encryption, analogous to the layers in an onion, which prevents easier for more people to use Tor successfully increases security third parties (including Tor nodes) from observing the content for all Tor users. To enhance Tor usability we begin by identifying of packets in transit. Tor also prevents the linkage of the source stop-points which may act as barriers to using the Tor Browser and destination of any packet in the Tor network. Of course, Bundle (TBB). We suggest changes based on our analysis of there are attacks that threaten privacy even when using Tor, these stop-points. To follow through, in our second study we test whether the changes we recommended to the Tor Project are including subversion via control of malicious nodes and timing effective in increasing usability, and find a significant decrease attacks.
    [Show full text]