The Experts below are selected from a list of 168 Experts worldwide ranked by ideXlab platform
Wei Zhao - One of the best experts on this subject based on the ideXlab platform.
-
Protocol-level attacks against Tor
Computer Networks, 2013Co-Authors: Zhen Ling, Xinwen Fu, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications over the Internet. In this paper, we present an extensive study of protocol-level attacks against Tor. Different from existing attacks, the attacks investigated in this paper can confirm anonymous communication relationships quickly and accurately by manipulating one single cell and pose a serious threat against Tor. In these attacks, a malicious entry Onion Router may duplicate, modify, insert, or delete cells of a TCP stream from a sender, which can cause cell recognition errors at the exit Onion Router. If an accomplice of the attacker at the entry Onion Router also controls the exit Onion Router and recognizes such cell recognition errors, the communication relationship between the sender and receiver will be confirmed. These attacks can also be used for launching the denial-of-service (DoS) attack to disrupt the operation of Tor. We systematically analyze the impact of these attacks and our data indicate that these attacks may drastically degrade the anonymity service that Tor provides, if the attacker is able to control a small number of Tor Routers. We have implemented these attacks on Tor and our experiments validate their feasibility and effectiveness. We also present guidelines for defending against protocol-level attacks.
-
Protocol-level attacks against Tor
Computer Networks, 2013Co-Authors: Zhen Ling, Xinwen Fu, Junzhou Luo, Weijia Jia, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications over the Internet. In this paper, we present an extensive study of protocol-level attacks against Tor. Different from existing attacks, the attacks investigated in this paper can confirm anonymous communication relationships quickly and accurately by manipulating one single cell and pose a serious threat against Tor. In these attacks, a malicious entry Onion Router may duplicate, modify, insert, or delete cells of a TCP stream from a sender, which can cause cell recognition errors at the exit Onion Router. If an accomplice of the attacker at the entry Onion Router also controls the exit Onion Router and recognizes such cell recognition errors, the communication relationship between the sender and receiver will be confirmed. These attacks can also be used for launching the denial-of-service (DoS) attack to disrupt the operation of Tor. We systematically analyze the impact of these attacks and our data indicate that these attacks may drastically degrade the anonymity service that Tor provides, if the attacker is able to control a small number of Tor Routers. We have implemented these attacks on Tor and our experiments validate their feasibility and effectiveness. We also present guidelines for defending against protocol-level attacks. © 2012 Elsevier B.V. All rights reserved.
-
ICC - A New Replay Attack Against Anonymous Communication Networks
2008 IEEE International Conference on Communications, 2008Co-Authors: Rastin Pries, Xinwen Fu, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications on the Internet. In this paper, we present a new class of attack, the replay attack, against Tor. Compared with other existing attacks, the replay attack can confirm communication relationships quickly and accurately and poses a serious threat against Tor. In this attack, a malicious entry Onion Router duplicates cells of a stream from a sender. The original cell and duplicate cell traverse middle Onion Routers and arrive at an exit Onion Router along a circuit. Since Tor uses the counter mode AES (AES-CTR) for encryption of cells, the duplicate cell disrupts the normal counter at middle and exit Onion Routers and the decryption at the exit Onion Router incurs cell recognition errors. If an accomplice of the attacker at the entry Onion Router controls the exit Onion Router and detects such decryption errors, the communication relationship between the sender and receiver will be discovered. The replay attack can also be used as a denial of service attack. We implement the replay attack on Tor and our experiments validate the feasibility and effectiveness of the attack. We also present guidelines to defending against the replay attack.
-
A New Replay Attack Against Anonymous Communication Networks
Communications, 2008. ICC '08. IEEE International Conference on, 2008Co-Authors: Rastin Pries, Xinwen Fu, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications on the Internet. In this paper, we present a new class of attack, the replay attack, against Tor. Compared with other existing attacks, the replay attack can confirm communication relationships quickly and accurately and poses a serious threat against Tor. In this attack, a malicious entry Onion Router duplicates cells of a stream from a sender. The original cell and duplicate cell traverse middle Onion Routers and arrive at an exit Onion Router along a circuit. Since Tor uses the counter mode AES (AES-CTR) for encryption of cells, the duplicate cell disrupts the normal counter at middle and exit Onion Routers and the decryption at the exit Onion Router incurs cell recognition errors. If an accomplice of the attacker at the entry Onion Router controls the exit Onion Router and detects such decryption errors, the communication relationship between the sender and receiver will be discovered. The replay attack can also be used as a denial of service attack. We implement the replay attack on Tor and our experiments validate the feasibility and effectiveness of the attack. We also present guidelines to defending against the replay attack.
Xinwen Fu - One of the best experts on this subject based on the ideXlab platform.
-
Protocol-level attacks against Tor
Computer Networks, 2013Co-Authors: Zhen Ling, Xinwen Fu, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications over the Internet. In this paper, we present an extensive study of protocol-level attacks against Tor. Different from existing attacks, the attacks investigated in this paper can confirm anonymous communication relationships quickly and accurately by manipulating one single cell and pose a serious threat against Tor. In these attacks, a malicious entry Onion Router may duplicate, modify, insert, or delete cells of a TCP stream from a sender, which can cause cell recognition errors at the exit Onion Router. If an accomplice of the attacker at the entry Onion Router also controls the exit Onion Router and recognizes such cell recognition errors, the communication relationship between the sender and receiver will be confirmed. These attacks can also be used for launching the denial-of-service (DoS) attack to disrupt the operation of Tor. We systematically analyze the impact of these attacks and our data indicate that these attacks may drastically degrade the anonymity service that Tor provides, if the attacker is able to control a small number of Tor Routers. We have implemented these attacks on Tor and our experiments validate their feasibility and effectiveness. We also present guidelines for defending against protocol-level attacks.
-
Protocol-level attacks against Tor
Computer Networks, 2013Co-Authors: Zhen Ling, Xinwen Fu, Junzhou Luo, Weijia Jia, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications over the Internet. In this paper, we present an extensive study of protocol-level attacks against Tor. Different from existing attacks, the attacks investigated in this paper can confirm anonymous communication relationships quickly and accurately by manipulating one single cell and pose a serious threat against Tor. In these attacks, a malicious entry Onion Router may duplicate, modify, insert, or delete cells of a TCP stream from a sender, which can cause cell recognition errors at the exit Onion Router. If an accomplice of the attacker at the entry Onion Router also controls the exit Onion Router and recognizes such cell recognition errors, the communication relationship between the sender and receiver will be confirmed. These attacks can also be used for launching the denial-of-service (DoS) attack to disrupt the operation of Tor. We systematically analyze the impact of these attacks and our data indicate that these attacks may drastically degrade the anonymity service that Tor provides, if the attacker is able to control a small number of Tor Routers. We have implemented these attacks on Tor and our experiments validate their feasibility and effectiveness. We also present guidelines for defending against protocol-level attacks. © 2012 Elsevier B.V. All rights reserved.
-
A New Cell-Counting-Based Attack Against Tor
Networking, IEEE/ACM Transactions on, 2012Co-Authors: Zhen Ling, Xinwen Fu, Junzhou Luo, Dong Xuan, Wei Yu, Weijia JiaAbstract:Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-sized cells (e.g., 512 B for Tor, a known real-world, circuit-based, low-latency anonymous communication network). Via extensive experiments on Tor, we found that the size of IP packets in the Tor network can be very dynamic because a cell is an application concept and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the number of cells in the target traffic at the malicious exit Onion Router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry Onion Router. Then, an accomplice of the attacker at the malicious entry Onion Router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor, and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective, and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect (e.g., using our hopping-based signal embedding).
-
One Cell is Enough to Break Tor's Anonymity
2009Co-Authors: Xinwen Fu, Zhen LingAbstract:Tor is a real-world, circuit-based low-latency anony- mous communication network, supporting TCP applications over the Internet. In this paper, we present a new class of attacks, protocol-level attacks, against Tor. Different from existing attacks, these attacks can confirm anonymous communication relationships quickly and accurately by manipulating one single cell and pose a serious threat against Tor. In protocol-level attacks, a malicious entry Onion Router may duplicate, modify, insert, or delete cells of a TCP stream from a sender. The manipulated cells traverse middle Onion Routers and arrive at an exit Onion Router along a circuit. Because Tor uses the counter mode AES (AES-CTR) for encrypting cells, the manipulated cells disrupt the normal counter at exit Onion Routers and decryption at the exit Onion Router incurs cell recognition errors, which are unique to the investigated protocol-level attacks. If an accomplice of the attacker at the entry Onion Router also controls the exit Onion Router and recognizes such cell recognition errors, the communication relationship between the sender and receiver will be confirmed. Protocol-level attacks can also be used for launching the denial-of-service (DoS) attack to disrupt the operation of Tor. We have implemented these attacks on Tor and our experiments validate their feasibility and effectiveness. We also present guidelines for defending against such attacks. Index Terms—Protocol-level Attacks, Anonymity, Mix Net- works, Tor
-
ICC - A New Replay Attack Against Anonymous Communication Networks
2008 IEEE International Conference on Communications, 2008Co-Authors: Rastin Pries, Xinwen Fu, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications on the Internet. In this paper, we present a new class of attack, the replay attack, against Tor. Compared with other existing attacks, the replay attack can confirm communication relationships quickly and accurately and poses a serious threat against Tor. In this attack, a malicious entry Onion Router duplicates cells of a stream from a sender. The original cell and duplicate cell traverse middle Onion Routers and arrive at an exit Onion Router along a circuit. Since Tor uses the counter mode AES (AES-CTR) for encryption of cells, the duplicate cell disrupts the normal counter at middle and exit Onion Routers and the decryption at the exit Onion Router incurs cell recognition errors. If an accomplice of the attacker at the entry Onion Router controls the exit Onion Router and detects such decryption errors, the communication relationship between the sender and receiver will be discovered. The replay attack can also be used as a denial of service attack. We implement the replay attack on Tor and our experiments validate the feasibility and effectiveness of the attack. We also present guidelines to defending against the replay attack.
Zhen Ling - One of the best experts on this subject based on the ideXlab platform.
-
Protocol-level attacks against Tor
Computer Networks, 2013Co-Authors: Zhen Ling, Xinwen Fu, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications over the Internet. In this paper, we present an extensive study of protocol-level attacks against Tor. Different from existing attacks, the attacks investigated in this paper can confirm anonymous communication relationships quickly and accurately by manipulating one single cell and pose a serious threat against Tor. In these attacks, a malicious entry Onion Router may duplicate, modify, insert, or delete cells of a TCP stream from a sender, which can cause cell recognition errors at the exit Onion Router. If an accomplice of the attacker at the entry Onion Router also controls the exit Onion Router and recognizes such cell recognition errors, the communication relationship between the sender and receiver will be confirmed. These attacks can also be used for launching the denial-of-service (DoS) attack to disrupt the operation of Tor. We systematically analyze the impact of these attacks and our data indicate that these attacks may drastically degrade the anonymity service that Tor provides, if the attacker is able to control a small number of Tor Routers. We have implemented these attacks on Tor and our experiments validate their feasibility and effectiveness. We also present guidelines for defending against protocol-level attacks.
-
Protocol-level attacks against Tor
Computer Networks, 2013Co-Authors: Zhen Ling, Xinwen Fu, Junzhou Luo, Weijia Jia, Wei Yu, Wei ZhaoAbstract:Tor is a real-world, circuit-based low-latency anonymous communication network, supporting TCP applications over the Internet. In this paper, we present an extensive study of protocol-level attacks against Tor. Different from existing attacks, the attacks investigated in this paper can confirm anonymous communication relationships quickly and accurately by manipulating one single cell and pose a serious threat against Tor. In these attacks, a malicious entry Onion Router may duplicate, modify, insert, or delete cells of a TCP stream from a sender, which can cause cell recognition errors at the exit Onion Router. If an accomplice of the attacker at the entry Onion Router also controls the exit Onion Router and recognizes such cell recognition errors, the communication relationship between the sender and receiver will be confirmed. These attacks can also be used for launching the denial-of-service (DoS) attack to disrupt the operation of Tor. We systematically analyze the impact of these attacks and our data indicate that these attacks may drastically degrade the anonymity service that Tor provides, if the attacker is able to control a small number of Tor Routers. We have implemented these attacks on Tor and our experiments validate their feasibility and effectiveness. We also present guidelines for defending against protocol-level attacks. © 2012 Elsevier B.V. All rights reserved.
-
A New Cell-Counting-Based Attack Against Tor
Networking, IEEE/ACM Transactions on, 2012Co-Authors: Zhen Ling, Xinwen Fu, Junzhou Luo, Dong Xuan, Wei Yu, Weijia JiaAbstract:Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-sized cells (e.g., 512 B for Tor, a known real-world, circuit-based, low-latency anonymous communication network). Via extensive experiments on Tor, we found that the size of IP packets in the Tor network can be very dynamic because a cell is an application concept and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the number of cells in the target traffic at the malicious exit Onion Router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry Onion Router. Then, an accomplice of the attacker at the malicious entry Onion Router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor, and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective, and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect (e.g., using our hopping-based signal embedding).
-
One Cell is Enough to Break Tor's Anonymity
2009Co-Authors: Xinwen Fu, Zhen LingAbstract:Tor is a real-world, circuit-based low-latency anony- mous communication network, supporting TCP applications over the Internet. In this paper, we present a new class of attacks, protocol-level attacks, against Tor. Different from existing attacks, these attacks can confirm anonymous communication relationships quickly and accurately by manipulating one single cell and pose a serious threat against Tor. In protocol-level attacks, a malicious entry Onion Router may duplicate, modify, insert, or delete cells of a TCP stream from a sender. The manipulated cells traverse middle Onion Routers and arrive at an exit Onion Router along a circuit. Because Tor uses the counter mode AES (AES-CTR) for encrypting cells, the manipulated cells disrupt the normal counter at exit Onion Routers and decryption at the exit Onion Router incurs cell recognition errors, which are unique to the investigated protocol-level attacks. If an accomplice of the attacker at the entry Onion Router also controls the exit Onion Router and recognizes such cell recognition errors, the communication relationship between the sender and receiver will be confirmed. Protocol-level attacks can also be used for launching the denial-of-service (DoS) attack to disrupt the operation of Tor. We have implemented these attacks on Tor and our experiments validate their feasibility and effectiveness. We also present guidelines for defending against such attacks. Index Terms—Protocol-level Attacks, Anonymity, Mix Net- works, Tor
Dario V Forte - One of the best experts on this subject based on the ideXlab platform.
-
analyzing the difficulties in backtracing Onion Router traffic
International Journal of Digital Evidence, 2002Co-Authors: Dario V ForteAbstract:The objective of Onion Routing is to make it completely impossible for third parties to perform traffic analysis. This goal is achieved by applying cryptographic techniques to networking. The packets transiting the chain of Onion Routers thus appear anonymous. Yes, we are talking about a chain. Practically speaking, there is a group of Onion Routers distributed around the public network, each of which has the task of encrypting the socket connections and to act in turn as a proxy. Experiments with Onion Routing have already been carried out on Sun Solaris 2.4 using proxies for http (www) and RLOGIN. At the moment, proxy operations are planned for e-mail (SMTP), FTP and a slew of other protocols. Let’s imagine we have to make an http transaction. This is how it works: 1) The application does not connect directly to the destination Web server, but rather to a socket connection with an Onion Routing proxy; 2) The Onion Routing proxy establishes a direct anonymous connection with its nearest sister. To guarantee the impossibility of interceptions, the first Onion Routing proxy makes another connection with others of its ilk to complete the chain. To avoid hijacking and man-in-the-middle phenomena, the communication between Onion Routers is forced. Practically speaking, each Onion Router is only able to identify and dialog with its adjacent kin included in the route. Each packet can currently make a maximum of 11 hops, then it has to reach its destination. 3) Each time an Onion Router handles a transaction, it strips away a layer of encryption with respect to the preceding hop. This means that at the end of the route the packet arrives in cleartext. This is one of the first problems an investigator may encounter. Practically speaking, both because of the encryption and because at each hop the link to the preceding routing point is literally stripped away, traceback becomes impossible. The only way to carry out an effective investigation is to implement a logging function at the proxy level as we will describe in greater detail below; 4) In addition, the encryption and transmission of data through the links of the chain is carried out randomly in such a way as to render impossible any sort of “sequence prediction”. Furthermore, whenever the connection is interrupted, for any reason, all information relating to a given transaction is deleted from the rest of the chain. It is basically a sort of “no cache” system.
Sami Zhioua - One of the best experts on this subject based on the ideXlab platform.
-
An empirical study of web browsers’ resistance to traffic analysis and website fingerprinting attacks
Cluster Computing, 2018Co-Authors: Taher Al-shehari, Sami ZhiouaAbstract:Anonymity protocols are employed to establish encrypted tunnels to protect the privacy of Internet users from traffic analysis attacks. However, the attackers strive to infer some traffic patterns’ characteristics (e.g. packet directions, packet sizes, inter-packet timing, etc.) in order to expose the identities of Internet users and their activities. A recent and popular traffic analysis attack is called website fingerprinting which reveals the identity of websites visited by target users. Existing work in the literature studied the website fingerprinting attack using a single web browser, namely Firefox. In this paper we propose a unified traffic analysis attack model composed of a sequence of phases that demonstrate the efficiency of website fingerprinting attack using popular web browsers under Tor (The Onion Router). In addition, we reveal the main factors that affect the accuracy of website fingerprinting attack over Tor anonymous system and using different browsers. To the best of our knowledge, no previous study uncovered such factors by deploying real-world traffic analysis attack utilizing the top five web browsers. The outcomes of the research are very relevant to Internet users (individuals/companies/governments) since they allow to assess to which extent their privacy is preserved in presence of traffic analysis attacks, in particular, website fingerprinting over different browsers. A recommendation for future research direction regarding the investigation of website fingerprinting over different scenarios is also provided.
