torscan tracing long lived connections and differential
play

TorScan: Tracing Long-lived Connections and Differential Scanning - PowerPoint PPT Presentation

Aug 11, 2023 •128 likes •376 views

TorScan: Tracing Long-lived Connections and Differential Scanning Attacks A. Biryukov, I. Pustogarov, R.P. Weinmann University of Luxembourg ivan.pustogarov@uni.lu September 5, 2012 A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan

  1. TorScan: Tracing Long-lived Connections and Differential Scanning Attacks A. Biryukov, I. Pustogarov, R.P. Weinmann University of Luxembourg ivan.pustogarov@uni.lu September 5, 2012 A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 1 / 23

  2. Overview What is Tor and How it works A classification of published attacks on Tor Revealing Tor topology information Topology-based attacks Evaluation of the attacks A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 2 / 23

  3. Tor anonymity network Tor relays – Internet servers running Tor software Both relays and clients run the same software Authorities – 9 most trusted relays which maintain and distribute the list of Tor relays (the Consensus) Clients route their traffic through a chain of Tor relays Tor relays do not delay traffic nor use padding Is the most popular anonymity network ( > 3000 Tor relays; 400,000 users/day). It is fast. A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 3 / 23

  4. Tor anonymity network A user chooses three Tor relays – guard,middle,exit – and builds a circuit: exchanging symmetric keys and updating the relays’ Tor routing tables Telescoping is used to exchange symmetric keys between the client and the relays Traffic flows down the circuit in fixed-size cells, which are unwrapped by a symmetric key at each node (like the layers of an onion) TLS connections between relays are used as the transport for Tor cells One TLS connection carries many circuits TLS TLS TLS Client Middle Exit Server Guard A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 4 / 23

  5. Classification of published attacks Passive traffic analysis attacks. server Cell counting, time correlation, Website fingerprinting exit relay Active traffic analysis attacks middle relay Watermarking, node clogging, guard node etc. Attacks based on information leakage from specific applications. Bittorrent leaking IP addresses, user attacker etc. A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 5 / 23

  6. Intersection attack and Guard nodes Controlling the entry node and sniffing the server ≡ locating the server client If the entry node is chosen exit relay randomly, as the client makes middle relay many different circuits over time, guard node then the probability that the attacker will see a sample of the traffic goes to 1 It does not happen if the entry nodes are fixed. Each client has user attacker a pool of three guard nodes which are actual for 1 month A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 6 / 23

  7. The attack goal We do not reveal the actual IP address of a client We do reveal the guard nodes of a client Guard nodes are the next point to attack. Guard nodes are specific to the user and can be considered as his signature A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 7 / 23

  8. The key to our attack Before the Tor network was considered as a fully connected graph We have found ways to probe the connectivity of a Tor relay. We found how topology leakage can be used to trace back a user from an exit relay to a small set of potential entry nodes. A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 8 / 23

  9. Revealing Tor connectivity (1/5) Each node is uniquely identified by its RSA public key (fingerprint) Use CREATE/CREATED cells to exchange a Diffie-Hellman key. Use EXTEND cell to relay a CREATE cell EXTEND cell contains the fingerprint and IP address of the next relay EXTENDED cell indicates the success; DESTROY cell indicates a failure Server Middle Exit CREATE Guard CREATED Bill A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 9 / 23

  10. Revealing Tor connectivity (2/5) Each node is uniquely identified by its RSA public key (fingerprint) Use CREATE/CREATED cells to exchange keys. Use EXTEND cell to relay a CREATE cell EXTEND cell contains the fingerprint and IP address of the next relay EXTENDED cell indicates the success; DESTROY cell indicates a failure FP_A@128.31.0.34 (2) CREATE (1) Server EXTEND[CREATE] Middle Exit (3) T o FP_A@128.31.0.34 CREATED Guard (4) EXTENDED[CREATED] Bill A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 10 / 23

  11. Reavealing Tor connectivity (4/5) Each pair of Tor relays tries to keep just one TLS connection A connections to Relay A is Canonical if IP A and fingerprint A of relay A are from the Consensus document The canonical connection will be used for all subsequent circuit extension requests to the relay with fingerprint A . IP address is ignored What happens if I indicate a fingerprint from the consensus and 127.0.0.1 as IP FP_A@128.31.0.34 DESTROY EXTEND[CREATE] T o FP_A@127.0.0.1 Bill Steve A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 11 / 23

  12. Reavealing Tor connectivity (3/5) Each pair of Tor relays tries to keep just one TLS connection A connections to Relay A is Canonical if IP A and fingerprint A of relay A are from the Consensus document The canonical connection will be used for all subsequent circuit extension requests to the relay with fingerprint A . IP address is ignored What happens if I indicate a fingerprint from the consensus and 127.0.0.1 as IP FP_A@128.31.0.34 EXTEND[CREATE] T o FP_A@127.0.0.1 EXTENDED Bill Steve A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 12 / 23

  13. Reavealing Tor connectivity (5/5) It takes less time to extend a circuit over already existing connection 18 additional steps ⇒ at least 18 RTT time slower A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 13 / 23

  14. Show me! One scan takes 30 seconds. Can be easily parallelized. 89 USD for scanning the whole network for a day (4 minutes between scans). A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 14 / 23

  15. The attack scenarios 1 We will trace Long-lived connections: long-lived SSH sessions, very large files downloads, file-sharing applications and communications over instant messaging networks. 2 We will trace recurrent connections: Gmail establishes new connections every 2 minutes; web sites with auto-refresh contents. Pseudonymous user is identified by a cookie or a login credential. A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 15 / 23

  16. Tracing Long-lived connections. A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 16 / 23

  17. Tracing Long-lived connections. Evaluation How long should we wait for other connections to disappear? What is the asymptotic behaviour of the decay curve? 1200 1500-bw-router, Control-Port-measurements 1500-bw-router, Canonical-Connections-Probing 36000-bw-router, Control-Port-Measurements 1000 36000-bw-router, Canonical-Connections-Probing 800 600 400 200 0 11Feb14:18 12Feb14:18 13Feb14:18 14Feb14:18 15Feb14:18 A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 17 / 23

  18. Tracing Long-lived connections. Evaluation How long should we wait for other connections to disappear? What is connections duration distribution? Are there “immortal” connections? Incoming circuit rate for this connections is very high What is the asymptotic behaviour of the decay curve? 100 Connections medium-to-high bandwidth Connections medium-to-medium bandwidth 80 40 BW distribution Percentage of immortal connections Connections, % 35 60 30 40 25 % of routers 20 20 15 10 0 1 2 3 4 5 6 7 8 9 10 11 12 5 Connection duration, hours 0 0 30000 60000 90000 120000 150000 180000 210000 Bandwidth weights from consensus A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 18 / 23

  19. Differential scanning 1 Tor Specification: a circuit (route) lives 10 minutes 2 Assume the client establishes recurrent connection to the server 3 The client is identified by his cookie or pseudonym 4 If we kill connection A, there is a probability that connection B will drop as well A B D C PPrivCom052 spfTOR3 A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 19 / 23

  20. Differential scanning. Evaluation 1 What is the probability that connections B drops (Signal)? 2 What is the probability that other connections drops (Noise)? 3 How many tries should we make? → C37B234FAD013453B90375EB55864FEBC876104A : 58 (PPrivCom052) bw=36500 ← CA1CF70F4E6AF9172E6E743AC5F1E918FFE2B476 : 35 (spfTOR3) bw=29800 140 Signal Noise 120 Number of differentials 100 80 60 40 20 0 0 30000 60000 90000 120000 150000 180000 210000 Bandwidth weight A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 20 / 23

  21. Some remarks For many existing attacks: exhaustive probing of each link in the Tor network is required Existing attacks can become practical again since the amount of links to be probed is significantly reduced A. Biryukov, I. Pustogarov, R.P. Weinmann (UNI LU) Torscan September 5, 2012 21 / 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Discovering Neutral Naturalness (in long-lived particle searches) LHC Searches for Long-Lived

Discovering Neutral Naturalness (in long-lived particle searches) LHC Searches for Long-Lived

Discovering Neutral Naturalness (in long-lived particle searches) LHC Searches for Long-Lived BSM Particles: Theory Meets Experiment UMass Amherst mirror T glueball 13. November 2015 S S S S H T T s = 14 TeV, 3000fb - 1 ( MS ) x

1.43k views • 113 slides
Motivation Long-lived signatures can hide new physics from conventional searches, even if

Motivation Long-lived signatures can hide new physics from conventional searches, even if

Searches for long-lived particles at CMS After a few years of LHC running, CMS has published several searches for long-lived, exotic particles. What motivates these searches ? What strengths & weaknesses does the CMS detector have

447 views • 28 slides
Search for long-lived for long-lived Search particles at CMS particles at CMS Jie Chen Florida

Search for long-lived for long-lived Search particles at CMS particles at CMS Jie Chen Florida

Search for long-lived for long-lived Search particles at CMS particles at CMS Jie Chen Florida State University for the CMS Collaboration 03/19/12 Jie Chen @ SEARCH12 1 Outline Outline Brief introduction to long-lived particle

584 views • 36 slides
Techniques and Results of Neutral Long-Lived echniques and Results of Neutral Long-Lived Particle

Techniques and Results of Neutral Long-Lived echniques and Results of Neutral Long-Lived Particle

Techniques and Results of Neutral Long-Lived echniques and Results of Neutral Long-Lived Particle Sear Particle Searches in A ches in ATLAS and CMS in LHC Run 2 TLAS and CMS in LHC Run 2 Claudia-Elisabeth Wulz Institute of High Energy

487 views • 25 slides
Long-lived Charginos in the MSSM Focus-point Region M. G. Paucar A. Long-lived Charginos in the

Long-lived Charginos in the MSSM Focus-point Region M. G. Paucar A. Long-lived Charginos in the

Long-lived Charginos in the MSSM Focus-point Region M. G. Paucar A. Long-lived Charginos in the MSSM Focus-point Region The MSSM Available Regions of mSUGRA Parameters Space Long-lived Charginos Phenomenology of light chargino

366 views • 18 slides
Techniques to Search for 2 Charged Long Lived Particles Charged particles that only traverse a

Techniques to Search for 2 Charged Long Lived Particles Charged particles that only traverse a

Techniques and results in Charged Long-Lived particle searches in ATLAS and CMS in Run 2 NORA PETTERSSON (UNIVERSITY OF MASSACHUSETTS, AMHERST) ON BE HALF OF THE ATLAS AND CMS COLLABORATIONS Techniques to Search for 2 Charged Long Lived

469 views • 36 slides
The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk

The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk

South Korea 2013 The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk galaxies Eric E.

719 views • 43 slides
A brief theoretical overview of long-lived states Jessie Shelton ACFI Displaced Workshop

A brief theoretical overview of long-lived states Jessie Shelton ACFI Displaced Workshop

A brief theoretical overview of long-lived states Jessie Shelton ACFI Displaced Workshop November 12, 2015 Thursday, November 12, 15 Making long-lived states at the LHC Essential requirement: separate production (appreciable, for rate),

556 views • 24 slides
Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula Andrew Russell Brent Waters Hardness of Non-Interactive Differential Privacy from One-Way Functions Lucas Kowalczyk Tal Malkin Jonathan

649 views • 20 slides
Search for heavy resonances decaying to long- lived neutral particles Emyr Clement on behalf of

Search for heavy resonances decaying to long- lived neutral particles Emyr Clement on behalf of

Search for heavy resonances decaying to long- lived neutral particles Emyr Clement on behalf of the CMS Collaboration E Clement 5 Apr 2013 Motivation Many new physics scenarios predict heavy long-lived particles Weak R-Parity

466 views • 17 slides
Searches for long-lived, massive par5cles with the ATLAS

Searches for long-lived, massive par5cles with the ATLAS

Searches for long-lived, massive par5cles with the ATLAS detector Nick Barlow University of Cambridge Experimental Par5cle Physics Seminar, Birmingham

1.99k views • 141 slides
Database of Long-Lived Symmetric Cryptographic Keys

Database of Long-Lived Symmetric Cryptographic Keys

Database of Long-Lived Symmetric Cryptographic Keys dra%-ie)-karp-crypto-key-table-03 R. Housley T. Polk S. Hartman D. Zhang Updates on

321 views • 9 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
TRACING OUR GLOBAL CONNECTIONS A Bibliographic Analysis of UNT Digital Library Item Usage Among

TRACING OUR GLOBAL CONNECTIONS A Bibliographic Analysis of UNT Digital Library Item Usage Among

TRACING OUR GLOBAL CONNECTIONS A Bibliographic Analysis of UNT Digital Library Item Usage Among Global ETDs Pamela Andrews, Daniel Alemneh, Karen Harker, Janette Klein 1. Introduction ETDs as a source for evolving digital scholarship

528 views • 34 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
Two Connections between Combinatorial and Differential Geometry John M. Sullivan Institut f

Two Connections between Combinatorial and Differential Geometry John M. Sullivan Institut f

Two Connections between Combinatorial and Differential Geometry John M. Sullivan Institut f ur Mathematik, Technische Universit at Berlin Berlin Mathematical School DFG Research Group Polyhedral Surfaces DFG Research Center M ATHEON

556 views • 30 slides
Kitchen Bath Design Presentation Drawing Plans Digital Rendering Nkba Professional Resource

Kitchen Bath Design Presentation Drawing Plans Digital Rendering Nkba Professional Resource

Kitchen Bath Design Presentation Drawing Plans Digital Rendering Nkba Professional Resource Library.pdf Kitchen Bath Design Presentation Drawing Plans Digital Rendering Nkba Professional Resource Library Kitchen Bath Design Presentation Drawing

249 views • 9 slides
The Networking Lab in the School of Computing Dr. Jim Martin Associate Professor I want to be a

The Networking Lab in the School of Computing Dr. Jim Martin Associate Professor I want to be a

The Networking Lab in the School of Computing Dr. Jim Martin Associate Professor I want to be a network School of Computing engineer!!!!! WooHoo..I like trains! Clemson University jim.martin@cs.clemson.edu http://www.cs.clemson.edu/~jmarty

280 views • 6 slides
Deploying large payloads at scale Ramon van Alteren Wednesday, November 9, 2011 Hyves 9,7M

Deploying large payloads at scale Ramon van Alteren Wednesday, November 9, 2011 Hyves 9,7M

Deploying large payloads at scale Ramon van Alteren Wednesday, November 9, 2011 Hyves 9,7M dutch members (16,7M population) ~7M unique visitors / month (Comscore 09/2011) ~2.3M unique visitors / day 800.000 photo uploads /

489 views • 45 slides
ALICE Erik Edelmann erik.edelmann@csc.fi NeIC / CSC NeIC/NDGF All hands meeting February 2013

ALICE Erik Edelmann erik.edelmann@csc.fi NeIC / CSC NeIC/NDGF All hands meeting February 2013

ALICE Erik Edelmann erik.edelmann@csc.fi NeIC / CSC NeIC/NDGF All hands meeting February 2013 p. 1/ Pledges: CPU 180 Fin 160 Swe Den 140 Nor NDGF 120 % of pledge 100 80 60 40 20 0 May12 Jul12 Sep12 Nov12 Jan13

361 views • 22 slides
A QoS-Aware Middleware for Fault Tolerant Web Services Zibin Zheng and Michael R. Lyu Department

A QoS-Aware Middleware for Fault Tolerant Web Services Zibin Zheng and Michael R. Lyu Department

A QoS-Aware Middleware for Fault Tolerant Web Services Zibin Zheng and Michael R. Lyu Department of Computer Science & Engineering The Chinese University of Hong Kong Hong Kong, China ISSRE 2008, Seattle, USA, 11-14 November, 2008

596 views • 25 slides
Vivaldi: A Decentralized Network Coordinate System Authors: Frank Dabek, Russ Cox, Frans

Vivaldi: A Decentralized Network Coordinate System Authors: Frank Dabek, Russ Cox, Frans

Vivaldi: A Decentralized Network Coordinate System Authors: Frank Dabek, Russ Cox, Frans Kaashoek, Robert Morris MIT Published at SIGCOMM 04 Presented by: Emmanouel Kyriakakis Key tool: Synthetic Coordinates Content distribution &

651 views • 27 slides
Straight Talk on Bitcoin and Blockchain Cutting through the BS to get to the tech and stuff you

Straight Talk on Bitcoin and Blockchain Cutting through the BS to get to the tech and stuff you

Straight Talk on Bitcoin and Blockchain Cutting through the BS to get to the tech and stuff you need to know. Jarret Dyrbye - UofA BSc. Computer Engineering 2005 - Doing Bitcoin-related stuff - UofA MSc. Electrical and Computer

665 views • 40 slides
Data Integration and Analysis Systems DA 09 02a Task Update Rick Lawford and Toshio Koike

Data Integration and Analysis Systems DA 09 02a Task Update Rick Lawford and Toshio Koike

Data Integration and Analysis Systems DA 09 02a Task Update Rick Lawford and Toshio Koike Presented at the ADC meeting Melbourne, Australia September, 2009 DA 09 02a Task Report (September. 2009) In the winter of 2008 2009 a

267 views • 9 slides

More recommend