Abstract
In this paper, we introduce a new Denial-of-Service attack against Tor Onion Routers and we study its feasibility and implications. In particular, we exploit a design flaw in the way Tor software builds virtual circuits and demonstrate that an attacker needs only a fraction of the resources required by a network DoS attack for achieving similar damage. We evaluate the effects of our attack on real Tor routers and we propose an estimation methodology for assessing the resources needed to attack any publicly accessible Tor node. Finally, we present the design and implementation of an effective solution to the problem that relies on cryptographic client puzzles, and we present results from its performance and effectiveness evaluation.
Chapter PDF
References
Bellovin, S.M., Gansner, E.R.: Using link cuts to attack Internet routing. Tech. rep. (2002)
Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? In: CCS. ACM (2007)
Chakravarty, S., Stavrou, A., Keromytis, A.D.: Traffic analysis against low-latency anonymity networks using available bandwidth estimation. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 249–267. Springer, Heidelberg (2010)
Danner, N., Krizanc, D., Liberatore, M.: Detecting denial of service attacks in tor. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 273–284. Springer, Heidelberg (2009)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. Tech. rep., DTIC Document (2004)
Edman, M., Syverson, P.: As-awareness in tor path selection. In: CCS. ACM (2009)
Evans, N., Dingledine, R., Grothoff, C.: A practical congestion attack on tor using long paths. In: USENIX Security. USENIX (2009)
Fraser, N., Kelly, D., Raines, R., Baldwin, R., Mullins, B.: Using client puzzles to mitigate distributed denial of service attacks in the tor anonymous routing environment. In: ICC. IEEE (2007)
Fu, X., Ling, Z., Luo, J., Yu, W., Jia, W., Zhao, W.: One cell is enough to break tor’s anonymity. In: Black Hat Technical Security Conference (2009)
Goldberg, I., Stebila, D., Ustaoglu, B.: Anonymity and one-way authentication in key exchange protocols. Designs, Codes and Cryptography (2012)
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)
Hernández-Campos, F., Jeffay, K., Smith, F.: Tracking the evolution of web traffic: 1995-2003. In: MASCOTS. IEEE (2003)
Jansen, R., Hopper, N.: Shadow: Running tor in a box for accurate and efficient experimentation. Tech. rep., DTIC Document (2011)
Levine, B.N., Reiter, M.K., Wang, C.-X., Wright, M.: Timing attacks in low-latency mix systems. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 251–265. Springer, Heidelberg (2004)
McLachlan, J., Hopper, N.: On the risks of serving whenever you surf: vulnerabilities in tor’s blocking resistance design. In: Workshop on Privacy in the Electronic Society. ACM (2009)
Mittal, P., Khurshid, A., Juen, J., Caesar, M., Borisov, N.: Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In: CCS. ACM (2011)
Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 167–183. Springer, Heidelberg (2007)
Murdoch, S.: Hot or not: Revealing hidden services by their clock skew. In: CCS. ACM (2006)
Murdoch, S., Danezis, G.: Low-cost traffic analysis of tor. In: Security and Privacy. IEEE (2005)
Pappas, V., Athanasopoulos, E., Ioannidis, S., Markatos, E.P.: Compromising anonymity using packet spinning. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 161–174. Springer, Heidelberg (2008)
Prasad, R., Dovrolis, C., Murray, M., Claffy, K.: Bandwidth estimation: metrics, measurement techniques, and tools. IEEE Network 17(6) (2003)
RSA Laboratories: How fast is the RSA algorithm?, https://www.rsa.com/rsalabs/node.asp?id=2215
Shi, Y., Matsuura, K.: Fingerprinting attack on the tor anonymity system. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 425–438. Springer, Heidelberg (2009)
Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Anonymity 2000. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)
Tor Project: Tor metrics portal, https://metrics.torproject.org
Tor Project: Using tor hidden services for good, https://blog.torproject.org/blog/using-tor-good
TorStatus: http://torstatus.blutmagie.de/
WikiLeaks: Tor, http://www.wikileaks.org/wiki/WikiLeaks:Tor
Wikipedia: Low orbit ion cannon, http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon
Winter, P., Lindskog, S.: How china is blocking tor. arXiv preprint arXiv:1204.0447 (2012)
Wright, M., Adler, M., Levine, B., Shields, C.: Defending anonymous communications against passive logging attacks. In: Security and Privacy. IEEE (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barbera, M.V., Kemerlis, V.P., Pappas, V., Keromytis, A.D. (2013). CellFlood: Attacking Tor Onion Routers on the Cheap. In: Crampton, J., Jajodia, S., Mayes, K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40203-6_37
Download citation
DOI: https://doi.org/10.1007/978-3-642-40203-6_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40202-9
Online ISBN: 978-3-642-40203-6
eBook Packages: Computer ScienceComputer Science (R0)