Detection and analysis of eavesdropping in anonymous communication networks

详细信息    查看全文

• 作者：Sambuddho Chakravarty ; Georgios Portokalidis…
• 关键词：Tor ; Anonymity networks ; Proxies ; Eavesdropping ; Decoys
• 刊名：International Journal of Information Security
• 出版年：2015
• 出版时间：June 2015
• 年：2015
• 卷：14
• 期：3
• 页码：205-220
• 全文大小：988 KB
• 参考文献：1.Anonymizer, Inc. http://?www.?anonymizer.?com/-/span>
  2.Anonymouse. http://?anonymouse.?org/-/span>
  3.Back, A., M?ller, U., Stiglic, A.: Traffic analysis attacks and trade-offs in anonymity providing systems. In: Proceedings of the 4th International Workshop on Information Hiding(IHW), pp. 245-57. Springer, London (2001)
  4.Known bad relays. https://?trac.?torproject.?org/?projects/?tor/?wiki/?doc/?badRelays
  5.Balsa—An e-mail client for GNOME. http://?balsa.?gnome.?org/-/span>
  6.Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against tor. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society (WPES), pp. 11-0 (2007)
  7.Bauer, K., McCoy, D., Grunwald, D., Sicker, D.: Bitblender: light-weight anonymity for bittorrent. In: Proceedings of the workshop on Applications of private and anonymous communications, AIPACa -8, pp. 1:1-:8. ACM, New York, NY, USA (2008) doi:10.-145/-461464.-461465
  8.Bennett, K., Grothoff, C.: Gnunet: gnu’s decentralized anonymous and censorship-resistant P2P framework. http://?gnunet.?org/-/span>
  9.Bennett, K., Grothoff, C.: GAP—practical anonymous networking. In: Proceedings of the Privacy Enhancing Technologies Workshop (PET), pp. 141-60 (2003)
  10.Bowen, B.M., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: D-cubed. http://?sneakers.?cs.?columbia.?edu/?ids/?RUU/?Dcubed/-/span>
  11.Bowen, B.M., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: Baiting inside attackers using decoy documents. In: Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), pp. 51-0 (2009)
  12.Bowen, B.M., Kemerlis, V.P., Prabhu, P., Keromytis, A.D., Stolfo, S.J.: Automating the injection of believable decoys to detect snooping. In: Proceedings of the Third ACM Conference on Wireless Network Security (WiSec), pp. 81-6 (2010)
  13.Bowen, B.M., Salem, M.B., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: Designing host and network sensors to mitigate the insider threat. IEEE Secur. Priv. 7, 22-9 (2009). doi:10.-109/?MSP.-009.-09 View Article
  14.Chakravarty, S., Polychronakis, M., Portokalidis, G., Keromytis, A.D.: Details of various eavesdropping incidents. http://?dph72nibstejmee4-?onion/?decoys_?via_?tor/?map.?html
  15.Charavarty, S., Portokalidis, G., Polychronakis, M., Keromytis, A.D.: Detecting traffic snooping in tor using decoys. In: Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection, pp. 222-41 (2011)
  16.Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84-0 (1981)View Article
  17.Claws mail. http://?www.?claws-mail.?org
  18.Desaster: kippo ssh honeypot. http://?code.?google.?com/?p/?kippo
  19.Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Proceedings of the 2nd International Conference on Privacy Enhancing Technologies. PET-2, pp. 54-8. Springer, Berlin (2003)
  20.Dingledine, R., Mathewson, N.: Tor path specification. https://?gitweb.?torproject.?org/?torspec.?git??a=?blob_?plain;hb=?HEAD;f=?path-spec.?txt
  21.Dingledine, R., Mathewson, N., Syverson, P.: Onion Routing. http://?www.?onion-router.?net/-/span>
  22.Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, pp. 303-19 (2004)
  23.Douceur, J.R.: The sybil attack. In: Proceedings of International Workshop on Peer-to-Peer Systems (2001)
  24.Stenberg, D.: kippo curl. http://?curl.?haxx.?se
  25.Evolution. http://?projects.?gnome.?org/?evolution
  26.Firesheep. http://?codebutler.?com/?firesheep
  27.The Honeynet Project. http://?www.?honeynet.?org/-/span>
  28.I2P Anonymous Network. http://?www.?i2p2.?de/-/span>
  29.iOpus\(^{\rm TM}\) : iMacros\(\copyright \) . http://?www.?iopus.?com/?imacros/-/span>
  30.Isdal, T., Piatek, M., Krishnamurthy, A., Anderson, T.: Privacy-preserving P2P data sharing with oneswarm. In: Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM), pp. 111-22 (2010)
  31.JAP. http://?anon.?inf.?tu-dresden.?de/-/span>
  32.Kmail—mail client. http://?kde.?org/?applications/?internet/?kmail
  33.McCanne, S., Leres, C., Jacobson, V.: Tcpdump and libpcap. http://?www.?tcpdump.?org/-/span>
  34.Mccoy, D., Bauer, K., Grunwald, D., Kohno, T., Sicker, D.: Shining light in dark places: understanding the tor network. In: Proceedings of the 8th International Symposium on Privacy Enhancing Technologies (PETS), pp. 63-6 (2008)
  35.Meyers, J.: IMAP4 ACL extension. http://?www.?ietf.?org/?rfc/?rfc2086.?txt
  36.Mulazzani, M., Huber, M., Weippl, E.R.: Tor HTTP usage and information leakage. In: Proceedings of the IFIP Conference on Communications and Multimedia Security (CMS), pp. 245-55 (2010)
  37.Palfrader, P.: Tor SSL MITM check.
• 作者单位：Sambuddho Chakravarty (1)
  Georgios Portokalidis (2)
  Michalis Polychronakis (1)
  Angelos D. Keromytis (1)
  
  1. Columbia University, New York, USA
  2. Stevens Institute of Technology, Hoboken, USA
  
• 刊物类别：Computer Science
• 刊物主题：Data Encryption
  Computer Communication Networks
  Operating Systems
  Coding and Information Theory
  Management of Computing and Information Systems
  Communications Engineering and Networks
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1615-5270

文摘

Anonymous communication networks, like Tor, partially protect the confidentiality of user traffic by encrypting all communications within the overlay network. However, when the relayed traffic reaches the boundaries of the network, toward its destination, the original user traffic is inevitably exposed to the final node on the path. As a result, users transmitting sensitive data, like authentication credentials, over such networks, risk having their data intercepted and exposed, unless end-to-end encryption is used. Eavesdropping can be performed by malicious or compromised relay nodes, as well as any rogue network entity on the path toward the actual destination. Furthermore, end-to-end encryption does not assure defense against man-in-the-middle attacks. In this work, we explore the use of decoys at multiple levels for the detection of traffic interception by malicious nodes of proxy-based anonymous communication systems. Our approach relies on the injection of traffic that exposes bait credentials for decoy services requiring user authentication, and URLs to seemingly sensitive decoy documents which, when opened, invoke scripts alerting about being accessed. Our aim was to entice prospective eavesdroppers to access our decoy servers and decoy documents, using the snooped credentials and URLs. We have deployed our prototype implementation in the Tor network using decoy IMAP, SMTP, and HTTP servers. During the course of over 30?months, our system has detected 18 cases of traffic eavesdropping that involved 14 different Tor exit nodes.