8/13/2019 New Cell Counting Based Attack Against TOR
1/62
CONTENTS1. Synopsis
2. Introduction
2.1. Project Description
2.2. Company Profile
3. System Analysis
3.1. Existing System
3.2. Proposed System
4. Hardware And Software Specification
.1. !ard"are Specification
.2. Soft"are Specification
.3. #$o%t Soft"are
5. System Design
&.1. Data 'lo" Diagram
&.2. Data$ase Str%ct%re
&.3. Code Design
&. . Screen (ayo%t
6. System esting
!. System Implementation
". #uture en$ancement
%. &onclusion.
1'. (i)liograp$y
1
8/13/2019 New Cell Counting Based Attack Against TOR
2/62
S*+,-SIS
A)stract :
)ario%s lo"*latency anonymo%s comm%nication systems s%c+ as Tor and
#nonymi,er +a-e $een designed to pro-ide anonymity ser-ice for %sers. n order to +ide
t+e comm%nication of %sers/ most of t+e anonymity systems pac0 t+e application data
into e %al*si,ed cells. )ia extensi-e experiments on Tor/ "e fo%nd t+at t+e si,e of P
pac0ets in t+e Tor net"or0 can $e -ery dynamic $eca%se a cell is an application concept
and t+e P layer may repac0 cells. ased on t+is finding/ "e in-estigate a ne" cell*
co%nting*$ased attac0 against Tor/ "+ic+ allo"s t+e attac0er to confirm anonymo%scomm%nication relations+ip among %sers -ery %ic0ly. n t+is attac0/ $y marginally
-arying t+e n%m$er of cells in t+e target traffic at t+e malicio%s exit onion ro%ter/ t+e
attac0er can em$ed a secret signal into t+e -ariation of cell co%nter of t+e target traffic.
T+e em$edded signal "ill $e carried along "it+ t+e target traffic and arri-e at t+e
malicio%s entry onion ro%ter. T+en/ an accomplice of t+e attac0er at t+emalicio%s entry
onion ro%ter "ill detect t+e em$edded signal $ased on t+e recei-ed cells and confirm t+e
comm%nication relations+ip among %sers. e +a-e implemented t+is attac0 against Tor/
and o%r experimental data -alidate its feasi$ility and effecti-eness. T+ere are se-eral
%ni %e feat%res of t+is attac0. 'irst/ t+is attac0 is +ig+ly efficient and can confirm -ery
s+ort comm%nication sessions "it+ only tens of cells. Second/ t+is attac0 is effecti-e/ and
its detection rate approac+es 1445 "it+ a -ery lo" false positi-e rate. T+ird/ it is possi$le
to implement t+e attac0 in a "ay t+at appears to $e -ery diffic%lt for +onest participants
to detect.
2
8/13/2019 New Cell Counting Based Attack Against TOR
3/62
A &HI /& 0 /
3
8/13/2019 New Cell Counting Based Attack Against TOR
4/62
I+ ,D0& I,+
&ONCE6NS a$o%t pri-acy and sec%rity +a-e recei-ed greater attention "it+ t+e
rapid gro"t+ and p%$lic acceptance of t+e nternet/ "+ic+ +as $een %sed to create o%r
glo$al E*economy. #nonymity +as $ecome a necessary and legitimate aim in manyapplications/ incl%ding anonymo%s e$ $ro"sing/ location*$ased ser-ices/ and E*-oting.
n t+ese applications/ encryption alone cannot maintain t+e anonymity re %ired $y
participants. n t+e past/ researc+ers +a-e de-eloped n%mero%s anonymo%s
comm%nication systems. 7enerally spea0ing/ mix tec+ni %es can $e %sed for eit+er
message*$ased or flo"*$ased anonymity applications. E*mail is a typical message*$ased
anonymity application/ "+ic+ +as $een t+oro%g+ly in-estigated. 6esearc+ on flo"*$ased
anonymity applications +as recently recei-ed great attention in order to preser-e
anonymity in lo"*latency applications/ incl%ding e$ $ro"sing and peer*to*peer file
s+aring . To degrade t+e anonymity ser-ice pro-ided $y anonymo%s comm%nication
systems/ traffic analysis attac0s +a-e $een st%died. Existing traffic analysis attac0s can $e
categori,ed into t"o gro%ps8 passi-e traffic analysis and acti-e "atermar0ing tec+ni %es.
Passi-e traffic analysis tec+ni %e "ill record t+e traffic passi-ely and identify t+e
similarity $et"een t+e sender9s o%t$o%nd traffic and t+e recei-er9s in$o%nd traffic $ased
on statistical meas%res. eca%se t+is type of attac0 relies on correlating t+e timings of
messages mo-ing t+ro%g+ t+e anonymo%s system and does not c+ange t+e trafficc+aracteristics/ it is also a passi-e timing attac0. 'or example/ Serjanto- et al. proposed a
passi-e pac0et*co%nting sc+eme to o$ser-e t+e n%m$er of pac0ets of a connection t+at
arri-es at a mix node and lea-es a node. !o"e-er/ t+ey did not ela$orate +o" pac0et
co%nting co%ld $e done. To impro-e t+e acc%racy of attac0s/ t+e acti-e "atermar0ing
tec+ni %e +as recently recei-ed m%c+ attention. T+e idea of t+is tec+ni %e is
to acti-ely introd%ce special signals into t+e sender9s o%t$o%nd traffic "it+ t+e intention
of recogni,ing t+e em$edded signal at t+e recei-er9s in$o%nd traffic .
8/13/2019 New Cell Counting Based Attack Against TOR
5/62
- , /& D/S& I- I,+
,D0 /S
1. Data ransmission
2. &omponents of or
3. &ells at ,nion outers
Data ransmission
n Tor/ an maintains a connection to ot+er on demand. T+e %ses a "ay of so%rce
ro%ting and c+ooses se-eral from t+e locally cac+ed directory/ do"nloaded from t+e
directory cac+es. T+e n%m$er of t+e selected is referred as t+e pat+ lengt+. e %se t+edefa%lt pat+ lengt+ of t+ree as an example. T+e iterati-ely esta$lis+es circ%its across t+e
Tor net"or0 and negotiates a symmetric 0ey "it+ eac+/ one +op at a time/ as "ell as
+andles t+e streams from client applications. T+e side of t+e circ%it connects to t+e
re %ested destinations and relays t+e data. e no" ill%strate t+e proced%re t+at t+e
esta$lis+es a circ%it and do"nloads a file from t+e ser-er.
&omponents of or
Onion ro%ters are special proxies t+at relay t+e application data. n Tor/ transport*layer
sec%rity connections are %sed for t+e o-erlay lin0 encryption $et"een t"o onion ro%ters.
T+e application data is pac0ed into e %al*si,ed cells. T+ey +old onion ro%ter information
s%c+ as p%$lic 0eys for onion ro%ters. Directory a%t+orities +old a%t+oritati-e information
on onion ro%ters/ and directory cac+es do"nload directory information of onion ro%ters
from a%t+orities.
&ells at ,nion outers
To $egin "it+/ t+e onion ro%ter recei-es t+e data from t+e connection on t+e gi-en
port A. #fter t+e data is processed $y protocols/ t+e data "ill $e deli-ered into t+e $%ffer
of t+e connection. +en t+ere is pending data in t+e $%ffer/ t+e read e-ent of t+is
connection "ill $e called to read and process t+e data. T+e connection read e-ent "ill
p%ll t+e data from t+e $%ffer into t+e connection inp%t $%ffer. Eac+ connection inp%t
&
8/13/2019 New Cell Counting Based Attack Against TOR
6/62
8/13/2019 New Cell Counting Based Attack Against TOR
7/62
8/13/2019 New Cell Counting Based Attack Against TOR
8/62
S*S / A+A *SIS
Introduction
System #nalysis and Design/ is t+e process of gat+ering and
interpreting facts/ diagnosing pro$lem and %sing t+e information to recommend
impro-ement to t+e system. efore de-elopment of any project can $e p%rs%ed/ a
system st%dy is cond%cted to learn t+e details of t+e c%rrent $%siness sol%tion.
nformation gat+ered t+ro%g+ t+e st%dy forms t+e $asis for creating alternati-e
design strategies. )irt%ally all organi,ations are systems t+at interact "it+ t+eiren-ironment t+ro%g+ recei-ing inp%t and prod%cing o%tp%t.
t is a management tec+ni %e %sed in designing a ne" system/
impro-ing an existing system or sol-ing pro$lem. System analysis does not
g%arantee t+at t+e %ser "ill deri-e an ideal sol%tion to a pro$lem. T+is depends
solely on t+e "ay one design a system to exploit t+e potential in t+e met+od. To
p%t it in anot+er "ay/ creati-ity is as m%c+ as m%st pre*design t+e st%dy and
pro$lem sol-ing process and e-al%ate e-ery s%ccessi-e step in t+e system
analysis.
Ta0ing all t+ese factors into acco%nt and "it+ t+e 0no"ledge of t+e
inter*relations+ip $et"een t+e -ario%s fields and section and t+eir potential
interactions/ t+ey are consider for de-eloping t+e "+ole system in and integrated
manner/ t+is project is de-eloped to meet all t+e criteria in t+e
T+e management tec+ni %e is also +elps %s in de-elop and design of
t+e ne" system or to impro-e t+e existing system.
8/13/2019 New Cell Counting Based Attack Against TOR
9/62
T+e follo"ing O$jecti-es are 0ept in mind8
dentify t+e c%stomer9s need.
E-al%ate t+e system concept for feasi$ility.
Perform economic and tec+nical analysis.
#llocate f%nctions to +ard"are/ soft"are/ people/
data$ase and ot+er system elements.
Esta$lis+ cost and sc+ed%le constraints
Create a system definition t+at forms t+e fo%ndation
for all s%$se %ent engineering "or0.
Identification of t$e need
n t+is/ t+ere are certain expressions t+at are $eing %sed in t+ede-elopment of t+e project. #nd/ it is %sed to identify o%r needs or so%rce in
t+e project.
Defining a pro$lem
'inding t+e -ario%s need for t+e pro$lem
'ormali,ing t+e need
6elating t+e need
T+%s/ it is t+e first step for system de-elopment life cycle.
=
8/13/2019 New Cell Counting Based Attack Against TOR
10/62
1. nitial n-estigation
t is one "ay of +andling t+e project/ it is %sed to 0no" a$o%t
t+e %ser re %est and t+e modification of t+e system s+o%ld $e done.
T+e %ser9s re %est for t+is project is as follo"s8
1. #ssigning separate "or0 area for different %sers.
2. Nat%re of t+e "or0
3. 6eg%lar %pdate and delete of record
. 6eg%lar calc%lation of Net #sset )al%e
&. S%pplying t+e data "it+ t+e time re %ired.
T+e %ser re %est identifies t+e need for c+ange and a%t+ori,es t+e
initial in-estigation. t may %ndergo se-eral modifications $efore it $ecome
a "ritten commitment. Once appro-ed t+e acti-ities are carried o%t into
action. T+e proposal/ "+en appro-ed/ it initiates a detailed %ser*oriented
specification of system performance and analysis of t+e feasi$ility of t+e
e-al%ating alternati-e candidate systems "it+ a recommendation of t+e $est
system for t+e jo$.
#easi)ility Study
T+e o$jecti-e of t+e feasi$ility st%dy is not only to sol-e t+e pro$lem
$%t also to ac %ire a sense of its scope. T+e reason for doing t+is is to
identify t+e most $eneficial project to t+e organi,ation.
14
8/13/2019 New Cell Counting Based Attack Against TOR
11/62
T+ere are t+ree aspects in t+e feasi$ility st%dy8
1. Tec+nical 'easi$ility2. 'inancial 'easi$ility
3. Operating 'easi$ility
1. Tec+nical 'easi$ility
T+e Tec+nical feasi$ility is t+e st%dy of t+e soft"are and +o" it
is incl%ded in t+e st%dy of o%r project. 6egarding t+is t+ere are some
tec+nical iss%es t+at s+o%ld $e noted t+ey are as follo"s8
s t+e necessary tec+ni %e a-aila$le and +o" it is s%ggested and
ac %ired>
Does t+e proposed e %ipment +a-e t+e tec+nical capacity to
+old t+e data re %ired %sing t+e ne" system>
ill t+e system pro-ide ade %ate response t+at is made $y t+e
re %ester at an periodic time inter-al
Can t+is system $e expanded after t+is project de-elopment
s t+ere a tec+ni %e g%arantees of acc%racy/ relia$ility in case of
access of data and sec%rity
T+e tec+nical iss%es are raised d%ring t+e feasi$ility st%dy of
in-estigating o%r System. T+%s/ t+e tec+nical consideration e-al%ates t+e
+ard"are re %irements/ soft"are etc. T+is system %ses ?SP as front end and
11
8/13/2019 New Cell Counting Based Attack Against TOR
12/62
Oracle as $ac0 end. T+ey also pro-ide s%fficient memory to +old and
process t+e data. #s t+e company is going to install all t+e process in t+e
system it is t+e c+eap and efficient tec+ni %e.
T+is system tec+ni %e accepts t+e entire re %est made $y t+e
%ser and t+e response is done "it+o%t fail%re and delay. t is a st%dy a$o%t
t+e reso%rces a-aila$le and +o" t+ey are ac+ie-ed as an accepta$le system.
t is
an essential process for analysis and definition of cond%cting a parallel
assessment of tec+nical feasi$ility.
T+o%g+ storage and retrie-al of information is enormo%s/ it can $e
easily +andled $y Oracle. #s t+e oracle can $e r%n in any system and t+e
operation does not differ from one to anot+er. So/ t+is is effecti-e.
2. /conomical #easi)ility #inancial7
#n organi,ation ma0es good in-estment on t+e system. So/ t+ey
s+o%ld $e "ort+ f%ll for t+e amo%nt t+ey spend in t+e system. #l"ays t+e
financial $enefit and e %als or less t+e cost of t+e system/ $%t s+o%ld not
exceed t+e cost.
T+e cost of in-estment is analy,ed for t+e entire system
T+e cost of !ard"are and Soft"are is also noted.
#naly,ing t+e "ay in "+ic+ t+e cost can $e red%ced
12
8/13/2019 New Cell Counting Based Attack Against TOR
13/62
E-ery organi,ation "ant to red%ce t+ere cost $%t at t+e same time %ality of
t+e
Ser-ice s+o%ld also $e maintained. T+e system is de-eloped according t+eestimation of t+e cost made $y t+e concern. n t+is project/ t+e proposed
system "ill definitely red%ce t+e cost and also t+e man%al "or0 is red%ced
and speed of "or0 is also increased.
3. ,perational #easi)ility
Proposed project "ill $e $eneficial only "+en t+ey are t%rned into an
information system and to meet t+e organi,ation operating re %irements.
T+e follo"ing iss%es are considered for t+e operation8
Does t+is system pro-ide s%fficient s%pport for t+e %ser and t+e
management> +at is t+e met+od t+at s+o%ld $e %sed in t+is project>
!a-e t+e %sers $een in-ol-ed in t+e planning and de-elopment of
t+e projects>
ill t+e proposed system ca%se any +arm/ $ad res%lt/ loss of
control and accessi$ility of t+e system "ill lost>
ss%es t+at may $e a minor pro$lem "ill sometimes ca%se major
pro$lem in t+e operation. t is t+e meas%re of +o" people can a$le to "or0
"it+ t+e system. 'inding o%t t+e minor iss%es t+at may $e t+e initial
13
8/13/2019 New Cell Counting Based Attack Against TOR
14/62
pro$lem of t+e system. t s+o%ld $e a %ser*friendly en-ironment. #ll t+ese
aspect s+o%ld $e 0ept in mind and steps s+o%ld $e ta0en for de-eloping t+e
project caref%lly.
6egarding t+e project/ t+e system is -ery m%c+ s%pported and friendly
for t+e %ser. T+e met+ods are defined in an effecti-e manner and proper
conditions are gi-en in ot+er to a-oid t+e +arm or loss of data. t is designed
in 7@ interface/ as "or0ing "ill $e easier and flexi$le for t+e %ser.
T+ey are t+ree $asic feasi$ility st%dies t+at are done in e-ery project.
1
8/13/2019 New Cell Counting Based Attack Against TOR
15/62
/8isting System
Aost existing approac+es are $ased on traffic analysis. Passi-e traffic analysis
tec+ni %e "ill record t+e traffic passi-ely and identify t+e correlation $et"een sender9so%t$o%nd traffic and recei-er9s in$o%nd traffic $ased on statistical meas%res. T+is type of
tec+ni %e re %ires a relati-ely long period of traffic o$ser-ation for a reasona$le
detection rate. T+e idea is to acti-ely introd%ce special signals into t+e sender9s o%t$o%nd
traffic "it+ t+e intention of recogni,ing t+e em$edded signal at t+e recei-er9s in$o%nd
traffic. Encryption does not "or0/ since pac0et +eaders still re-eal a great deal a$o%t
%sers.
Disad9antageEncryption does not "or0/ since pac0et +eaders still re-eal a greatdeal a$o%t %sers.
1&
8/13/2019 New Cell Counting Based Attack Against TOR
16/62
-roposed System
n t+is project/ "e foc%s on t+e acti-e "atermar0ing tec+ni %e/ "+ic+ +as $een
acti-e in t+e past fe" years. proposed a flo"*mar0ing sc+eme $ased on t+e direct
se %ence spread spectr%m tec+ni %e $y %tili,ing a pse%do*noise code. y interfering
"it+ t+e rate of a s%spect sender9s traffic and marginally c+anging t+e traffic rate/ t+e
attac0er can em$ed a secret spread*spectr%m signal into t+e target traffic. T+e em$edded
signal is carried along "it+ t+e target traffic from t+e sender to t+e recei-er/ so t+e
in-estigator can recogni,e t+e corresponding comm%nication relations+ip/ tracing t+e
messages despite t+e %se of anonymo%s net"or0s. !o"e-er/ in order to acc%rately
confirm t+e anonymo%s comm%nication relations+ip of %sers/ t+e flo"*mar0ing sc+eme
needs to em$ed a signal mod%lated $y a relati-ely long lengt+ of PN code/ and also t+e
signal is em$edded into t+e traffic flo" rate -ariation. !o%mansadr et al. proposed a
non$lind net"or0 flo" "atermar0ing sc+eme called 6# N O for stepping stone
detection.
Ad9antage#cti-e "atermar0ing tec+ni %e can red%ce attac0 lasting time.
mpro-e attac0 s%ccess rate and +as recently recei-ed more attention.
1:
8/13/2019 New Cell Counting Based Attack Against TOR
17/62
HA D:A / S-/&I#I&A I,+
System 8 Penti%m ) 2. 7!,.
!ard Dis0 8 4 7 .
'loppy Dri-e 8 1. A$.
Aonitor 8 1& )7# Colo%r.
Ao%se 8 (ogitec+.
6am 8 &12 A$.
1;
8/13/2019 New Cell Counting Based Attack Against TOR
18/62
8/13/2019 New Cell Counting Based Attack Against TOR
19/62
A(,0 S,# :A /4.1 #eatures ,#. +et
Aicrosoft .NET is a set of Aicrosoft soft"are tec+nologies for rapidly
$%ilding and integrating BA( e$ ser-ices/ Aicrosoft indo"s*$ased applications/ and
e$ sol%tions. T+e .NET 'rame"or0 is a lang%age*ne%tral platform for "riting programs
t+at can easily and sec%rely interoperate. T+ere9s no lang%age $arrier "it+ .NET8 t+ere
are n%mero%s lang%ages a-aila$le to t+e de-eloper incl%ding Aanaged C / C / )is%al
asic and ?a-a Script. T+e .NET frame"or0 pro-ides t+e fo%ndation for components to
interact seamlessly/ "+et+er locally or remotely on different platforms. t standardi,es
common data types and comm%nications protocols so t+at components created in
different lang%ages can easily interoperate.
F.NETG is also t+e collecti-e name gi-en to -ario%s soft"are components
$%ilt %pon t+e .NET platform. T+ese "ill $e $ot+ prod%cts H)is%al St%dio.NET and
indo"s.NET Ser-er/ for instanceI and ser-ices Hli0e Passport/ .NET Ay Ser-ices/ and
so onI.
H/ .+/ # A /:, ;
T+e .NET 'rame"or0 +as t"o main parts8
1. T+e Common (ang%age 6%ntime HC(6I.
2. # +ierarc+ical set of class li$raries.
T+e C(6 is descri$ed as t+e Fexec%tion engineG of .NET. t pro-ides t+e en-ironment
"it+in "+ic+ programs r%n. T+e most important feat%res are
1=
8/13/2019 New Cell Counting Based Attack Against TOR
20/62
8/13/2019 New Cell Counting Based Attack Against TOR
21/62
descri$ing types in a common "ay. CTS define +o" types "or0 "it+in t+e r%ntime/
"+ic+ ena$les types in one lang%age to interoperate "it+ types in anot+er lang%age/
incl%ding cross*lang%age exception +andling. #s "ell as ens%ring t+at types are only %sed
in appropriate "ays/ t+e r%ntime also ens%res t+at code doesn9t attempt to access memory
t+at +asn9t $een allocated to it.
&ommon anguage Specification
T+e C(6 pro-ides $%ilt*in s%pport for lang%age interopera$ility. To ens%re t+at
yo% can de-elop managed code t+at can $e f%lly %sed $y de-elopers %sing any
programming lang%age/ a set of lang%age feat%res and r%les for %sing t+em called t+eCommon (ang%age Specification HC(SI +as $een defined. Components t+at follo" t+ese
r%les and expose only C(S feat%res are considered C(S*compliant.
H/ & ASS I( A *
.NET pro-ides a single*rooted +ierarc+y of classes/ containing o-er ;444
types. T+e root of t+e namespace is called SystemJ t+is contains $asic types li0e yte/
Do%$le/ oolean/ and String/ as "ell as O$ject. #ll o$jects deri-e from System. O$ject.
#s "ell as o$jects/ t+ere are -al%e types. )al%e types can $e allocated on t+e stac0/ "+ic+
can pro-ide %sef%l flexi$ility. T+ere are also efficient means of con-erting -al%e types to
o$ject types if and "+en necessary.
T+e set of classes is pretty compre+ensi-e/ pro-iding collections/ file/
screen/ and net"or0 KO/ t+reading/ and so on/ as "ell as BA( and data$ase connecti-ity.
T+e class li$rary is s%$di-ided into a n%m$er of sets Hor namespacesI/ eac+
pro-iding distinct areas of f%nctionality/ "it+ dependencies $et"een t+e namespaces 0ept
to a minim%m.
21
8/13/2019 New Cell Counting Based Attack Against TOR
22/62
A+
8/13/2019 New Cell Counting Based Attack Against TOR
23/62
#cti-e State +as created )is%al Perl and )is%al Pyt+on/ "+ic+ ena$le
.NET*a"are applications to $e $%ilt in eit+er Perl or Pyt+on. ot+ prod%cts can $e
integrated into t+e )is%al St%dio .NET en-ironment. )is%al Perl incl%des s%pport for
#cti-e State9s Perl De- Lit.
Ot+er lang%ages for "+ic+ .NET compilers are a-aila$le incl%de
'O6T6#N
CO O(
Eiffel
'ig1 . Net 'rame"or0
#SP.NET
BA( E SE6) CES
indo"s 'orms
ase Class (i$raries
Common (ang%age 6%ntime Operating System
C .NET is also compliant "it+ C(S HCommon (ang%age SpecificationI and s%pports
str%ct%red exception +andling. C(S is set of r%les and constr%cts t+at are s%pported $y
t+e C(6 HCommon (ang%age 6%ntimeI. C(6 is t+e r%ntime en-ironment pro-ided $y
t+e .NET 'rame"or0J it manages t+e exec%tion of t+e code and also ma0es t+e
de-elopment process easier $y pro-iding ser-ices.
23
8/13/2019 New Cell Counting Based Attack Against TOR
24/62
C .NET is a C(S*compliant lang%age. #ny o$jects/ classes/ or components t+at
created in C .NET can $e %sed in any ot+er C(S*compliant lang%age. n addition/ "e
can %se o$jects/ classes/ and components created in ot+er C(S*compliant lang%ages
in C .NET .T+e %se of C(S ens%res complete interopera$ility among applications/
regardless of t+e lang%ages %sed to create t+e application.
&,+S 0& , S A+D D/S 0& , S
Constr%ctors are %sed to initiali,e o$jects/ "+ereas destr%ctors are %sed to
destroy t+em. n ot+er "ords/ destr%ctors are %sed to release t+e reso%rces allocated to
t+e o$ject. n C .NET t+e s%$ finali,e proced%re is a-aila$le. T+e s%$ finali,e
proced%re is %sed to complete t+e tas0s t+at m%st $e performed "+en an o$ject is
destroyed. T+e s%$ finali,e proced%re is called a%tomatically "+en an o$ject is
destroyed. n addition/ t+e s%$ finali,e proced%re can $e called only from t+e class it
$elongs to or from deri-ed classes.
8/13/2019 New Cell Counting Based Attack Against TOR
25/62
8/13/2019 New Cell Counting Based Attack Against TOR
26/62
8/13/2019 New Cell Counting Based Attack Against TOR
27/62
Design =iew
To $%ild or modify t+e str%ct%re of a ta$le "e "or0 in t+e ta$le
design -ie". e can specify "+at 0ind of data "ill $e +old.
Datas$eet =iew
To add/ edit or analyses t+e data itself "e "or0 in ta$les datas+eet
-ie" mode.
?0/ *
# %ery is a %estion t+at +as to $e as0ed t+e data. #ccess gat+ers data t+at
ans"ers t+e %estion from one or more ta$le. T+e data t+at ma0e %p t+e ans"er is eit+er
dynaset Hif yo% edit itI or a snaps+ot Hit cannot $e editedI.Eac+ time "e r%n %ery/ "e getlatest information in t+e dynaset. #ccess eit+er displays t+e dynaset or snaps+ot for %s to
-ie" or perform an action on it/ s%c+ as deleting or %pdating.
2;
8/13/2019 New Cell Counting Based Attack Against TOR
28/62
I+ ,D0& I,+ , =(S& I-
) Script $rings professional programming tec+ni %es to
!TA( "e$ doc%ments. it+ ) Script/ "e can create doc%ments and
applications t+at pre-io%sly co%ld only +a-e $een made a-aila$le as a
des0top program "ritten "it+ somet+ing li0e )is%al asic. t gi-es %s t+e
a$ility to interact "it+ and manip%late !TA( doc%ments directly from
t+e $ro"ser. it+ ) Script/ "e can e-en interact "it+ and manip%late
t+e $ro"ser it/ sending it instr%ctions from o%r ) Script program/ and
p%lling in its -aria$les for o%r o"n %se.
#$o-e all/ ) Script $rings to %s tr%e client*side processing/ so
let s $riefly loo0 at some of t+e main %ses of ) Script8
6eference and manip%late doc%ment o$jects
6eference and manip%late t+e $ro"ser
6eference t+e contents of anot+er loaded doc%ment or doc%ments
Create a doc%ment on t+e fly from t+e $ro"ser
Store/ reference/ and manip%late data inp%t $y t+e %ser
Store/ reference/ and manip%late data do"nloaded from t+e ser-er
Perform calc%lations on data
Display messages to t+e %ser
2
8/13/2019 New Cell Counting Based Attack Against TOR
29/62
8/13/2019 New Cell Counting Based Attack Against TOR
30/62
DA A # ,: DIA< A
SERVER CLIENTROUTER
IP Address
Flle Name
Browse areceived path
E d
Se d File
Select Path
Se d
!ecr"ptio
E cr"ptio
Se d File
34
8/13/2019 New Cell Counting Based Attack Against TOR
31/62
8/13/2019 New Cell Counting Based Attack Against TOR
32/62
SERVERCLIENT
FILE RECEIVE
Se d File
ROUTER
IP Address
FILE RECEIVE
Select aReceivi # Path
Select Path
Se d
E cr"ptio
!ecr"ptio
32
8/13/2019 New Cell Counting Based Attack Against TOR
33/62
Se %ence Diagram8
SERVER CLIENTROUTER
$e" Se d
E cr"ptio
!ecr"ptio
Ac% owled#eme t
File Received
&essa#e Se d
33
8/13/2019 New Cell Counting Based Attack Against TOR
34/62
@se Case Diagram8
SERVERCLIENT
IP Address
Encryption
ROUTER
Select Path
Sned
File Name
Receive path
Send File
Decryption
3
8/13/2019 New Cell Counting Based Attack Against TOR
35/62
&,D/ D/SI
8/13/2019 New Cell Counting Based Attack Against TOR
36/62
else Q if HText ox2 I Q string myString)aria$le1 string .EmptyJ
myString)aria$le1 Enter Pass"ord J
R else Q if HText ox1 SE6)E6 UU Text ox2 SE6)E6 I Q t+is.!ideHIJ smssend p%d ne" smssend HIJ p%d.S+o"DialogHIJ R
else Q string myString)aria$le1 string .EmptyJ myString)aria$le1 Enter @serNameKPass"ord Correcly. J
R R R R
R
pri-ate -oid 'orm1 (oadH o$ject sender/ E-ent#rgs eI Q
R RR
3:
8/13/2019 New Cell Counting Based Attack Against TOR
37/62
SEND ' (E8
%sing SystemJ%sing System.Collections.7enericJ
%sing System.ComponentAodelJ%sing System.DataJ%sing System.Dra"ingJ%sing System.(in J%sing System.TextJ%sing System. indo"s.'ormsJ%sing System.Net.Soc0etsJ%sing System.NetJ%sing System. OJ%sing System.7lo$ali,ationJ
namespace CellCo%ntingser-er Q p%$lic partial class smssend 8 'orm Q string ser1J string fileDes/ fileiniJ string fileDes1/ fileini1J int lenJ int len1J
p%$lic smssendHI Q nitiali,eComponentHIJ R
pri-ate -oid smssend (oadH o$ject sender/ E-ent#rgs eI Q $tntransform.Ena$led false J t+is.open'ileDialog1.A%ltiselect tr%eJ
KKpict%re ox;.)isi$le tr%eJ KK$tntransform.Ena$led falseJ KKt+is.open'ileDialog1.A%ltiselect tr%eJ la$el3.)isi$le falseJ
KKla$el .)isi$le falseJ KKla$el&.)isi$le falseJ KKla$el:.)isi$le falseJ
3;
8/13/2019 New Cell Counting Based Attack Against TOR
38/62
R
p%$lic -oid sendHI
Q try Q
P#ddress VW ip#ddress Dns .7et!ost#ddressesHtext ox1.TextIJ PEndPoint ipEnd ne" PEndPoint Hip#ddressV4W/ &:&&IJ Soc0et clientSoc0 ne" Soc0et H#ddress'amily . nterNet"or0/Soc0etType .Stream/ ProtocolType . PIJ string filePat+ J
int co%nt 4J
fileDes fileDes.6eplaceH XX/ K IJ "+ile HfileDes. ndexOfH K I Y *1I Q filePat+ fileDes.S%$stringH4/ fileDes. ndexOfH K I 1IJ fileDes fileDes.S%$stringHfileDes. ndexOfH K I 1IJ co%nt J R $yte VW fileName yte Encoding .#SC .7et ytesHfileDesIJ l$lError.Text J l$lError.Text %ffering ... J $yte VW fileData 'ile .6ead#ll ytesHfilePat+ fileDesIJ $yte VW clientData ne" $yte V fileName yte.(engt+ fileData.(engt+WJ $yte VW fileName(en itCon-erter .7et ytesHfileName yte.(engt+IJ fileName(en.CopyToHclientData/ 4IJ fileName yte.CopyToHclientData/ IJ fileData.CopyToHclientData/ fileName yte.(engt+IJ l$lError.Text J l$lError.Text Connection to ser-er ... J clientSoc0.ConnectHipEndIJ l$lError.Text J l$lError.Text 'ile sending... J System.T+reading. T+read .SleepH&444IJ clientSoc0.SendHclientDataIJ l$lError.Text 'ile sending... J #pplication .DoE-entsHIJ l$lError.Text J l$lError.Text Disconnecting... J clientSoc0.CloseHIJ
3
8/13/2019 New Cell Counting Based Attack Against TOR
39/62
l$lError.Text J l$lError.Text 'ile transferred. J
R
catc+ HException exI Q if Hex.Aessage # connection attempt failed $eca%se t+e connected partydid not properly respond after a period of time/ or esta$lis+ed connection failed $eca%seconnected +ost +as failed to respond I Q l$lError.Text J l$lError.Text No S%c+ System #-aila$le Try ot+er P J
R else Q if Hex.Aessage No connection co%ld $e made $eca%se t+e target mac+ineacti-ely ref%sed it I Q l$lError.Text J l$lError.Text 'ile Sending fail. eca%se ser-er not r%nning. J R else Q l$lError.Text J l$lError.Text 'ile Sending fail. ex.AessageJ R R R R
pri-ate -oid $tntransform Clic0H o$ject sender/ E-ent#rgs eI Q pict%re ox
8/13/2019 New Cell Counting Based Attack Against TOR
40/62
sendHIJ
R
pri-ate -oid $tn$ro"se Clic0 1H o$ject sender/ E-ent#rgs eI
Q txt'ilePat+.Text J open'ileDialog1.S+o"DialogHIJ txt'ilePat+.Text open'ileDialog1.'ileNameJ fileDes open'ileDialog1.'ileNameJ
if HfileDes open'ileDialog1 I Q l$lError.Text J l$lError.'oreColor System.Dra"ing. Color .6edJ l$lError.Text Select a 'ile first J
txt'ilePat+.Text J $tntransform.Ena$led false J R else Q pict%re ox;.)isi$le tr%eJ pict%re ox;. mage CellCo%ntingser-er.Properties. 6eso%rces .ajax loaderJ #pplication .DoE-entsHIJ System.T+reading. T+read .SleepH&44IJ
len fileDes.(engt+J fileini fileDes.S%$stringHfileDes. ndexOfH XXI 1IJ $tntransform.Ena$led tr%eJ R R
pri-ate -oid pict%re ox; Clic0H o$ject sender/ E-ent#rgs eI Q
R
RR
6O@TE68
4
8/13/2019 New Cell Counting Based Attack Against TOR
41/62
%sing SystemJ%sing System.Collections.7enericJ%sing System.ComponentAodelJ%sing System.DataJ
%sing System.Dra"ingJ%sing System.(in J%sing System.TextJ%sing System. indo"s.'ormsJ%sing Zed7rap+J
namespace 6o%terCodeCOCOQ p%$lic partial class C+art 8 'orm Q p%$lic string VW txt ne" string V
8/13/2019 New Cell Counting Based Attack Against TOR
42/62
8/13/2019 New Cell Counting Based Attack Against TOR
43/62
,gc. sS+o"ContextAen% false J ,gc. sS+o"Point)al%es tr%eJ ,gc.#xisC+angeHIJ
,gp1.6efres+HIJ R
pri-ate -oid sortHdo%$leVW -/string VW lI Q do%$le tmp/ tmp2J string ltempJ int jJ for Hint i 4J i [ -.(engt+ * 1J i I Q for Hj 4J j [ -.(engt+ * 1 * iJ j I
if H-Vj 1W Y -VjWI QK] compare t+e t"o neig+$o%rs ]K tmp -VjWJK] s"ap aVjW and aVj 1W ]K ltemp lVjWJ -VjW -Vj 1WJ lVjW lVj 1WJ -Vj 1W tmpJ lVj 1W ltempJ R tmp2 -VjWJ R R
RR
3
8/13/2019 New Cell Counting Based Attack Against TOR
44/62
S& //+ A*,0
SE6)E6
8/13/2019 New Cell Counting Based Attack Against TOR
45/62
Select file8
&
8/13/2019 New Cell Counting Based Attack Against TOR
46/62
SEND ' (E8
:
8/13/2019 New Cell Counting Based Attack Against TOR
47/62
ST#T@S8
;
8/13/2019 New Cell Counting Based Attack Against TOR
48/62
6O@TE68
8/13/2019 New Cell Counting Based Attack Against TOR
49/62
8/13/2019 New Cell Counting Based Attack Against TOR
50/62
ENC6 PT ON U DEC6 PT ON8
&4
8/13/2019 New Cell Counting Based Attack Against TOR
51/62
6ECE ) ND P6OP#P ( T 8
&1
8/13/2019 New Cell Counting Based Attack Against TOR
52/62
6O@TE6 P6O # ( T 8
&2
8/13/2019 New Cell Counting Based Attack Against TOR
53/62
8/13/2019 New Cell Counting Based Attack Against TOR
54/62
Integration testing
ntegration tests are designed to test integrated soft"are components
to determine if t+ey act%ally r%n as one program. Testing is e-ent dri-enand is more concerned "it+ t+e $asic o%tcome of screens or fields.
ntegration tests demonstrate t+at alt+o%g+ t+e components "ere
indi-id%ally satisfaction/ as s+o"n $y s%ccessf%lly %nit testing/ t+e
com$ination of components is correct and consistent. ntegration testing is
specifically aimed at exposing t+e pro$lems t+at arise from t+e
com$ination of components.
#unctional test
'%nctional tests pro-ide systematic demonstrations t+at f%nctions tested
are a-aila$le as specified $y t+e $%siness and tec+nical re %irements/ system
doc%mentation/ and %ser man%als.
'%nctional testing is centered on t+e follo"ing items8
)alid np%t 8 identified classes of -alid inp%t m%st $e accepted.
n-alid np%t 8 identified classes of in-alid inp%t m%st $e rejected.
'%nctions 8 identified f%nctions m%st $e exercised.
O%tp%t 8 identified classes of application o%tp%ts m%st $e
exercised.SystemsKProced%res8 interfacing systems or proced%res m%st $e in-o0ed.
Organi,ation and preparation of f%nctional tests is foc%sed on
re %irements/ 0ey f%nctions/ or special test cases. n addition/ systematic
&
8/13/2019 New Cell Counting Based Attack Against TOR
55/62
co-erage pertaining to identify %siness process flo"sJ data fields/
predefined processes/ and s%ccessi-e processes m%st $e considered for
testing. efore f%nctional testing is complete/ additional tests are identified
and t+e effecti-e -al%e of c%rrent tests is determined.
System est
System testing ens%res t+at t+e entire integrated soft"are system meets
re %irements. t tests a config%ration to ens%re 0no"n and predicta$le
res%lts. #n example of system testing is t+e config%ration oriented system
integration test. System testing is $ased on process descriptions and flo"s/emp+asi,ing pre*dri-en process lin0s and integration points.
:$ite (o8 esting
+ite ox Testing is a testing in "+ic+ in "+ic+ t+e soft"are tester +as
0no"ledge of t+e inner "or0ings/ str%ct%re and lang%age of t+e soft"are/ or
at least its p%rpose. t is p%rpose. t is %sed to test areas t+at cannot $e
reac+ed from a $lac0 $ox le-el.
(lac (o8 esting
lac0 ox Testing is testing t+e soft"are "it+o%t any 0no"ledge of t+e
inner "or0ings/ str%ct%re or lang%age of t+e mod%le $eing tested. lac0 $ox
tests/ as most ot+er 0inds of tests/ m%st $e "ritten from a definiti-e so%rce
doc%ment/ s%c+ as specification or re %irements doc%ment/ s%c+ as
specification or re %irements doc%ment. t is a testing in "+ic+ t+e soft"are
%nder test is treated/ as a $lac0 $ox .yo% cannot FseeG into it. T+e test
pro-ides inp%ts and responds to o%tp%ts "it+o%t considering +o" t+e
soft"are "or0s.
&&
8/13/2019 New Cell Counting Based Attack Against TOR
56/62
0nit esting
@nit testing is %s%ally cond%cted as part of a com$ined code and %nit
test p+ase of t+e soft"are lifecycle/ alt+o%g+ it is not %ncommon for coding
and %nit testing to $e cond%cted as t"o distinct p+ases.
Test strategy and approach
'ield testing "ill $e performed man%ally and f%nctional tests "ill $e
"ritten in detail.
est o)Becti9es
#ll field entries m%st "or0 properly.
Pages m%st $e acti-ated from t+e identified lin0.
T+e entry screen/ messages and responses m%st not $e delayed.
#eatures to )e tested
)erify t+at t+e entries are of t+e correct format
No d%plicate entries s+o%ld $e allo"ed
#ll lin0s s+o%ld ta0e t+e %ser to t+e correct page.
Integration esting
&:
8/13/2019 New Cell Counting Based Attack Against TOR
57/62
Soft"are integration testing is t+e incremental integration testing of
t"o or more integrated soft"are components on a single platform to prod%ce
fail%res ca%sed $y interface defects.
T+e tas0 of t+e integration test is to c+ec0 t+at components orsoft"are applications/ e.g. components in a soft"are system or ^ one step %p
^ soft"are applications at t+e company le-el ^ interact "it+o%t error.
est esults #ll t+e test cases mentioned a$o-e passed s%ccessf%lly. No
defects enco%ntered.
Acceptance esting
@ser #cceptance Testing is a critical p+ase of any project and re %ires
significant participation $y t+e end %ser. t also ens%res t+at t+e systemmeets t+e f%nctional re %irements.
est esults #ll t+e test cases mentioned a$o-e passed s%ccessf%lly. No
defects enco%ntered.
S*S / I - / /+ A I,+
mplementation is t+e stage of t+e project "+en t+e t+eoretical design
is t%rned o%t into a "or0ing system. T+%s it can $e considered to $e t+e most
&;
8/13/2019 New Cell Counting Based Attack Against TOR
58/62
critical stage in ac+ie-ing a s%ccessf%l ne" system and in gi-ing t+e %ser/
confidence t+at t+e ne" system "ill "or0 and $e effecti-e.
T+e implementation stage in-ol-es caref%l planning/ in-estigation of
t+e existing system and it9s constraints on implementation/ designing ofmet+ods to ac+ie-e c+angeo-er and e-al%ation of c+angeo-er met+ods.
&
8/13/2019 New Cell Counting Based Attack Against TOR
59/62
#0 0 / /+HA+&/ /+
&=
8/13/2019 New Cell Counting Based Attack Against TOR
60/62
&,+& 0SI,+
n t+is project/ "e introd%ced a no-el cell*co%nting*$ased attac0 against Tor. T+is
attac0 is iffic%lt to detect and is a$le to %ic0ly and acc%rately confirm t+e anonymo%s
comm%nication relations+ip among %sers on Tor. #n attac0er at t+e malicio%s exit onion
ro%ter slig+tly manip%lates t+e transmission of cells from a target TCP stream and
em$eds a secret signal Ha series of $inary $itsI into t+e cell co%nter -ariation of t+e TCP
stream. #n accomplice of t+e attac0er at t+e entry onion ro%ter recogni,es t+e em$edded
signal %sing o%r de-eloped reco-ery algorit+ms and lin0s t+e comm%nication relations+ip
among %sers. O%r t+eoretical analysis s+o"s t+at t+e detection rate is a monotono%sly
increasing f%nction "it+ respect to t+e delay inter-al and is a monotono%sly decreasing
f%nction of t+e -ariance of one "ay transmission delay along a circ%it. )ia extensi-e real*
"orld experiments on Tor/ t+e effecti-eness and feasi$ility of t+e attac0 is -alidated. O%r
data s+o"ed t+at t+is attac0 co%ld drastically and %ic0ly degrade t+e anonymity ser-ice
t+at Tor pro-ides. D%e to Tor9s f%ndamental design/ defending against t+is attac0 remains
a -ery c+allenging tas0 t+at "e "ill in-estigate in o%r
f%t%re researc+.
:4
8/13/2019 New Cell Counting Based Attack Against TOR
61/62
(I(I I,< A-H*
7ood Teac+ers are "ort+ more t+an t+o%sand $oo0s/ "e +a-e t+em in O%r
Department
eferences ade #rom
1. @ser nterfaces in C 8 indo"s 'orms and C%stom Controls $y Aatt+e"
AacDonald.
2. #pplied Aicrosoft_ .NET 'rame"or0 Programming HPro*De-eloperI $y ?effrey
6ic+ter.
3. Practical .Net2 and C 28 !arness t+e Platform/ t+e (ang%age/ and t+e 'rame"or0
$y Patric0 Smacc+ia.
. Data Comm%nications and Net"or0ing/ $y e+ro%, # 'oro%,an.&. Comp%ter Net"or0ing8 # Top*Do"n #pproac+/ $y ?ames '. L%rose.
:. 7a$riel 6. itran and 6ene Caldentey. #n o-er-ie" of pricing
models for re-en%e management.
;. N. r%no and S. C+a%d+%ri. #n online approac+ to p+ysical design
t%ning.
8/13/2019 New Cell Counting Based Attack Against TOR
62/62
1 . 7%illermo 7allego and 7arrett -an 6y,in. Optimal Dynamic
Pricing of n-entories "it+ Stoc+astic Demand o-er 'inite !ori,ons.
Management Science .
1&. #. 7+ose/ ). C+o%d+ary/ T. A%0+opad+yay/ and @. 6ajan. Dynamic
pricing8 # strategic ad-antage for electronic retailers.
1:. E. 7rossmann and Z. Lra-anja.
1;. A. 7%ay and T. Z+ang. #dapti-e extrem%m see0ing control of
nonlinear dynamic systems "it+ parametric %ncertainty.
1