The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Network and Distributed System Security Symposium February 25 th , 2014 Rob Jansen 1 , Florian Tschorsch 2 , Aaron Johnson 1 , Björn Scheuermann 2 1 U.S. Naval Research Laboratory 2 Humboldt University of
68
Embed
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. Network and Distributed System Security Symposium February 25 th , 2014. Rob Jansen 1 , Florian Tschorsch 2 , Aaron Johnson 1 , Björn Scheuermann 2 1 U.S . Naval Research Laboratory - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network
Network and Distributed System Security SymposiumFebruary 25th, 2014
Rob Jansen1, Florian Tschorsch2, Aaron Johnson1, Björn Scheuermann2
1U.S. Naval Research Laboratory2Humboldt University of Berlin
The Tor Anonymity Network
torproject.org
Censorship Arms Race
Censorship Arms Race
2013
2014
Beyond the Finish Line
● As the cost to block access increases, a viable alternative is to degrade service
● Active attacks are increasingly pervasive
● Understanding the attack space and how to defend is vital to Tor’s continued resilience:– As adversaries become increasingly sophisticated– When attacks subvert explicit security goals
Outline
● Background
● The Sniper DoS Attack Against Tor’s Flow Control Protocol
● How DoS Leads to Hidden Service Deanonymization
Tor Background
exitentry
Tor Background
One TCP Connection Between Each Relay,
Multiple Circuits
exitentry
Tor Background
exitentry
No end-to-end TCP!
Tor Flow Control
Packaging End
DeliveryEnd
exitentry
Tor Flow Control
Packaging End
DeliveryEnd
exitentry
Tor Flow Control
1000 Cell Limit
SENDME Signal Every 100 Cells
exitentry
The Sniper Attack
● Memory-based denial of service (DoS) attack
● Exploits vulnerabilities in Tor’s flow control protocol
● Can be used to disable arbitrary Tor relays
The Sniper Attack
Start Download
Request
exitentry
The Sniper Attack
Reply
DATAexitentry
The Sniper AttackPackage and Relay DATA
DATA
DATAexitentry
The Sniper Attack
DATA
DATA
Stop Reading from Connection
DATA
Rexitentry
The Sniper Attack
DATADATADATADATADATADATA
Rexitentry
Flow Window Closed
The Sniper Attack
DATA
Periodically Send SENDME SENDME
R
DATADATADATADATADATA
exitentry
The Sniper Attack
DATA
DATA
DATADATADATADATADATADATA
Periodically Send SENDME SENDME
R
DATADATADATADATADATA
exitentry
Flow Window Opened
The Sniper Attack
DATA
DATA
DATADATADATADATADATADATA
R
DATADATADATADATADATA
exitentry
DATADATADATADATADATADATADATADATADATADATA
Out of Memory, Killed by OS
The Sniper Attack
DATA
DATA
DATADATADATADATADATADATA
R
DATADATADATADATADATA
exitentry
DATADATADATADATADATADATADATADATADATADATA
Use Tor to Hide
The Sniper Attack: Results
● Implemented Sniper Attack Prototype– Control Sybils via Tor Control Protocol