[tor-dev] MATor: A live-monitor for anonymity guarantees

Esfandiar Mohammadi post at esfandiar-mohammadi.de
Tue Oct 28 18:44:34 UTC 2014


Hi,

tl;dr: we have a CCS paper coming up about a client-based live-monitor, called MATor [1], that assesses the influence of Tor's path selection to a user's anonymity. The paper is a first step towards a useful live-monitor that assesses a user's anonymity in a provable manner. We would appreciate your feedback on our approach and the direction in general.

In detail, we implemented a live-monitor that computes upper bounds of the de-anonymization probability for sender, receiver, and relationship anonymity, based on Tor consensus data and the ports that the client needs. We formalized the guarantees that the live-monitor outputs in (an extension of) the AnoA framework [2] for circuit creation against passive attackers that do not control infrastructure (ASNs or IXPs).

We use safe approximations in the live-monitor to be able to efficiently (a few seconds [3]) compute upper bounds for de-anonymization.

At the moment the MATor monitor is a separate tool, but we are working on integrating it into the Tor client code. We envision an integration into Tor Browser Bundle.

Since MATor is an ongoing project, we would appreciate your opinion about the approach in general.

Best wishes,
- Sebastian & Esfandiar

[1] Michael Backes, Aniket Kate, Sebastian Meiser, Esfandiar Mohammad.
(Nothing else) MATor(s): Monitoring the Anonymity of Tor's Path Selection.
to appear in Proceedings of 21st ACM CCS, ACM, 2014.

The MATor project page (containing the paper and the implementation):
http://www.infsec.cs.uni-saarland.de/projects/anonymity-guarantees/mator.html

[2] Michael Backes, Aniket Kate, Praveen Manoharan, Sebastian Meiser, and Esfandiar Mohammadi.
AnoA: A Framework For Analyzing Anonymous Communication Protocols
Unified Definitions and Analyses of Anonymity Properties.
Proceedings of 26th IEEE CSF, pages 163-178, IEEE, 2013.

The AnoA project page (containing the paper):
http://www.infsec.cs.uni-saarland.de/~meiser/paper/anoa.html

[3] The running time is as follows on a MacBook Air 2GHz Intel i7 with 4GB RAM:

Preparation time:		3.39 seconds
For sender anonymity:		0.73 seconds
For recipient anonymity:	6.07 seconds
For relationship anonymity: 	9.10 seconds

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141028/4d9ae20b/attachment.sig>


More information about the tor-dev mailing list