[tor-dev] Attack linking Tor circuits

Fri Sep 19 13:25:02 UTC 2014

Hi Otto,

This looks cool and complements nicely research that I have
back-burnered for a long time now around what middle relays can
observe from guards and how this is affected by the number of guards,
amongst other things. The plans to move to a single guard are indeed
well underway, so your work is timely. 

You considered randomizing circuit lifetime, but did you also consider
the mitigating effect of randomizing circuit lifetime overlap? That
is, if clients did not mostly use exactly one circuit at a time but
continued making new connections for a (random length) period over an
existing circuit even after they started using a new circuit how that
would affect things?  It sounds like this was not considered.  I have
similar timing questions about circuit build times, although for
pre-emptively built circuits I would think there is a likely advantage
to some synchronization and mixing across the network.  Anyway cool
stuff. I'd like to hear more about it.  Are there drafts of your work
available?

aloha,
Paul

On Fri, Sep 19, 2014 at 01:10:06PM +0300, Otto Huhta wrote:
> Dear Tor developers,
> 
> 
> 
> We’ve been working on an MSc Thesis project looking into an attack that
> links different Tor circuits back to the same user, using only information
> available to a Tor middle node. We’ve discovered that an adversary can
> quite accurately determine if two consecutive circuits are used by the same
> user just by looking at when these circuits are built and destroyed or when
> they begin and stop relaying traffic. This is mainly the result of the
> fixed 10 minute circuit lifetime and the fact that the transition to using
> a new circuit is quite sharp. According to our measurements, circuits
> belonging to the same user are built at very close to 10 minute intervals.
> Also, when one circuit stops relaying traffic another one suddenly becomes
> active, at almost the very same moment.
> 
> 
> 
> Thanks to these properties we could train a classifier to quite efficiently
> identify matching pairs of circuits (9% EER). We looked into the threat
> posed by this attack to Tor users and concluded that because of entry
> guards the threat is real, given that an adversary can control a
> significant portion of middle node traffic. Finding matches among all
> possible Tor circuits would result in too many false positives but thanks
> to entry guards an adversary can focus only on circuits built through these
> specific nodes and quite efficiently determine if two circuits belong to
> the same user. Possible plans of moving to using only a single guard node
> make the situation much more severe: we concluded that for a user picking a
> slow guard node, the adversary can find almost all circuits belonging to a
> same user (again assuming control of a large portion of middle node
> bandwidth). We thus see that before moving on with any such plans, one
> should consider the effect of our findings on the threat posed by a middle
> node linking user circuits.
> 
> 
> 
> As a final note, we considered the effects of randomizing the circuit
> lifetime (e.g. between 5-15 minutes) to mitigate this threat but concluded
> that it would not necessarily solve the problem. The most prominent feature
> linking two circuits together seems to be the time difference between
> traffic ending on one circuit and beginning on another circuit, and this
> link cannot be broken by varying the circuit lifetime. However, if someone
> were to devise such a modification, we would be happy to re-run our tests
> to see what kind of an effect this would have on the success rate of an
> adversary.
> 
> 
> 
> For those interested in our findings, the full thesis Linking Tor Circuits
> can be found at:
> 
> http://www0.cs.ucl.ac.uk/staff/G.Danezis/students/Huhta14-UCL-Msc.pdf
> 
> 
> 
> Best regards,
> 
> Otto Huhta, UCL

> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev