[tor-talk] Strong Flow Correlation Attacks on Tor Using Deep Learning

Aaron Johnson aaron.m.johnson at nrl.navy.mil
Sun Sep 23 16:40:22 UTC 2018

>> AS-aware path selection.
> This seems more suited to somewhat reducing ease / odds
> of analysis by Sybil, aka: Trust in Nodes, Good:Bad Node
> Ratio / Odds, etc.

My perspective on AS-aware path selection, having thought about the problem bit [0] and also proposed my own version [1], is that all such solutions suffer from a fatal problem that they leak information about the client location over time [2]. To illustrate this issue, suppose that you choose your guard such that the adversary is unlikely to observe the client-guard traffic. The adversary can use guard-discovery techniques to identify what your guard is. For example, guard discovery is trivial against onion-service clients and servers as both can be forced by the other end to create circuits until a malicious relay is chosen adjacent to the guard. That guard reveals some information about the client's location. The adversary can simply ask: which client locations are more likely to choose this guard?. Clients use multiple guards over time, and at a higher than you’d probably expect due to guard churn (if I recall correctly, one month is a good estimate for the median time until you need to use a new guard). Each additional guard that the the client chooses, that the adversary sees, and that the adversary can link as belonging to the same client, reveals more about the client’s location. Linking connections together over time is possible in many important situations: using a pseudonym in a Web forum or marketplace, running an onion service on any fixed onion address, administering a server that you are the only administrator for, connecting to IRC via a long-lived nickname.

So, I would not recommend to use AS-aware path selection algorithms at the moment.


[0] Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson; "Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries"; CCS 2013; <https://ohmygodel.com/publications/usersrouted-ccs13.pdf>
[1] Aaron Johnson, Rob Jansen, Aaron D. Jaggard, Joan Feigenbaum, and Paul Syverson; "Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection”; NDSS 2017; <https://ohmygodel.com/publications/taps-ndss2017.pdf>
[2] Ryan Wails, Yixin Sun, Aaron Johnson, Mung Chiang, and Prateek MittalTempest; "Temporal Dynamics in Anonymity Systems”; PoPETS 2018; <https://ohmygodel.com/publications/tempest-popets2018.pdf>

More information about the tor-talk mailing list