SPATor: Improving Tor Bridges with Single Packet Authorization
نویسندگان
چکیده
Tor is a network designed for low-latency anonymous communications. Tor clients form circuits through relays that are listed in a public directory, and then relay their encrypted traffic through these circuits. This indirection makes it difficult for a local adversary to determine with whom a particular Tor user is communicating. In response, some local adversaries restrict access to Tor by blocking each of the publicly listed relays. To deal with such an adversary, Tor uses bridges, which are unlisted relays that can be used as alternative entry points into the Tor network. Unfortunately, vulnerabilities in Tor’s bridge implementation make it easy to discover large numbers of bridges. An adversary that hoards this information may use it to determine when each bridge is online over time. If a bridge operator also browses with Tor on the same machine, this information may be sufficient to deanonymize him. We present SPATor as a method to mitigate this issue. A client using SPATor relies on innocuous single packet authorization (SPA) to present a time-limited key to a bridge. Before this authorization takes place, the bridge will not reveal whether it is online. We have implemented SPATor as a working proof-of-concept, which is available under an open-source licence.
منابع مشابه
Improving Tor security against timing and traffic analysis attacks with fair randomization
The Tor network is probably one of the most popular online anonymity systems in the world. It has been built based on the volunteer relays from all around the world. It has a strong scientific basis which is structured very well to work in low latency mode that makes it suitable for tasks such as web browsing. Despite the advantages, the low latency also makes Tor insecure against timing and tr...
متن کاملDissecting Tor Bridges: A Security Evaluation of their Private and Public Infrastructures
Bridges are onion routers in the Tor Network whose IP addresses are not public. So far, no global security analysis of Tor bridges has been performed. Leveraging public data sources, and two known Tor issues, we perform the first systematic study on the security of the Tor bridges infrastructure. Our study covers both the public infrastructure available to all Tor users, and the previously unre...
متن کاملImproving Tor using a TCP-over-DTLS Tunnel
The Tor network gives anonymity to Internet users by relaying their traffic through the world over a variety of routers. All traffic between any pair of routers, even if they represent circuits for different clients, are multiplexed over a single TCP connection. This results in interference across circuits during congestion control, packet dropping and packet reordering. This interference great...
متن کاملNetwork Security using Firewall and Cryptographic Authentication
The network Security is the hottest topic in the current research scenario. The information security is really threatened by obnoxious users. With increasing vulnerabilities, caused by port scan attacks, replay attacks and predominantly IP Spoofing, targeting services, the network behavior is getting malevolent. But there is a lack of any clear threat model. The authors have endeavored to consi...
متن کاملTorBricks: Blocking-Resistant Tor Bridge Distribution
Tor is currently the most popular network for anonymous Internet access. It critically relies on volunteer nodes called bridges for relaying Internet traffic when a user’s ISP blocks connections to Tor. Unfortunately, current methods for distributing bridges are vulnerable to malicious users who obtain and block bridge addresses. In this paper, we propose TorBricks, a protocol for distributing ...
متن کامل