Location-Aware Onion Routing
نویسنده
چکیده
The Tor network provides low-latency anonymous communication to over two million users daily. To be practical for widespread use, Tor uses onion routing, which does not protect a user against an adversary that can observe a user’s traffic at certain vulnerable positions along the traffic’s route through the Internet. A natural defense would be to choose Tor relays to minimize the chance that the resulting route can be observed by a network adversary. This idea has been explored to some extent [2, 1]. However, significant security and performance challenges remain. This talk will describe the work of the author and others on designing location-aware path selection algorithms in Tor and outline the challenges that remain to be solved. There are several types of network entities whose network positions make them of particular concern to Tor users. Automous Systems (ASes), the subnetworks that comprise the Internet, and and Internet Exchange Points (IXPs), locations at which many ASes connect, are frequently on the routing paths to and from the Tor network [2, 4]. Groups of ASes controlled by the same organization or under the same legal jurisdiction are as well [3]. Several proposals have been made to defend against these specific entities by choosing Tor relays so that the resulting Internet routing paths to and from the Tor network do not put them into a position to deanonymize Tor users [2, 1]. These proposals suggest that the Tor network create models of Internet routing and that Tor clients choose Tor relays depending on the location of the client and the destination. This would be a significant change to Tor, which is currently ignorant of Internet routing and treats all clients and destinations the same. Moreover, it is becoming clear that major research challenges remain to make this approach viable. One challenge is securely and accurately determining the Internet routing paths between clients, destinations, and the Tor network. It has been suggested to use BGP routing information and AS-level path-inference techniques to determine the ASes and IXPs between two hosts. However, recent work has indicated that such inference techniques are too inaccurate to provide security to Tor users over the long term [5]. Moreover, the BGP information itself is the output of an insecure protocol, and it is vulnerable to silent and transient rerouting attacks [6]. Another challenge to location-aware routing in Tor is that it may leak the client’s location over time. The analyses of existing proposals consider individual Tor connections, but they do not consider the threat of an adversary who can observe multiple connections and link them to the same unknown user. This is a realistic threat. For example, a malicious web forum may observe the same pseudonymous user connecting over time, or a malicious ISP could observe connections to a server hosted by that ISP on a regular schedule. The well-known intersection attack shows that observations that each leak new information can quickly deanonymize users when linked. A third challenge to location-aware routing is the interaction between Tor guards and mobile clients. In Tor, each client only connects directly to a small number (1–3) of guards to reduce the chance of being exposed to an adversarial relay. These guards are used for 2–3 months. Location-aware path selection may use the client’s location to influence initial guard selection, but clients may then move to different network locations. Balancing between choosing new guards for new locations and preventing exposure to malicious guards remains to be explored. Tor has become very popular in recent years, and it is more important than even to improve its security. A promising approach to solve some serious vulnerabilities is for Tor to become aware of Internet routing and for clients to take location into account when routing through Tor. This idea still has major theoretical and practical challenges to solve, however.
منابع مشابه
Anonymous Connections and Onion Routing
Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and tra c analysis. Onion routing's anonymous connections are bidirectional and near realtime, and can be used anywhere a socket connection can be used. Any identifying information must be in the data stream carried over an anony...
متن کاملOnion Routing Access Conngurations
Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traac analysis. Thus it hides not only the data being sent, but who is talking to whom. Onion Routing's anonymous connections are bidirec-tional and near real-time, and can be used anywhere a socket connection can be used. Pr...
متن کاملOnion Routing Access Con gurations
Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and tra c analysis. Thus it hides not only the data being sent, but who is talking to whom. Onion Routing's anonymous connections are bidirectional and near real-time, and can be used anywhere a socket connection can be used. Pro...
متن کاملTAC: A Topology-Aware Chord-based Peer-to-Peer Network
Among structured Peer-to-Peer systems, Chord has a general popularity due to its salient features like simplicity, high scalability, small path length with respect to network size, and flexibility on node join and departure. However, Chord doesn’t take into account the topology of underlying physical network when a new node is being added to the system, thus resulting in high routing late...
متن کاملGeographic Adaptive Fidelity and Geographic Energy Aware Routing in Ad Hoc Routing
Location based routing protocols are the kinds of routing protocols, which use of nodes’ location information, instead of links’ information for routing. They are also known as position based routing. In position based routing protocols, it is supposed that the packet source node has position information of itself and its neighbors and packet destination node. In recent years, many location bas...
متن کامل