Title :
Effective Attacks in the Tor Authentication Protocol
Author_Institution :
State Key Lab. of Networking & Switching Technol., Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
As an anonymous Internet communication system Tor is popular and famous, being used by lots of users. The security of Tor is based on the authentication protocol. Although the Tor authentication protocol has been proved secure, this paper discovers its security vulnerability through its concurrency analysis, and shows it cannot be securely executed by multiple concurrent sessions. A new session-key exchange protocol for Tor is proposed to dispose of the security vulnerability, where a modular method is adopted to design a secure key exchange protocol in realistic world. Finally, the proposed protocol is proved secure in the UC (universally composable) model which defines conditions for a protocol to securely compose with other protocols in a concurrent environment.
Keywords :
Internet; cryptographic protocols; message authentication; routing protocols; The Onion Router; Tor authentication protocol; anonymous Internet communication system; concurrency analysis; modular method; security vulnerability; session-key exchange protocol; universally composable model; Access protocols; Authentication; Circuits; Communication system security; IP networks; Laboratories; Privacy; Protection; Routing protocols; Telecommunication switching; Authenticator; Onion Routing Protocol; Tor; Tor Authentication Protocol; Universally Composable Security;
Conference_Titel :
Network and System Security, 2009. NSS '09. Third International Conference on
Conference_Location :
Gold Coast, QLD
Print_ISBN :
978-1-4244-5087-9
Electronic_ISBN :
978-0-7695-3838-9
DOI :
10.1109/NSS.2009.94
