Predicting Tor path compromise by exit port

Author

Bauer, Kevin ; Grunwald, Dirk ; Sicker, Douglas

Author_Institution

Dept. of Comput. Sci., Univ. of Colorado, Boulder, CO, USA

fYear

2009

fDate

14-16 Dec. 2009

Firstpage

384

Lastpage

387

Abstract

Tor is currently the most popular low latency anonymizing overlay network for TCP-based applications. However, it is well understood that Tor´s path selection algorithm is vulnerable to end-to-end traffic correlation attacks since it chooses Tor routers in proportion to their perceived bandwidth capabilities. Prior work has shown that the fraction of malicious routers and the amount of adversary-controlled bandwidth are significant factors for predicting the number of paths that an adversary can compromise. We extend this prior work by identifying that the application-layer protocol being transported is also a significant factor in predicting path compromise. Through a simulation study driven by data obtained from the real Tor network, we show that ports commonly associated with peer-to-peer file sharing protocols and the simple mail transport protocol (SMTP) are significantly more vulnerable to this attack than other ports.

Keywords

correlation methods; peer-to-peer computing; telecommunication traffic; transport protocols; TCP-based applications; Tor path compromise; Tor routers; end-to-end traffic correlation attacks; exit port; malicious routers; overlay network; peer-to-peer file sharing protocols; simple mail transport protocol; Bandwidth; Circuit simulation; Computer science; Delay; Internet; Peer to peer computing; Telecommunication traffic; Timing; Traffic control; Transport protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance Computing and Communications Conference (IPCCC), 2009 IEEE 28th International

Conference_Location

Scottsdale, AZ

ISSN

1097-2641

Print_ISBN

978-1-4244-5737-3

Type

conf

DOI

10.1109/PCCC.2009.5403852

Filename

5403852