Abstract

      Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-sized cells (e.g., 512 B for Tor, a known real-world, circuit- based, low-latency anonymous communication network). Via extensive experiments on Tor, we found that the size of IP packets in the Tor network can be very dynamic because a cell is an application concept and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the number of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then, an accomplice of the attacker at the malicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor, and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective, and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect (e.g., using our hopping-based signal embedding).

Concerns about privacy and security have received increased attention with the rapid growth and public acceptance of the Internet, which has been used to create our global economy E. Anonymity has become a necessary and legitimate goal in many applications, Including anonymous browsing on the Web, location-based services (LBS), and electronic voting. In these applications, encryption alone can not maintain the anonymity required by participants. In the past, researchers have developed numerous anonymous communication systems. In general, mixing techniques can be used for message-based (high latency) or flow-based (low latency) anonymity applications. Email is a typical message-based anonymity application that has been thoroughly researched. Research on applications based on the anonymity flow has recently received great attention in order to preserve anonymity in low latency applications, including web browsing and peer-to-peer file sharing.

To degrade the anonymity service provided by anonymous communication systems, traffic analysis attacks have been studied. Existing traffic analysis attacks can be classified into two groups: passive traffic analysis and active watermarking techniques. The passive traffic analysis technique will log passively traffic and identify the similarity between the outgoing traffic of the sender and the incoming traffic of the receiver based on statistical measures. Because this type of attack is based on the correlation of the times of the messages that move through the anonymous system and does not change the characteristics of the traffic, it is also a passive synchronization attack. For example, Serjantov et al. He proposed a passive packet count scheme to observe the number of packets in a connection arriving at a merge node and leaving a node. However, they did not elaborate how packet counting could be done. To improve the accuracy of attacks, the active watermark technique has recently received a lot of attention. The idea of this technique is to actively introduce special signals (or tags) into the outgoing traffic of the sender with the intention of recognizing the signal embedded in the incoming traffic of the receiver.