skip to main content
research-article

How much anonymity does network latency leak?

Published: 05 March 2010 Publication History

Abstract

Low-latency anonymity systems such as Tor, AN.ON, Crowds, and Anonymizer.com aim to provide anonymous connections that are both untraceable by “local” adversaries who control only a few machines and have low enough delay to support anonymous use of network services like Web browsing and remote login. One consequence of these goals is that these services leak some information about the network latency between the sender and one or more nodes in the system. We present two attacks on low-latency anonymity schemes using this information. The first attack allows a pair of colluding Web sites to predict, based on local timing information and with no additional resources, whether two connections from the same Tor exit node are using the same circuit with high confidence. The second attack requires more resources but allows a malicious Web site to gain several bits of information about a client each time he visits the site. We evaluate both attacks against two low-latency anonymity protocols—the Tor network and the MultiProxy proxy aggregator service—and conclude that both are highly vulnerable to these attacks.

References

[1]
2008. TOR node status information. https://torstat.xenobite.edu/.
[2]
Back, A., Möller, U., and Stiglic, A. 2001. Traffic analysis attacks and trade-offs in anonymity providing systems. In Proceedings of Information Hiding Workshop (IH'01). Springer-Verlag, Berlin, 245--257.
[3]
Blum, A., Song, D., and Venkataraman, S. 2004. Detection of interactive stepping stones: Algorithms and confidence bounds. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID'04). Springer, Berlin.
[4]
Chaum, D. L. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Comm. ACM 24, 2, 84--88.
[5]
Chroboczek, J. 2003--2008. Polipo--A caching web proxy. http://www.pps.jussieu.fr/jch/software/polipo/.
[6]
Chun, B., Culler, D., Roscoe, T., Bavier, A., Peterson, L., Wawrzoniak, M., and Bowman, M. 2003. PlanetLab: an overlay testbed for broad-coverage services. SIGCOMM Comput. Commun. Rev. 33, 3, 3--12.
[7]
Costa, M., Castro, M., Rowstron, A., and Key, P. 2004. PIC: Practical internet coordinates for distance estimation. In Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04). IEEE, Los Alamitos, CA, 178--187.
[8]
Dabek, F., Cox, R., Kaashoek, F., and Morris, R. 2004. Vivaldi: A decentralized network coordinate system. In Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM'04). ACM, New York, 15--26.
[9]
Danezis, G. 2003. Statistical disclosure attacks: Traffic confirmation in open environments. In Proceedings of Security and Privacy in the Age of Uncertainty (SEC'03). Kluwer, The Netherlands, 421--426.
[10]
Danezis, G., Dingledine, R., and Mathewson, N. 2003. Mixminion: Design of a type III anonymous remailer protocol. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (SP'03). IEEE, Los Alamitos, CA, 2.
[11]
Díaz, C. and Serjantov, A. 2003. Generalizing mixes. In Proceedings of Privacy Enhancing Technologies Workshop (PET'03). Springer-Verlag, Berlin.
[12]
Dingledine, R., Mathewson, N., and Syverson, P. F. 1999. Anonymity bibliography. http://freehaven.net/anonbib.
[13]
Dingledine, R., Mathewson, N., and Syverson, P. F. 2004. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium. USENIX, Berkeley, CA.
[14]
Fawcett, T. 2006. An introduction to ROC analysis. Pattern Recogn. Lett. 27, 8, 861--874.
[15]
Federrath, H. and Köpsell, S. 2006. JAP: Java anonymous proxy. http://anon.inf.tu-dresden.de/.
[16]
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and Berners-Lee, T. 1999. IETF RFC 2616: Hypertext transfer protocol -- HTTP/1.1. http://www.ietf.org/rfc/rfc2616.txt.
[17]
Gil, T. M., Kaashoek, F., Li, J., Morris, R., and Stribling, J. 2005. The “King” data set. http://pdos.csail.mit.edu/p2psim/kingdata/.
[18]
Gueye, B., Ziviani, A., Crovella, M., and Fdida, S. 2006. Constraint-based geolocation of Internet hosts. IEEE/ACM Trans. Networking 14, 6, 1219--1232.
[19]
Gummadi, K. P., Saroiu, S., and Gribble, S. D. 2002. King: Estimating latency between arbitrary Internet end hosts. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement. ACM, New York, 5--18.
[20]
Hintz, A. 2002. Fingerprinting Web sites using traffic analysis. In Proceedings of the Privacy Enhancing Technologies Workshop (PET'02). Springer-Verlag, Berlin.
[21]
Hopper, N., Vasserman, E. Y., and Chan-Tin, E. 2007. How much anonymity does network latency leak? In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07). ACM, New York, 82--91.
[22]
jrandom. 2007. I2P. http://www.i2p.net/.
[23]
Kesdogan, D., Egner, J., and Büschkes, R. 1998. Stop-and-go MIXes: Providing probabilistic anonymity in an open system. In Proceedings of the Information Hiding Workshop (IH'98). Springer-Verlag, Berlin.
[24]
Ledlie, J., Gardner, P., and Seltzer, M. 2007. Network coordinates in the wild. In Proceedings of the 4th USENIX Symposium on Network Systems Design and Implementation (NSDI). USENIX, Berkeley, CA.
[25]
Mathewson, N. and Dingledine, R. 2004. Practical traffic analysis: Extending and resisting statistical disclosure. In Proceedings of the Privacy Enhancing Technologies Workshop (PET'04). Springer, Berlin, 17--34.
[26]
Moeller, U., Cottrell, L., Palfrader, P., and Sassaman, L. 2005. IETF draft: Mixmaster protocol version 2. http://www.ietf.org/internet-drafts/draft-sassaman-mixmaster-03. txt.
[27]
Murdoch, S. J. 2006. Hot or not: Revealing hidden services by their clock skew. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS). ACM, New York.
[28]
Murdoch, S. J. and Danezis, G. 2005. Low-cost traffic analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 183--195.
[29]
Ng, T. E. and Zhang, H. 2004. A network positioning system for the Internet. In Proceedings of the USENIX Conference. USENIX, Berkeley, CA.
[30]
Oikarinen, J. and Reed, D. 1993. IETF RFC 1459: Internet relay chat protocol. http://www. ietf.org/rfc/rfc1459.txt.
[31]
Øverlier, L. and Syverson, P. 2006. Locating hidden servers. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (SP'06). IEEE, Los Alamitos, CA, 100--114.
[32]
Panchenko, D. 2006. Lecture Notes of 18.443, Statistics for Applications. MIT Open Courseware Projec. http://ocw.mit.edu/OcwWeb/Mathematics/18-443Fall-2006/CourseHome/index.htm.
[33]
Reiter, M. K. and Rubin, A. D. 1998. Crowds: Anonymity for Web transactions. ACM Trans. Inf. Syst. Secur. 1, 1, 66--92.
[34]
Rennhard, M. and Plattner, B. 2002. Introducing MorphMix: Peer-to-peer based anonymous Internet usage with collusion detection. In Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society. ACM, New York, 91--102.
[35]
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and Schooler, E. 2002. SIP: Session initiation protocol. IETF RFC 3261. http://tools.ietf.org/html/rfc3261.
[36]
Serjantov, A. and Sewell, P. 2003. Passive attack analysis for connection-based anonymity systems. In Proceedings of 8th European Symposium on Research in Computer Security (ESORICS'03). Springer, Berlin.
[37]
Spring, N., Wetherall, D., and Anderson, T. 2003. Scriptroute: A public Internet measure-ment facility. In Proceedings of the USENIX Symposium on Internet Technologies and Systems (USITS). USENIX, Berkeley, CA, 225--238.
[38]
Syverson, P., Tsudik, G., Reed, M., and Landwehr, C. 2000. Towards an analysis of onion routing security. In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability. Springer-Verlag, Berlin, 96--114.
[39]
Wong, B., Stoyanov, I., and Sirer, E. G. 2006. Geolocalization on the Internet through constraint satisfaction. In Proceedings of the USENIX Workshop on Real, Large, Distributed Systems. USENIX, Berkeley, CA.
[40]
Wright, M., Adler, M., Levine, B. N., and Shields, C. 2003. Defending anonymous communication against passive logging attacks. In Proceedings of the 2003 IEEE Symposium on Security and Privacy. IEEE, Los Alamtios, CA.

Cited By

View all
  • (2024)Do 5G Networks Achieve The Proclaimed Promises? An Empirical Study Using YouTube Edge Service2024 IEEE International Conference on Edge Computing and Communications (EDGE)10.1109/EDGE62653.2024.00014(29-34)Online publication date: 7-Jul-2024
  • (2024)A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and FormalizationIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335000626:3(1775-1829)Online publication date: 4-Jan-2024
  • (2023)A Survey on Anonymous Communication Systems With a Focus on Dining Cryptographers NetworksIEEE Access10.1109/ACCESS.2023.324287011(18631-18659)Online publication date: 2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security
ACM Transactions on Information and System Security  Volume 13, Issue 2
February 2010
230 pages
ISSN:1094-9224
EISSN:1557-7406
DOI:10.1145/1698750
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 March 2010
Accepted: 01 October 2008
Revised: 01 July 2008
Received: 01 February 2008
Published in TISSEC Volume 13, Issue 2

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)43
  • Downloads (Last 6 weeks)0
Reflects downloads up to 27 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Do 5G Networks Achieve The Proclaimed Promises? An Empirical Study Using YouTube Edge Service2024 IEEE International Conference on Edge Computing and Communications (EDGE)10.1109/EDGE62653.2024.00014(29-34)Online publication date: 7-Jul-2024
  • (2024)A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and FormalizationIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335000626:3(1775-1829)Online publication date: 4-Jan-2024
  • (2023)A Survey on Anonymous Communication Systems With a Focus on Dining Cryptographers NetworksIEEE Access10.1109/ACCESS.2023.324287011(18631-18659)Online publication date: 2023
  • (2023)Investigating the effect of network latency on users’ performance in Collaborative Virtual Environments using navigation aidsFuture Generation Computer Systems10.1016/j.future.2023.02.025145(68-76)Online publication date: Aug-2023
  • (2023)An extended view on measuring tor AS-level adversariesComputers & Security10.1016/j.cose.2023.103302132(103302)Online publication date: Sep-2023
  • (2022)A Traffic Splitting Algorithm for Load Balancing in TorEntropy10.3390/e2406080724:6(807)Online publication date: 9-Jun-2022
  • (2022)gPHI: Lightweight Anonymity Protocol for Anonymity at Host and AS Levels2022 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking55013.2022.9829779(1-9)Online publication date: 13-Jun-2022
  • (2022)Continuous in-network round-trip time monitoringProceedings of the ACM SIGCOMM 2022 Conference10.1145/3544216.3544222(473-485)Online publication date: 22-Aug-2022
  • (2022)Improving Unlinkability of Attribute-based Authentication through Game TheoryACM Transactions on Privacy and Security10.1145/350126025:2(1-36)Online publication date: 4-Mar-2022
  • (2022)An Anonymity Vulnerability in TorIEEE/ACM Transactions on Networking10.1109/TNET.2022.317400330:6(2574-2587)Online publication date: Dec-2022
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media