Lowcost and Stealthy DoS Attack on Tor - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Lowcost and Stealthy DoS Attack on Tor

Description:

A system for low latency anonymous communications. Anonymous from. Correspondent ... Client proxy selects a set of intermediate nodes (onion routers) ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 18
Provided by: jing70
Category:

less

Transcript and Presenter's Notes

Title: Lowcost and Stealthy DoS Attack on Tor


1
Low-cost and Stealthy DoS Attack on Tor
  • Jing Dong

2
Tor A System for Anonymity
  • A system for low latency anonymous communications
  • Anonymous from
  • Correspondent
  • External observers
  • Network infrastructures

3
How Tor Works
  • Circuit Establishment
  • Client proxy selects a set of intermediate nodes
    (onion routers)
  • Client proxy establishes session key circuit
    with onion router 1
  • Client proxy tunnels through the circuit to
    extend to onion router 2
  • etc until the whole circuit is established
  • Circuit usage
  • Client proxy communicates over the circuit with
    correspondent

4
Tor Circuit Illustration
5
Key Circuit Property
  • Circuit property
  • No router has complete knowledge of the whole
    path of the circuit
  • Each router only knows its previous and next hop
  • Key property for guaranteeing anonymity

6
Adversary Models
  • No global observers
  • Allow individual router failures and subversions
  • Allow directory server failures and subversions
  • Allow DoS from clients
  • Safe in the presence traffic analysis

7
Existing Attacks and Defenses
  • Network congestion
  • Attack send massive data into network but refuse
    to accept the data
  • Defense use congestion control to limit the
    number of pending packets in the network for each
    connection.
  • DoS against individual routers and links
  • Attack
  • CPU consumption on routers through fake TLS
    handshake
  • DoS the links between routers
  • Defense
  • Robustness resilient against individual router
    or link failures
  • End-to-end acknowledgement
  • DoS/subvert directory servers
  • Attack
  • DoS directory server
  • Malicious directory server
  • Defense
  • Directory server redundancy and caching

8
Proposed DoS Attack
  • Goal
  • DoS through consuming network bandwidth
  • Low cost moderate resource requirement on the
    attacker
  • Stealthy difficult to be discovered
  • Assumption
  • Controls a single onion router
  • Easy to achieve
  • In Tor, anybody can be an onion router

9
Main Idea Circular Circuit
  • Build circular circuit among the target routers
  • Push packets to the circular circuit
  • Packets will flow indefinitely, consuming network
    bandwidth
  • The more packets, the larger portion of bandwidth
    is consumed

10
Attack Details
  • Select target routers
  • Easy all router info is available at directory
    servers
  • Select all active routers to maximize damage
  • Order target routers
  • Order in the order of decreasing bandwidth to
    maximize damage
  • Bandwidth info available at directory server
  • Build circular circuit
  • Build circuit with normal circuit creation
    protocol
  • Make sure the last hop of the circuit is the
    attacker itself
  • Splice the end and beginning of the circuit
    together at the attacker controlled router
    circular circuit is formed
  • Push packets down the circular circuit

11
Low-cost
  • Assume the bandwidth of the attacker is B
  • The attack consumes bandwidth B from all the
    routers in the network
  • Even a small B can cause large bandwidth
    consumption
  • If B is larger than the largest bandwidth among
    all the routers
  • All the bandwidth of the whole network is consumed

12
Stealthy
  • Each router only knows the previous and next hop
  • No router can realize the circuit is circular
  • Cannot even realize its under attack
  • Only notice large amount of traffic
  • The attacker appears just like any other router
  • Cannot pin-point where the attack starts

13
Mitigation and Prevention
  • Prevent circular circuit being formed
  • Use Trusted Third Party to maintain circuit info
  • Consult the TTP when circuit is extended
  • Detect circular packet flow
  • Use dummy packets that is detectable only by the
    origin
  • Circular circuit is present if dummy packets from
    itself is received

14
Implementation and Evaluation
  • Need to evaluate the attack impact in real
    network
  • Implementation is partial
  • Set up experimental Tor network
  • Removed some randomness in Tor for consistency of
    attack result
  • Fixed some bugs in the latest Tor source code
  • Narrowed down to a few key functions

15
Anonymity vs. DoS
  • Observation
  • Key property used for anonymity is used for DoS
  • Question
  • Is anonymity inherently contradictory to
    resiliency to DoS?
  • Answer
  • No, but without careful design, anonymity can be
    used to mount DoS that is difficult to defend

16
Contributions
  • Identified a low-cost, stealthy DoS against Tor
  • Identified possible defense mechanisms
  • Gained some insight on the relationship between
    anonymity and DoS
  • Made partial implementation and fixed some bugs
    in the Tor source code

17
Future Work
  • Finish implementation and evaluation of the
    attack
  • Investigate defense mechanisms
  • Investigate other DoS
  • DoS from external client?
  • DoS by simple flooding?
Write a Comment
User Comments (0)
About PowerShow.com