Timing Analysis Attacks in Anonymous Systems
Anonymous systems are used to allow users to surf the web and communicate with servers anonymously. Some of the popular anonymity service providers are TOR, GTunnel, etc. The main reason for using and anonymous system is most often to hide the identity of the user. However it is important that the efficiency of the anonymous system is not decreased in the process of providing this service and which depends on numerous factors like latency, the degree of anonymity, etc. The communication between the sender and the receiver happens through a set of routers, often referred to as a mix or node, whose job is to hide the relationship between the incoming and outgoing packets. It does this by using various techniques i.e., using encryption, adding delays, adding cover traffic, etc.
In timing analysis attacks we assume that the attacker has access to a particular set of mixes, i.e the attacker is a part of the network. By studying the timing of the messages going through the mixes it is possible for the attacker to determine the mixes that form a communication path. If the first and last mixes in the network are owned by the attacker, then it is possible for him to figure out the identities of the sender and the receiver. Some of the anonymous systems use a technique known as constant rate cover traffic, in which some extra cover traffic is sent along with the normal traffic so that it appears as though the messages are being sent at a constant rate through each path, thereby making it difficult for the attacker to find any correlation between the messages. In the past few years, many timing analysis attacks and defenses have been developed, some of which we will be discussing in this article.
a) TOR -Tor is a software that provides online anonymity to its users by not revealing their identity. The communication between the sender (client) and the receiver (destination) happens through a bunch of Tor nodes that form a network. These nodes are actually the systems of the various users around the world running TOR who opt to be a part of the network. When a user wants to visit a particular website, TOR chooses a random path and nodes. Note that the traffic between these nodes is encrypted and follows the onion routing protocol. In onion routing a message is encrypted a number of times and then sent to the network containing the nodes. In each node the message is decrypted once, receives further routing instructions and then proceeds to move over to the next node. This process is similar to peeling an onion layer by layer; hence the name Onion Routing. This ensures that each node does not know about the sender and the receiver. Also it becomes difficult for an attacker performing traffic analysis on the network to figure out the identity of the sender and the receiver.
TOR can be downloaded from here. The following figure shows TOR running on my system using Vidalia. Vidalia is a kind of GUI for TOR. It lets us perform various operations like Start/Stop TOR, View the network of users which form a part of the TOR network, Setup relaying and so on.
We can also set up our system to be a part of the TOR network.You can find more information about that here. Click on ‘View the Network’ to see the number of systems acting as relays for the TOR network.
Please note that it is possible to run your system as a middle relay or an exit relay. The exit relay is the last relay through which the traffic on a certain communication path passes through before reaching the final destination. There can be many exit nodes on the whole network. In case an illegal activity is performed by someone using TOR, the exit relay could be blamed for that because the IP address of the exit relay will appear to be the source address in the logs of the victim. Hence people who want to run exit relays should be aware of these kind of things.
b) GTunnel – GTunnel is another anonymity system for Windows released by Garden Networks in 2007. It works as a local HTTP proxy and SOCKS proxy. When we use this proxy for our browser, the traffic is directed through the GTunnel servers before reaching the original destination in the standard mode. There are other modes too in which we can use GTunnel. For example, in Skype Mode the GTunnel first connects through the peer-to-peer network of Skype and then to the GTunnel servers. There is also the Tor mode, in which GTunnel connects through Tor nodes to the GTunnel servers and then to the final destination. Note that the traffic is encrypted throughout the communication path.
Timing Analysis attacks
a) Watermarking – In this technique, the attacker actively injects the message in a flow with a specific pattern. If the pattern is then observed in some other flow in the output stream of a mix, then it can be assumed that the two flows have a common path. This technique has proven to be quite successful against anonymous systems. One of the other advantages of watermarking is that it is not very computationally expensive to perform.
b) Flow Correlation attack – If successfully perfomed, this attack can allow the attacker to identify the path of the flow and even reveal the identity of the sender and the receiver. The idea is to analyze one particular mix, see all the traffic that it is receiving at a particular port, and then find which output ports on the same mix is carrying the traffic corresponding to the traffic at the input port. This can be achieved by noting the similarity between the traffic at the input and the output port, which could be based on the timing of the packets, packet size, etc.
c) Selective Cross Correlation attack – This attack is a bit more effective than the Flow Correlation attack. Some of the mixes add some dummy traffic (also called cover traffic) to prevent from timing analysis attacks. In Selective Cross Correlation attack we assume the incoming and outgoing traffic are two streams, and we divide both of these streams into non-overlapping windows. We then try to compare the packets in the incoming window in the input stream with the corresponding packets in the outgoing window in the output stream. In case the traffic in the outgoing window is more than the incoming window, then we can clearly say that some dummy traffic has been added. We then remove all the windows in which we think cover traffic has been used from our test case and perform cross correlation on the other windows only, thereby giving us a better result.
Defenses Against Timing Analysis Attacks
To counter the threat of timing analysis attacks a number of defenses and algorithms have been proposed in the last few years. The solution is to choose a tradeoff between the best defense and the various factors which affect the efficiency of an anonymity system such as latency, bandwidth and anonymity. Also the topology of the network is an important consideration in this case. In this section we will go through the various defenses that have been proposed against timing analysis attacks.
a) Adaptive Padding – In the case of adaptive padding, arbitrary packets are inserted into the stream by the mixes in order to destroy the results for timing analysis attacks. This prevents the attacker from linking the incoming and outgoing streams to a certain extent. Padding ratio is a term used to signify the number of dummy packets used per original packet. For e.g if the padding ratio is 0.5, then there is 1 dummy packet for every 2 real packets. Adaptive padding works pretty well against passive timing analysis attacks. It can also work well with active timing analysis attacks in which specific patterns are added in streams in order to fingerprint them for later use (it’s worth noting that this method slightly increases latency).
b) Defensive Dropping – In Defensive Dropping the sender sends the message with some dummy packets and the intermediate mixes are instructed to drop those packets. If this process is repeated several times for different streams, then it reduces the correlation between the incoming and outgoing streams and hence the probability of an attacker figuring out the path of the flow. These packets are randomly selected to be dropped. Note that no one mix is instructed to drop the packets, rather a number of intermediate mixes are instructed to drop the packets.
c) Gamma Buffering – This technique involves buffering some packets before passing them over from one mix to another. For example, if the number of incoming connections to a node is p and the value of Gamma is γ, then according to the algorithm, the node must buffer a total of γ*p number of packets before passing them through. However some of the disadvantages of Gamma Buffering is that it could lead to additional delays. For example, the required number of packets (γ*p) may arrive earlier in a stream than the other. Hence there would be an extra delay in the stream receiving lesser number of packets which could increase further as the packets flow through other nodes. This problem will not occur on high traffic networks though. These variable delays will destroy many of the timing characteristics and watermarks that an attacker must have injected and will be looking for in the outgoing streams.
These kind of attacks can be tested by setting up a private TOR network. It is always a challenging task to test these attacks mainly because they involve controlling a lot of systems at once. Planetlab and Deterlab make this very easy for us. Planetlab consists of a group of computers contributed from different sites across the world to serve as a testbed for performing experiments that involve a large number of nodes. Different universities and corporations across the world provide their own systems to be used for performing experiments, development and research. Access is not provided to all users but only to those who are a part of an institution that is a member of the PlanetLab Consortium. Every institution which is a part of Planetlab has a Principal Investigator that should approve accounts for their members. Deterlab is another testbed for conducting network security related experiments. To have access to Deterlab the head of the project must register for a new project on Deterlab’s website. Different projects could be run on the same nodes without affecting each other. We can also set up the topology of the network in Deterlab.
Anonymous systems help users surf the web anonymously. Some of the popular anonymous systems are TOR, GTunnel, etc. Anonymous systems can be attacked through various ways to reveal the identity of the user. In this article we discussed the way some of the anonymous systems work and we also discussed a set of attacks called timing analysis. By looking at the timing of the messages flowing through the intermediate servers, it is possible for an attacker to compromise the identity of the user and figure out the path the user is using to connect to the web.
Timing Attacks in Low-Latency Mix Systems http://www.cs.umass.edu/~mwright/papers/levine-timing.pdf
Selective Cross Correlation in Passive Timing
Analysis Attacks against Low-Latency Mixeshttp://isec.uta.edu/mwright/papers/scc.pdf
Timing analysis in low-latency mix networks: attacks and defenses www.cs.utexas.edu/~shmat/shmat_esorics06.ps
Studying Timing Analysis on the Internet with SubRosa http://isec.uta.edu/mwright/papers/daginawala.pdf
Tor: The Second-Generation Onion Router https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf
Preventing Active Timing Attacks in
Low-Latency Anonymous Communicationhttp://www.cs.yale.edu/homes/jf/FJS-PETS2010.pdf
Anonymity Analysis of Mix Networks Against Flow-Correlation Attackshttp://www.cs.tamu.edu/academics/tr/tamu-cs-tr-2005-2-1