A New Cell Counting Based Attack Against Tor

Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-sized cells. Via extensive experiments on Tor, we found that the size of IP packets in the Tor network can be very dynamic because a cell is an application concept and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the number of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then, an accomplice of the attacker at themalicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor, and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective, and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect.

Existing System:

Most existing approaches are based on traffic analysis. Passive traffic analysis technique will record the traffic passively and identify the correlation between senderís outbound traffic and receiverís inbound traffic based on statistical measures. This type of technique requires a relatively long period of traffic observation for a reasonable detection rate. The idea is to actively introduce special signals into the senderís outbound traffic with the intention of recognizing the embedded signal at the receiverís inbound traffic. Encryption does not work, since packet headers still reveal a great deal about users

Proposed System:

In this project, we focus on the active watermarking technique, which has been active in the past few years. Proposed a flow-marking scheme based on the direct sequence spread spectrum technique by utilizing a pseudo-noise code. By interfering with the rate of a suspect senderís traffic and marginally changing the traffic rate, the attacker can embed a secret spread-spectrum signal into the target traffic. The embedded signal is carried along with the target traffic from the sender to the receiver, so the investigator can recognize the corresponding communication relationship, tracing the messages despite the use of anonymous networks. However, in order to accurately confirm the anonymous communication relationship of users, the flow-marking scheme needs to embed a signal modulated by a relatively long length of PN code, and also the signal is embedded into the traffic flow rate variation. Houmansadr et al. proposed a nonblind network flow watermarking scheme called RAINBOW for stepping stone detection.



Tools Used:

Front End : ASP.Net with C#
Back End : SQL Server 2005