| 1. |
- Koponen, Teemu, et al.
(author)
-
Architecting for Innovation
- 2011
-
In: Computer communication review. - : Association for Computing Machinery (ACM). - 0146-4833 .- 1943-5819. ; 41:3, s. 24-36
-
Journal article (peer-reviewed)abstract
- We argue that the biggest problem with the current Internet architecture is not a particular functional deficiency, but its inability to accommodate innovation. To address this problem we propose a minimal architectural "framework" in which comprehensive architectures can reside. The proposed Framework for Internet Innovation (FII) - which is derived from the simple observation that network interfaces should be extensible and abstract - allows for a diversity of architectures to coexist, communicate, and evolve. We demonstrate FII's ability to accommodate diversity and evolution with a detailed examination of how information flows through the architecture and with a skeleton implementation of the relevant interfaces.
|
|
| 2. |
- Greschbach, Benjamin, 1983-, et al.
(author)
-
The Effect of DNS on Tor’s Anonymity
- 2017
-
In: 24th Annual Network and Distributed System Security Symposium (NDSS 2017). - Reston, VA : Internet Society.
-
Conference paper (peer-reviewed)abstract
- Previous attacks that link the sender and receiver oftraffic in the Tor network (“correlation attacks”) have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by DNS requests and responses. This additional traffic presents more opportunities for correlation attacks. This paper quantifies how DNS traffic can make Tor users more vulnerable to correlation attacks. We investigate how incorporating DNS traffic can make existing correlation attacks more powerful and how DNS lookups can leak information to third parties about anonymous communication. We (i) develop a method to identify the DNS resolvers of Tor exit relays; (ii) develop a new set of correlation attacks (DefecTor attacks) that incorporate DNS traffic to improve precision; (iii) analyze the Internet-scale effects of these new attacks on Tor users; and (iv) develop improved methods to evaluate correlation attacks. First, we find that there exist adversaries that can mount DefecTor attacks: for example, Google's DNS resolver observes almost 40% of all DNS requests exiting the Tor network. We also find that DNS requests often traverse ASes that the corresponding TCP connections do not transit, enabling additional ASes to gain information about Tor users' traffic. We then show that an adversary that can mount a DefecTor attack can often determine the website that a Tor user is visiting with perfect precision, particularly for less popular websites where the set of DNS names associated with that website may be unique to the site. We also use the Tor Path Simulator (TorPS) in combination with traceroute data from vantage points co-located with Tor exit relays to estimate the power of AS-level adversaries that might mount DefecTor attacks in practice.
|
|
| 3. |
- Winter, Philipp, et al.
(author)
-
Identifying and characterizing Sybils in the Tor network
- 2016
-
In: Proceedings of the 25th USENIX Security Symposium. - : USENIX - The Advanced Computing Systems Association. - 9781931971324 ; , s. 1169-1185
-
Conference paper (peer-reviewed)abstract
- Being a volunteer-run, distributed anonymity network, Tor is vulnerable to Sybil attacks. Little is known about real-world Sybils in the Tor network, and we lack practical tools and methods to expose Sybil attacks. In this work, we develop sybilhunter, a system for detecting Sybil relays based on their appearance, such as configuration; and behavior, such as uptime sequences. We used sybilhunter’s diverse analysis techniques to analyze nine years of archived Tor network data, providing us with new insights into the operation of real-world attackers. Our findings include diverse Sybils, ranging from botnets, to academic research, and relays that hijacked Bitcoin transactions. Our work shows that existing Sybil defenses do not apply to Tor, it delivers insights into realworld attacks, and provides practical tools to uncover and characterize Sybils, making the network safer for its users.
|
|
