http://arxiv.org/abs/1503.03940
Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer
Rexford, Mung Chiang, Prateek Mittal
(Submitted on 13 Mar 2015)
The Tor network is a widely used system for anonymous communication.
However, Tor is known to be vulnerable to attackers who can observe
traffic at both ends of the communication path. In this paper, we show
that prior attacks are just the tip of the iceberg. We present a suite
of new attacks, called Raptor, that can be launched by Autonomous
Systems (ASes) to compromise user anonymity. First, AS-level
adversaries can exploit the asymmetric nature of Internet routing to
increase the chance of observing at least one direction of user
traffic at both ends of the communication. Second, AS-level
adversaries can exploit natural churn in Internet routing to lie on
the BGP paths for more users over time. Third, strategic adversaries
can manipulate Internet routing via BGP hijacks (to discover the users
using specific Tor guard nodes) and interceptions (to perform traffic
analysis). We demonstrate the feasibility of Raptor attacks by
analyzing historical BGP data and Traceroute data as well as
performing real-world attacks on the live Tor network, while ensuring
that we do not harm real users. In addition, we outline the design of
two monitoring frameworks to counter these attacks: BGP monitoring to
detect control-plane attacks, and Traceroute monitoring to detect
data-plane anomalies. Overall, our work motivates the design of
anonymity systems that are aware of the dynamics of Internet routing.