Protecting anonymity in the presence of autonomous system and internet exchange level adversaries

Juen, Joshua

Permalink

https://hdl.handle.net/2142/34363 Copy

Description

Title

Protecting anonymity in the presence of autonomous system and internet exchange level adversaries

Author(s)

Juen, Joshua

Issue Date

2012-09-18T21:13:21Z

Director of Research (if dissertation) or Advisor (if thesis)

Borisov, Nikita

Department of Study

Electrical & Computer Eng

Discipline

Electrical & Computer Engr

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• Anonymity
• Autonomous Overlay Networks
• Privacy
• Tor
• Networking

Abstract

This thesis analyzes the threat of autonomous system (AS) and Internet exchange (IX) level adversaries on Tor, currently the most widely deployed and used anonymity overlay network. Of particular interest is the possibility of a single AS or IX point observing both the path from the client to the entry node and the path from the exit node to the nal destination. Experimental results indicate that a non-trivial number of circuits are vulnerable to such compromise. A novel AS-level path prediction algorithm is developed in order to allow the client to choose paths without vulnerabilities. The path prediction algorithm sacri ces some accuracy in the top path prediction in order to decrease the hardware requirements necessary to predict AS-level paths and is simple enough to run on standard client hardware. We validate the accuracy of the path predictor rst compared to classical path prediction algorithms, then compared to traceroute data taken from Planet Lab. The simulator predicts paths with similar sets of ASes and links nding 90% of the actual ASes seen in the traceroute data. The e ects of choosing paths utilizing the new path predictions is then investigated to nd that load balancing is adversely a ected. The entropy loss due to the new path selection method is also investigated, speci cally the entropy of the client from an adversary observing the exit/destination path. We nd that choosing paths with our new path selection algorithm results in minimal entropy loss. Overall, the results demonstrate that the new path simulator is a lightweight solution to defend against AS and IX-level compromise of anonymous communication paths on the Internet and should be considered for deployment to maintain the privacy guarantees of such systems.

Graduation Semester

2012-08

Permalink

http://hdl.handle.net/2142/34363

Copyright and License Information

Copyright 2012 Joshua Paul Joseph Juen

Owning Collections