Dissertation Defense: Henry Tan
Candidate Name: Henry Zhi Da Tan
Major: Computer Science
Advisor: Micah Sherr, Ph.D.
Title: Network Level Attacks and Defenses Against Anonymity Networks
Online anonymous communication is an important service used by individuals, journalists, government agencies and law enforcement agencies. One of the most popular uses of online anonymity is web browsing which necessitates using a low latency anonymity system. Unfortunately, these systems are typically vulnerable to the correlation attack, where an adversary that can observe the parts of a client’s flow that enter and leave the system, can deanonymize the client.
Recent research has shown that network layer adversaries pose far greater threat to anonymity systems than previously thought. By manipulating the Internet’s control-plane, i.e., BGP, an adversary can increase its view of the network and improve its ability to deanonymize clients.
In this dissertation, we study in depth these network level adversaries, attacks against BGP and their effects on the security of Tor. We propose and evaluate defenses against these attacks.
In order to evaluate the aforementioned threats, we construct accurate models of the Internet. Our models preserve important details of the Tor network, such as end to end latency and path of Autonomous Systems, of network routes.
Using these highly granular models, we emulate a scaled down version of the Tor network. Our emulations allow us to examine the performance of Tor and potential compromise due to an AS adversary under different relay selection strategies. Using an AS level model, we explore the effects of control-plane attacks on the security of Tor. We quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable, and the advantage the adversary attains by performing the attacks. We show that 13 % of Tor’s ingress bandwidth, at the median, is susceptible to an adversary which hijacks six prefixes.
We propose defense mechanisms to protect Tor users from manipulation at the control-plane. Our defenses require low overhead, do not assume the active participation of Internet Service Providers, and require small changes to Tor. We experimentally evaluate the effectiveness of our defenses, and show that they result in a more than tenfold decrease in the effectiveness of the control-plane attacks, preventing the attack entirely from many ASes.
Monday, April 18, 2016 at 3:00pm to 5:00pm
St. Mary's Hall, 326
3700 Reservoir Road, N.W., Washington