针对TOR的节点选择攻击技术研究
|
摘要
在通信过程中,安全性涉及到数据信息的安全以及通信关系的安全。通信信息本身可以通过加密进行保护,而对于通信双方身份和通信关系来说,基于TCP/IP协议的通信模型很难将源地址、目的地址、报文长度等报文头部信息通过加密算法来隐藏,这就使得攻击者可以通过窃听和流量分析来获取有价值的信息,从而推断出通信双方的身份。为了保证通信双方身份和通信关系的保密性,提出了匿名通信的概念。匿名通信系统主要采用重路由、包填充和广播/组播等技术,在一定程度上有效地保护了通信双方和通信关系的匿名性。
TOR系统是一种采用重路由与加密技术相结合的匿名系统,它一方面通过对数据层层加密来保证数据在传输过程中的安全,另一方面经过多个节点转发来隐藏通信流,抵御流量分析攻击。
本文在研究TOR系统源代码的基础上,分析了TOR系统中的节点选择策略,发现了其固有的缺陷,提出了一种节点选择攻击方案。理论分析表明,该方案能有效地关联出通信的双方,而且资源需求小,攻击效果明显。本文的主要研究工作包括以下几个方面:
(1)通过对TOR系统的源代码进行研究,分析了TOR系统的工作流程、洋葱代理构建隐蔽路径的过程、数据包格式、数据加解密算法,重点对TOR系统的节点选择策略、目录服务器和路由信息管理策略进行了分析。
(2)研究发现TOR系统为了达到低延迟的目的,没有对数据流进行缓存、排序和混合,这使得攻击者可以通过对通信流的时间相关性进行分析,从而推断出路径中的转发节点。针对TOR系统的这个缺陷,讨论了TOR系统的攻击模型,详细分析了目前对TOR系统威胁较大的通信流攻击和时间攻击方式。
(3)介绍并分析了一种名为混合TOR系统的TOR改进方案,并对其抵抗通信流攻击和时间攻击的性能进行了分析。
(4)研究发现洋葱代理在节点选择策略中存在的漏洞,提出一种节点选择攻击方案。该方案通过在TOR网络中加入受控节点和攻击服务器,利用虚报资源的方法,使受控节点同时被选择成为一条隐蔽路径的入口节点和出口节点,并通过攻击服务器对受控节点上传的路径信息进行匹配分析,进而关联出通信双方的身份。性能分析表明,该方案能够有效地将受控节点插入到用户构建的隐蔽路径中,只需极少的资源就可以对TOR网络造成较大范围的影响。最后,针对混合TOR系统提出一些节点选择攻击方案的改进,并对其进行了性能分析。
In the process of communication, security involves the safety of data information and communication relationship. The security of information itself can be protected through the use of encryption, but for the communication's two sides and communication relationships, communication model based on TCP/IP protocol hardly hides the message head information through the encryption, such as source address, destination address and message length, it make the attacker can obtain more worth information through eavesdropping and traffic analysis, then infer the identity of communication between the two sides. In order to ensure the confidentiality of the communication relations between the two sides and the identity of communication's two sides, people propose the concept of anonymous communication. Anonymous communication system mainly uses rerouting, cell filling and broadcast/multicast technology to protect the anonymity of communication relationships and two sides of communication to a certain extent.
TOR is a anonymous communication system combination with rerouting and encryption technology, on the one hand it protects the security of data in the process of transmission through layers encryption solution, on the other hand uses multiple nodes forwarding to hide traffic in order to defend the traffic analysis.
On the study of TOR source code, we analyze the strategy of node selection, find its inherent weakness, and propose a node selection attack scheme. Theory analysis proves that, this scheme can infer the two sides of communication, and have the characteristics of less resource requirements and significant attack effect. The main research of this paper includes the following.
(1)This paper analyses the main process of TOR, the process of building secret path, packet format, and encryption algorithm. Specially, we focus on the analysis of node selection strategy, directory severs and routing information.
(2)The study found that TOR don't cache, mix and shape the data in order to lower the latency, so attackers can analyze the time relation of traffic, and infer the forwarding nodes in the path. Aiming at weakness of TOR, this paper discusses the attack model of TOR, the traffic analysis attack and time attack in details. The traffic analysis attack and time attack can pose a grave threat to TOR.
(3)This paper introduces an improved TOR named Mixed TOR System, and analyses its performance under the traffic attack and time attack.
(4)By analyzing the source code of TOR, we find the weakness of node selection strategy, and propose a node selection attack scheme. This scheme can make attacker insert malicious nodes or server to the TOR network, and make the malicious nodes be the entry node and exit node at the same time through false routing advertisement. Then let the attack server analyze the routing information uploading by malicious nodes to infer the two sides of communication. The analysis of performance shows that this scheme can effectively insert malicious nodes to the secret path of normal users, and have a greater impact to the TOR network with fewer resources required. Finally,aimed at Mixed TOR System , we propose the improvement of node selection attack scheme, and analyze the performance of improved scheme.
TOR系统是一种采用重路由与加密技术相结合的匿名系统,它一方面通过对数据层层加密来保证数据在传输过程中的安全,另一方面经过多个节点转发来隐藏通信流,抵御流量分析攻击。
本文在研究TOR系统源代码的基础上,分析了TOR系统中的节点选择策略,发现了其固有的缺陷,提出了一种节点选择攻击方案。理论分析表明,该方案能有效地关联出通信的双方,而且资源需求小,攻击效果明显。本文的主要研究工作包括以下几个方面:
(1)通过对TOR系统的源代码进行研究,分析了TOR系统的工作流程、洋葱代理构建隐蔽路径的过程、数据包格式、数据加解密算法,重点对TOR系统的节点选择策略、目录服务器和路由信息管理策略进行了分析。
(2)研究发现TOR系统为了达到低延迟的目的,没有对数据流进行缓存、排序和混合,这使得攻击者可以通过对通信流的时间相关性进行分析,从而推断出路径中的转发节点。针对TOR系统的这个缺陷,讨论了TOR系统的攻击模型,详细分析了目前对TOR系统威胁较大的通信流攻击和时间攻击方式。
(3)介绍并分析了一种名为混合TOR系统的TOR改进方案,并对其抵抗通信流攻击和时间攻击的性能进行了分析。
(4)研究发现洋葱代理在节点选择策略中存在的漏洞,提出一种节点选择攻击方案。该方案通过在TOR网络中加入受控节点和攻击服务器,利用虚报资源的方法,使受控节点同时被选择成为一条隐蔽路径的入口节点和出口节点,并通过攻击服务器对受控节点上传的路径信息进行匹配分析,进而关联出通信双方的身份。性能分析表明,该方案能够有效地将受控节点插入到用户构建的隐蔽路径中,只需极少的资源就可以对TOR网络造成较大范围的影响。最后,针对混合TOR系统提出一些节点选择攻击方案的改进,并对其进行了性能分析。
In the process of communication, security involves the safety of data information and communication relationship. The security of information itself can be protected through the use of encryption, but for the communication's two sides and communication relationships, communication model based on TCP/IP protocol hardly hides the message head information through the encryption, such as source address, destination address and message length, it make the attacker can obtain more worth information through eavesdropping and traffic analysis, then infer the identity of communication between the two sides. In order to ensure the confidentiality of the communication relations between the two sides and the identity of communication's two sides, people propose the concept of anonymous communication. Anonymous communication system mainly uses rerouting, cell filling and broadcast/multicast technology to protect the anonymity of communication relationships and two sides of communication to a certain extent.
TOR is a anonymous communication system combination with rerouting and encryption technology, on the one hand it protects the security of data in the process of transmission through layers encryption solution, on the other hand uses multiple nodes forwarding to hide traffic in order to defend the traffic analysis.
On the study of TOR source code, we analyze the strategy of node selection, find its inherent weakness, and propose a node selection attack scheme. Theory analysis proves that, this scheme can infer the two sides of communication, and have the characteristics of less resource requirements and significant attack effect. The main research of this paper includes the following.
(1)This paper analyses the main process of TOR, the process of building secret path, packet format, and encryption algorithm. Specially, we focus on the analysis of node selection strategy, directory severs and routing information.
(2)The study found that TOR don't cache, mix and shape the data in order to lower the latency, so attackers can analyze the time relation of traffic, and infer the forwarding nodes in the path. Aiming at weakness of TOR, this paper discusses the attack model of TOR, the traffic analysis attack and time attack in details. The traffic analysis attack and time attack can pose a grave threat to TOR.
(3)This paper introduces an improved TOR named Mixed TOR System, and analyses its performance under the traffic attack and time attack.
(4)By analyzing the source code of TOR, we find the weakness of node selection strategy, and propose a node selection attack scheme. This scheme can make attacker insert malicious nodes or server to the TOR network, and make the malicious nodes be the entry node and exit node at the same time through false routing advertisement. Then let the attack server analyze the routing information uploading by malicious nodes to infer the two sides of communication. The analysis of performance shows that this scheme can effectively insert malicious nodes to the secret path of normal users, and have a greater impact to the TOR network with fewer resources required. Finally,aimed at Mixed TOR System , we propose the improvement of node selection attack scheme, and analyze the performance of improved scheme.
引文
[1] ChaumD.Untraceable electronic mail,return address,and digital Pseudo- nyms[J].Communications of the ACM,1981,24(2):65-67
[2]王继林,伍前红,陈德人等.匿名技术的研究进展[J].通信学报,2005,26(2): 112-118
[3]朱娜斐,陈松乔,眭鸿飞.匿名通信概览[J].计算机应用,2005,25(11): 2475-2479
[4] Paul F.Syverson,David M.Goldschlag,Michael G.Reed.Anonymous Connections and Onion Routing[C].In Proceedings of the 1997 IEEE Symposium on Security and Privacy(S&P'97),1997:44-54
[5] D.M.Goldschlag,M.G.Reed,P.F.Syverson.Hiding Routing Information[J].InR. Anderson(Ed.):First International Workshop of Information Hiding,1996, 1174:137-150
[6] Freedman MJ,Morris R.Tarzan A Peer-to-Peer Anonymizing Network Layer[A].Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), 2002:193-206
[7] Michael Reiter,Aviel Rubin.Crowds:Anonymity for Web Transactions[J].ACM Transactions on Information and System Security,1998,1(1):66-92
[8] Jean.F.Raymond.Traffic Analysis:Protocols,Attacks,Design Issues,and Open Problems,Anonymity[C],Proceedings of International Workshop on Design Issues in Anonymity and Unobservability,2001:10-29
[9] M.Wright,M.Adler,B.N.levine,C.Shields.Defending anonymous communication against passive logging attacks[C].IEEE Symposium on Security and Privacy,2003.5:24-81
[10]吴艳辉,郭华.重路由匿名通信系统抗攻击性分析[J].湖南理工学院学报(自然科学版),2006,19(1):59-61
[11]陈世卿,徐红云,张大方.基于过程的匿名通信系统攻击分类研究[J].计算机应用研究,2005,7:119-121
[12] John R.Douceur.The Sybil Attack[C].In Proceedings of the 1st International Peer To Peer Systems Workshop,2002.3:251-260
[13] Marcin G,Marek K,Miroslaw K.Local View Attack on Anonymous Communication[J],ESORICS 2005,2005,3679:455-478
[14]吴振强.匿名技术的抗攻击性研究[J].陕西师范大学学报,2004,32(1):29-32
[15]徐红云,江丽,彭曙光等.匿名系统中统计分析攻击及防御策略研究[J].湖南大学学报(自然科学版),2007,34(7):73-77
[16]陈智俐.基于重路由匿名通信系统中侧面攻击模型的研究[J].科学技术与工程,2007,7(14):3541-3543
[17]吴艳辉,陈建二,王伟平.匿名通信系统中时间攻击模型研究[J].计算机工程与应用,2005,23:25-26
[18] Murdoch,S.J,Danezis,G.Low-cost traffic analysis of TOR[C],Washington:IEEE Computer Society ,2005:183-195
[19] Brian N.Levine,Michael K,Reiter.Timing Attacks in Low-Latency Mix Systems (Extended Abstract)[J],Berlin:Springer,2004,3110: 251-265
[20] Ryan Pries,Wei Yu,Xinwen Fu,Wei Zhao.A New Replay Attack Against Anonymous Communication Networks,IEEE International Conference on Communications,2008,5:1578-1582
[21] Lasse Overlier,Paul Syverson.Locating Hidden Servers,Proceedings of the 2006 IEEE Symposium on Security and Privacy,2006:100-114
[22] Murdoch,S.J.Hot or not:Revealing hidden services by their clock skew[C].In 13th ACM Conference on Computer and Communications Security(CCS 2006),2006: 27-36
[23] R Dingledine,N Mathewson,P Syverson.TOR:The second-Generation onion Router[C].Berkeley:USENIX, 2004:303–320
[24] Reed MG,Syverson PF.Anonymous Connections and Onion Routing[J].IEEE Journal on Selected Areas in Communication-Special Issue on Copyright and Privacy Protection,1998,16(4):482-494
[25]吴振强,杨波.洋葱路由包的封装技术研究[J].计算机工程与应用,2002,38(20): 150-153
[26] D Goldschlag,M Reed,P Syverson.Onion Routing for Anonymous and Private Internet Connections[J].Communications of the ACM,1999,42(2):39-41
[27] David R.On the Security of the Tor Authentication Protocol[C].In Proceedings of the 6th Workshop on Privacy Enhancing Technologies,2006,4258:316-331
[28] M.Wright,M.Adler,B.N.Levine,C.Shields.Defending anonymous communication against passive logging attacks[C].In IEEE Symposium on Security and Privacy, IEEE CS, 2003.5:28-41
[29] TOR Path Specification[EB/OL].http://tor.eff.org/cvs/doc/path-spec.txt,2008.11
[30] TOR Directory Protocol[EB/OL].http://tor.eff.org/cvs/doc/dir-spec.txt,2008.11
[31] TOR Protocol Specification[EB/OL].http://tor.eff.org/cvs/doc/tor-spec.txt,2008.11
[32] A.Acquisti,R.Dingledine,P.Syverson.On the economics of anonymity[J].Financial Cryptography.Springer-Verlag,2003,2742:439-443
[33] Freedom systems 2.1 security issues and analysis[EB/OL].http://www.cypher- space.org/adam/pubs/freedom-21.pdf,2008.10
[34] Berthold O,Federrath H,K?psell S.Web MIXes:a system for anonymous and unobservable Internet access[C].In:Federrath H, eds. Proceeding of Workshop onDesign Issues in Anonymity and Unobservability 2000.Heidelberg: Springer- Verlag,2000,2009:115-129
[35] D.McCoy,K.Bauer,D.Grunwald,P.Tavriz.Shining Light in Dark Places_A Study of Anonymous Network Usage[R].Technical Report CU-CS-1032-07,2007.8
[36] A.Serjantov,P.Sewell.Passive attack analysis for connection-based anonymity systems.In Computer Security–ESORICS 2003. Springer-Verlag,2003,2808: 172-180
[37] A.Back,U.Moller,A.Stiglic.Traffic analysis attacksand trade-offs in anonymity providing systems[C].Information Hiding (IH 2001),Springer-Verlag,2001,2137: 245-257
[38]杨元原,马文平,白晓峰.一种混合的TOR匿名通信系统[J].计算机应用研究, 2007,24(10):141-144
[39] Kevin Bauer,Damon McCoy Dirk Grunwald,et al.Low-Resource Routing Attacks Against TOR[C],WPES’07,2007:11-20
[40] Tor Node Status Information[EB/OL].https://torstat.xenobite.eu,2009.3
[41] Wang X,Chen S,Jajodia S.Tracking anonymous peer-to-peer voip calls on the internet[C].In Proceedings of the ACM Conference on Computer and Communi- cations Security,2005:81-91
[2]王继林,伍前红,陈德人等.匿名技术的研究进展[J].通信学报,2005,26(2): 112-118
[3]朱娜斐,陈松乔,眭鸿飞.匿名通信概览[J].计算机应用,2005,25(11): 2475-2479
[4] Paul F.Syverson,David M.Goldschlag,Michael G.Reed.Anonymous Connections and Onion Routing[C].In Proceedings of the 1997 IEEE Symposium on Security and Privacy(S&P'97),1997:44-54
[5] D.M.Goldschlag,M.G.Reed,P.F.Syverson.Hiding Routing Information[J].InR. Anderson(Ed.):First International Workshop of Information Hiding,1996, 1174:137-150
[6] Freedman MJ,Morris R.Tarzan A Peer-to-Peer Anonymizing Network Layer[A].Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), 2002:193-206
[7] Michael Reiter,Aviel Rubin.Crowds:Anonymity for Web Transactions[J].ACM Transactions on Information and System Security,1998,1(1):66-92
[8] Jean.F.Raymond.Traffic Analysis:Protocols,Attacks,Design Issues,and Open Problems,Anonymity[C],Proceedings of International Workshop on Design Issues in Anonymity and Unobservability,2001:10-29
[9] M.Wright,M.Adler,B.N.levine,C.Shields.Defending anonymous communication against passive logging attacks[C].IEEE Symposium on Security and Privacy,2003.5:24-81
[10]吴艳辉,郭华.重路由匿名通信系统抗攻击性分析[J].湖南理工学院学报(自然科学版),2006,19(1):59-61
[11]陈世卿,徐红云,张大方.基于过程的匿名通信系统攻击分类研究[J].计算机应用研究,2005,7:119-121
[12] John R.Douceur.The Sybil Attack[C].In Proceedings of the 1st International Peer To Peer Systems Workshop,2002.3:251-260
[13] Marcin G,Marek K,Miroslaw K.Local View Attack on Anonymous Communication[J],ESORICS 2005,2005,3679:455-478
[14]吴振强.匿名技术的抗攻击性研究[J].陕西师范大学学报,2004,32(1):29-32
[15]徐红云,江丽,彭曙光等.匿名系统中统计分析攻击及防御策略研究[J].湖南大学学报(自然科学版),2007,34(7):73-77
[16]陈智俐.基于重路由匿名通信系统中侧面攻击模型的研究[J].科学技术与工程,2007,7(14):3541-3543
[17]吴艳辉,陈建二,王伟平.匿名通信系统中时间攻击模型研究[J].计算机工程与应用,2005,23:25-26
[18] Murdoch,S.J,Danezis,G.Low-cost traffic analysis of TOR[C],Washington:IEEE Computer Society ,2005:183-195
[19] Brian N.Levine,Michael K,Reiter.Timing Attacks in Low-Latency Mix Systems (Extended Abstract)[J],Berlin:Springer,2004,3110: 251-265
[20] Ryan Pries,Wei Yu,Xinwen Fu,Wei Zhao.A New Replay Attack Against Anonymous Communication Networks,IEEE International Conference on Communications,2008,5:1578-1582
[21] Lasse Overlier,Paul Syverson.Locating Hidden Servers,Proceedings of the 2006 IEEE Symposium on Security and Privacy,2006:100-114
[22] Murdoch,S.J.Hot or not:Revealing hidden services by their clock skew[C].In 13th ACM Conference on Computer and Communications Security(CCS 2006),2006: 27-36
[23] R Dingledine,N Mathewson,P Syverson.TOR:The second-Generation onion Router[C].Berkeley:USENIX, 2004:303–320
[24] Reed MG,Syverson PF.Anonymous Connections and Onion Routing[J].IEEE Journal on Selected Areas in Communication-Special Issue on Copyright and Privacy Protection,1998,16(4):482-494
[25]吴振强,杨波.洋葱路由包的封装技术研究[J].计算机工程与应用,2002,38(20): 150-153
[26] D Goldschlag,M Reed,P Syverson.Onion Routing for Anonymous and Private Internet Connections[J].Communications of the ACM,1999,42(2):39-41
[27] David R.On the Security of the Tor Authentication Protocol[C].In Proceedings of the 6th Workshop on Privacy Enhancing Technologies,2006,4258:316-331
[28] M.Wright,M.Adler,B.N.Levine,C.Shields.Defending anonymous communication against passive logging attacks[C].In IEEE Symposium on Security and Privacy, IEEE CS, 2003.5:28-41
[29] TOR Path Specification[EB/OL].http://tor.eff.org/cvs/doc/path-spec.txt,2008.11
[30] TOR Directory Protocol[EB/OL].http://tor.eff.org/cvs/doc/dir-spec.txt,2008.11
[31] TOR Protocol Specification[EB/OL].http://tor.eff.org/cvs/doc/tor-spec.txt,2008.11
[32] A.Acquisti,R.Dingledine,P.Syverson.On the economics of anonymity[J].Financial Cryptography.Springer-Verlag,2003,2742:439-443
[33] Freedom systems 2.1 security issues and analysis[EB/OL].http://www.cypher- space.org/adam/pubs/freedom-21.pdf,2008.10
[34] Berthold O,Federrath H,K?psell S.Web MIXes:a system for anonymous and unobservable Internet access[C].In:Federrath H, eds. Proceeding of Workshop onDesign Issues in Anonymity and Unobservability 2000.Heidelberg: Springer- Verlag,2000,2009:115-129
[35] D.McCoy,K.Bauer,D.Grunwald,P.Tavriz.Shining Light in Dark Places_A Study of Anonymous Network Usage[R].Technical Report CU-CS-1032-07,2007.8
[36] A.Serjantov,P.Sewell.Passive attack analysis for connection-based anonymity systems.In Computer Security–ESORICS 2003. Springer-Verlag,2003,2808: 172-180
[37] A.Back,U.Moller,A.Stiglic.Traffic analysis attacksand trade-offs in anonymity providing systems[C].Information Hiding (IH 2001),Springer-Verlag,2001,2137: 245-257
[38]杨元原,马文平,白晓峰.一种混合的TOR匿名通信系统[J].计算机应用研究, 2007,24(10):141-144
[39] Kevin Bauer,Damon McCoy Dirk Grunwald,et al.Low-Resource Routing Attacks Against TOR[C],WPES’07,2007:11-20
[40] Tor Node Status Information[EB/OL].https://torstat.xenobite.eu,2009.3
[41] Wang X,Chen S,Jajodia S.Tracking anonymous peer-to-peer voip calls on the internet[C].In Proceedings of the ACM Conference on Computer and Communi- cations Security,2005:81-91