Research identifies methods to protect against online privacy attacks

June 2, 2017 by Josephine Wolff, Princeton University
A team of Princeton researchers has developed a method to detect and defend against attacks on the Tor system, which provides anonymity to internet users. Team members include, from left, Prateek Mittal, an assistant professor of electrical engineering; Anne Edmundson, a graduate student in computer science; Mung Chiang, the Arthur LeGrand Doty Professor of Electrical Engineering; Nick Feamster, a professor of computer science and deputy director of the Center for Information Technology Policy; and Yixin Sun, a graduate student in computer science. Credit: Sameer A. Khan/Fotobuddy

When Congress voted in March to reverse rules intended to protect Internet users' privacy, many people began looking for ways to keep their online activity private. One of the most popular and effective is Tor, a software system millions of people use to protect their anonymity online.

But even Tor has weaknesses, and in a new paper, researchers at Princeton University recommend steps to combat certain types of Tor's vulnerabilities.

Tor was designed in the early 2000s to make it more difficult to trace what people are doing online by routing their through a series of "proxy" servers before it reaches its final destination. This makes it difficult to track Tor users because their connections to a particular server first pass through intermediate Tor servers called relays. But while Tor can be a powerful tool to help protect users' privacy and anonymity online, it is not perfect.

In earlier work, a research group led by Prateek Mittal, an assistant professor of electrical engineering, identified different ways that the Tor network can be compromised, as well as ways to make Tor more resilient to those types of . Many of their latest findings on how to mitigate Tor vulnerabilities are detailed in a paper titled "Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks," presented at the IEEE Symposium on Security and Privacy in San Jose, California, in May.

The paper is written by Mittal, Ph.D. students Yixin Sun and Anne Edmundson, and Nick Feamster, professor of computer science, and Mung Chiang, the Arthur LeGrand Doty Professor of Electrical Engineering. Support for the project was provided in part by the National Science Foundation, the Open Technology Fund and the U.S. Defense Department.

The research builds on earlier work done by some of the authors identifying a method of attacking Tor called "RAPTOR" (short for Routing Attacks on Privacy in TOR). In that work, Mittal and his collaborators demonstrated methods under which adversaries could use attacks at the network level to identify Tor users.

"As the internet gets bigger and more dynamic, more organizations have the ability to observe users' traffic,′ said Sun, a graduate student in computer science. "We wanted to understand possible ways that these organizations could identify users and to provide Tor with ways to defend itself against these attacks as a way to help preserve online privacy."

Mittal said the vulnerability emerges from the fact that there are big companies that control large parts of the internet and forward traffic through their systems. "The idea was, if there's a network like AT&T or Verizon that can see user traffic coming into and coming out of the Tor network, then they can do statistical analysis on whose traffic it is," Mittal explained. "We started to think about the potential threats that were posed by these entities and the new attacks—the RAPTOR attacks—that these entities could use to gain visibility into Tor."

Even though a Tor user's traffic is routed through proxy servers, every user's traffic patterns are distinctive, in terms of the size and sequence of data packets they're sending online. So if an sees similar-looking traffic streams enter the Tor network and leaving the Tor network after being routed through proxy servers, the provider may be able to piece together the user's identity. And internet service providers are often able to manipulate how traffic on the internet is routed, so they can observe particular streams of traffic, making Tor more vulnerable to this kind of attack.

These types of attacks are important because there is a lot of interest in being able to break the anonymity Tor provides. "There is a slide from an NSA (the U.S. National Security Agency) presentation that Edward Snowden leaked that outlines their attempts at breaking the privacy of the Tor network," Mittal pointed out. "The NSA wasn't successful, but it shows that they tried. And that was the starting point for this project because when we looked at those documents we thought, with these types of capabilities, surely they can do better."

In their latest paper, the researchers recommend steps that Tor can take to better protect its users from RAPTOR-type attacks. First, they provide a way to measure internet service providers' susceptibility to these attacks. (This depends on the structure of the providers' networks.) The researchers then use those measurements to develop an algorithm that selects how a Tor user's traffic will be routed through proxy servers depending on the servers' vulnerability to attack. Currently, Tor proxy servers are randomly selected, though some attention is given to making sure that no servers are overloaded with traffic. In their paper, the researchers propose a way to select Tor proxy servers that takes into consideration vulnerability to outside attack. When the researchers implemented this algorithm, they found that it reduced the risk of a successful network-level attack by 36 percent.

The researchers also built a network-monitoring system to check network traffic to uncover manipulation that could indicate attacks on Tor. When they simulated such attacks themselves, the researchers found that their system was able to identify the attacks with very low false positive rates.

Roger Dingledine, president and research director of the Tor Project, expressed interest in implementing the network monitoring approach for Tor. "We could use that right now," he said, adding that implementing the proposed changes to how are selected might be more complicated.

"Research along these lines is extremely valuable for making sure Tor can keep real users safe," Dingledine said. "Our best chance at keeping Tor safe is for researchers and developers all around the world to team up and all work in the open to build on each other's progress."

Mittal and his collaborators also hope that their findings about potential vulnerabilities will ultimately serve to strengthen Tor's security.

"Tor is amongst the best tools for anonymous communications," Mittal said. "Making Tor more robust directly serves to strengthen individual liberty and freedom of expression in online communications."

Explore further: No perfect way to protect privacy

More information: Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks: www.princeton.edu/~pmittal/pub … /counter-raptor-sp17

Related Stories

No perfect way to protect privacy

April 9, 2017

Now that Congress has given internet service providers the green light to keep tabs on your online activities and do as they wish with that information, you might be wondering what you can do about it.

Answers to your questions about massive cyberattack

March 29, 2013

Here are some answers to questions about perhaps the biggest cyberattack ever, which recently targeted Spamhaus, an anti-spam group based in Geneva and London. It ended up slowing down or blocking access to numerous Internet ...

Recommended for you

Permanent, wireless self-charging system using NIR band

October 8, 2018

As wearable devices are emerging, there are numerous studies on wireless charging systems. Here, a KAIST research team has developed a permanent, wireless self-charging platform for low-power wearable electronics by converting ...

Facebook launches AI video-calling device 'Portal'

October 8, 2018

Facebook on Monday launched a range of AI-powered video-calling devices, a strategic revolution for the social network giant which is aiming for a slice of the smart speaker market that is currently dominated by Amazon and ...

Artificial enzymes convert solar energy into hydrogen gas

October 4, 2018

In a new scientific article, researchers at Uppsala University describe how, using a completely new method, they have synthesised an artificial enzyme that functions in the metabolism of living cells. These enzymes can utilize ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.