Article

Denial of service or denial of security?

Authors:

Nikita Borisov,

George Danezis,

Prateek Mittal, and

Parisa TabrizAuthors Info & Claims

CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

October 2007

Pages 92 - 102

https://doi.org/10.1145/1315245.1315258

Published: 28 October 2007 Publication History

Abstract

We consider the effect attackers who disrupt anonymous communications have on the security of traditional high- and low-latency anonymous communication systems, as well as on the Hydra-Onion and Cashmere systems that aim to offer reliable mixing, and Salsa, a peer-to-peer anonymous communication network. We show that denial of service (DoS) lowers anonymity as messages need to get retransmitted to be delivered, presenting more opportunities for attack. We uncover a fundamental limit on the security of mix networks, showing that they cannot tolerate a majority of nodes being malicious. Cashmere, Hydra-Onion, and Salsa security is also badly affected by DoS attackers. Our results are backed by probabilistic modeling and extensive simulations and are of direct applicability to deployed anonymity systems.

References

[1]

K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker. Low-resource routing attacks against Tor. In ACM Workshop on Privacy in Electronic Society, Alexandria, VA, Oct. 2007. ACM Press.

Digital Library

[2]

S. M. Bellovin and D. A. Wagner, editors. IEEE Symposium on Security and Privacy, Berkeley, CA, May 2003. IEEE Computer Society.

[3]

O. Berthold, A. Pfitzmann, and R. Standtke. The disadvantages of free MIX routes and how to overcome them. In Federrath {13}, pages 30--45.

Digital Library

[4]

D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84--90, February 1981.

Digital Library

[5]

D. Daly, D. D. Deavours, J. M. Doyle, P. G. Webster, and W. H. Sanders. Möbius: An extensible tool for performance and dependability modeling. In B. R. Haverkort, H. C. Bohnenkamp, and C. U. Smith, editors, Computer Performance Evaluation: Modelling Techniques and Tools, volume 1786 of Lecture Notes in Computer Science, pages 332--336, Schaumburg, IL, Mar. 2000. Springer.

Digital Library

[6]

G. Danezis, R. Dingledine, and N. Mathewson. Mixminion: Design of a Type III Anonymous Remailer Protocol. In Bellovin and Wagner {2}, pages 2--15.

Digital Library

[7]

R. Dingledine, M. J. Freedman, D. Hopwood, and D. Molnar. A reputation system to increase MIX-net reliability. In I. S. Moskowitz, editor, Information Hiding, volume 2137 of Lecture Notes in Computer Science, pages 126--141, Pittsburgh, PA, 2001. Springer Berlin/Heidelberg.

Digital Library

[8]

R. Dingledine and N. Mathewson. Anonymity loves company: Usability and the network effect. In R. Anderson, editor, Fifth Workshop on the Economics of Information Security (WEIS), Cambridge, UK, June 2006.

[9]

R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The Second-Generation Onion Router. In The 13th USENIX Security Symposium, pages 303--320, San Diego, CA, August 2004. USENIX Association.

Digital Library

[10]

R. Dingledine, V. Shmatikov, and P. F. Syverson. Synchronous batching: From cascades to free routes. In D. Martin and A. Serjantov, editors, 4th Privacy Enhancing Technologies Workshop (PET), volume 3424 of Lecture Notes in Computer Science, pages 186--206, Toronto, Canada, May 2004. Springer Berlin/Heidelberg.

[11]

R. Dingledine and P. F. Syverson. Reliable MIX cascade networks through reputation. In M. Blaze, editor, Financial Cryptography, volume 2357 of Lecture Notes in Computer Science, pages 253--268, Southampton, Bermuda, 2003. Springer Berlin/Heidelberg.

[12]

J. Douceur. The Sybil Attack. In P. Druschel, M. F. Kaashoek, and A. I. T. Rowstron, editors, International Workshop on Peer-to-Peer Systems (IPTPS), volume 2429 of Lecture Notes in Computer Science, pages 251--260, Cambridge, MA, Mar. 2002. Springer Berlin/Heidelberg.

Digital Library

[13]

H. Federrath, editor. Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, volume 2009 of Lecture Notes in Computer Science. Springer Berlin/Heidelberg, July 2000.

Digital Library

[14]

J. Furukawa and K. Sako. An efficient scheme for proving a shuffle. In J. Kilian, editor, Advances in Cryptology (CRYPTO), volume 2139 of Lecture Notes in Computer Science, pages 368--387, Santa Barbara, CA, USA, 19-23 August 2001. Springer Berlin/Heidelberg.

Digital Library

[15]

P. Golle and A. Juels. Parallel mixing. In ACM Conference on Computer and Communications Security, pages 220--226, Washington, DC, Oct. 2005. ACM Press.

Digital Library

[16]

M. Gomułkiewicz, M. Klonowski, and M. Kutyłowski. Provable unlinkability against traffic analysis already after O(log(n)) steps! In K. Zhang and Y. Zheng, editors, Information Security Conference, volume 3225 of Lecture Notes in Computer Science, pages 354--366, Palo Alto, CA, Sept. 2004. Springer Berlin/Heidelberg.

[17]

C. Gülcü and G. Tsudik. Mixing E-mail with Babel. In Network and Distributed Security Symposium (NDSS), pages 2--16, San Diego, CA, February 1996. Internet Society.

Digital Library

[18]

J. Iwanik, M. Klonowski, and M. Kutyłowski. DUO-Onions and Hydra-Onions. failure and adversary resistant onion protocols. In IFIP TC-6TC-11 Conference on Communications and Multimedia Security, pages 1--15, Windermere, United Kingdom, September 2004. Springer Boston.

[19]

M. Jakobsson, A. Juels, and R. L. Rivest. Making mix nets robust for electronic voting by randomized partial checking. In D. Boneh, editor, USENIX Security Symposium, pages 339--353, San Francisco, CA, Aug. 2002. USENIX Association.

Digital Library

[20]

U. Möller, L. Cottrell, P. Palfrader, and L. Sassaman. Mixmaster Protocol - Version 2. Draft, available at: http://www.abditum.com/mixmaster-spec.txt, July 2003.

[21]

A. Nambiar and M. Wright. Salsa: a structured approach to large-scale anonymity. In 13th ACM conference on Computer and Communications Security, pages 17--26, Alexandria, VA, Oct. 2006. ACM Press.

Digital Library

[22]

C. A. Neff. A verifiable secret shuffle and its application to e-voting. In P. Samarati, editor, 8th ACM conference on Computer and Communications Security, pages 116--125, Philadelphia, PA, Oct. 2001. ACM Press.

Digital Library

[23]

L. Øverlier and P. Syverson. Valet services: Improving hidden servers with a personal touch. In Sixth Workshop on Privacy Enhancing Technologies (PET), volume 4258 of Lecture Notes in Computer Science, pages 223--244, Cambridge, UK, June 2006. Springer Berlin/Heidelberg.

Digital Library

[24]

P. Palfrader. Number of Running Tor Routers. http://www.noreply.org/tor-running-routers/, 2007.

[25]

C. Park, K. Itoh, and K. Kurosawa. Efficient anonymous channel and all/nothing election scheme. In T. Helleseth, editor, Advances in Cryptology(EUROCRYPT), volume 765 of Lecture Notes in Computer Science, pages 248--259, Lofthus, Norway, 23-27 May 1993. Springer Berlin/Heidelberg.

Digital Library

[26]

A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In IFIP/ACM International Conference on Distributed Systems Platforms (Middleware), pages 329--350, Nov. 2001.

Digital Library

[27]

P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an analysis of onion routing security. In Federrath {13}, pages 96--114.

Digital Library

[28]

M. Wright, M. Adler, B. N. Levine, and C. Shields. An analysis of the degradation of anonymous protocols. In Network and Distributed Security Symposium (NDSS). Internet Society, February 2002.

[29]

M. Wright, M. Adler, B. N. Levine, and C. Shields. Defending anonymous communication against passive logging attacks. In Bellovin and Wagner {2}.

Digital Library

[30]

L. Zhuang, F. Zhou, B. Y. Zhao, and A. Rowstron. Cashmere: Resilient anonymous routing. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, May 2005.

Digital Library

Cited By

Zhang QTeng ZWang XGao YLiu QShi JChua TNgo CKa-Wei Lee RKumar RLauw H(2024)HSDirSniper: A New Attack Exploiting Vulnerabilities in Tor's Hidden Service DirectoriesProceedings of the ACM on Web Conference 202410.1145/3589334.3645591(1812-1823)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645591
Zohaib ASheffey JHoumansadr A(2023)Investigating Traffic Analysis Attacks on Apple iCloud Private RelayProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3595793(773-784)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3595793
Lin JYue YZhang YLiu XYang XGai WSun B(2023)Cell Manipulation Attack Against Onion Services2023 IEEE International Conference on High Performance Computing & Communications, Data Science & Systems, Smart City & Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys)10.1109/HPCC-DSS-SmartCity-DependSys60770.2023.00018(58-65)Online publication date: 17-Dec-2023
https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys60770.2023.00018
Show More Cited By

Index Terms

Denial of service or denial of security?
1. Computer systems organization
  1. Architectures
    1. Distributed architectures
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles

Recommendations

Mitigating denial of service attacks: a tutorial

This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
Read More
The Denial-of-Service Dance

By understanding the types of attacks available to an adversary, we can develop more effective defenses against them. A taxonomy of denial-of-service attacks based on a dance-hall metaphor is a step toward gaining such an understanding.

Read More
Denial of service attacks, defences and research challenges

This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

October 2007

628 pages

ISBN:9781595937032

DOI:10.1145/1315245

General Chair:
Peng Ning
NC State University, USA
,
Program Chairs:
Sabrina De Capitani di Vimercati
University of Milan, Italy
,
Paul Syverson
Naval Research Laboratory, USA

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS07

Sponsor:

CCS07: 14th ACM Conference on Computer and Communications Security 2007

November 2 - October 31, 2007

Virginia, Alexandria, USA

Acceptance Rates

CCS '07 Paper Acceptance Rate 55 of 302 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

99
Total Citations
View Citations
1,537
Total Downloads

Downloads (Last 12 months)55
Downloads (Last 6 weeks)8

Other Metrics

View Author Metrics

Citations

Cited By

Zhang QTeng ZWang XGao YLiu QShi JChua TNgo CKa-Wei Lee RKumar RLauw H(2024)HSDirSniper: A New Attack Exploiting Vulnerabilities in Tor's Hidden Service DirectoriesProceedings of the ACM on Web Conference 202410.1145/3589334.3645591(1812-1823)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645591
Zohaib ASheffey JHoumansadr A(2023)Investigating Traffic Analysis Attacks on Apple iCloud Private RelayProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3595793(773-784)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3595793
Lin JYue YZhang YLiu XYang XGai WSun B(2023)Cell Manipulation Attack Against Onion Services2023 IEEE International Conference on High Performance Computing & Communications, Data Science & Systems, Smart City & Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys)10.1109/HPCC-DSS-SmartCity-DependSys60770.2023.00018(58-65)Online publication date: 17-Dec-2023
https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys60770.2023.00018
Liu ZShen DBao JDong FYou J(2023)DeepMetricCorr: Fast flow correlation for data center networks with deep metric learningComputer Networks10.1016/j.comnet.2023.109904233(109904)Online publication date: Sep-2023
https://doi.org/10.1016/j.comnet.2023.109904
Ma XRochet FElahi T(2022)Stopping Silent Sneaks: Defending against Malicious Mixes with Topological EngineeringProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567996(132-145)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567996
Tan QWang XShi WTang JTian Z(2022)An Anonymity Vulnerability in TorIEEE/ACM Transactions on Networking10.1109/TNET.2022.317400330:6(2574-2587)Online publication date: Dec-2022
https://doi.org/10.1109/TNET.2022.3174003
Shen TJiang JJiang YChen XQi JZhao SZhang FLuo XCui H(2022)DAENet: Making Strong Anonymity Scale in a Fully Decentralized NetworkIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.305283119:4(2286-2303)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TDSC.2021.3052831
Oldenburg LAcar GDiaz C(2021)From “Onion Not Found” to Guard DiscoveryProceedings on Privacy Enhancing Technologies10.2478/popets-2022-00262022:1(522-543)Online publication date: 20-Nov-2021
https://doi.org/10.2478/popets-2022-0026
Kohlweiss MMadathil VNayak KScafuro A(2021)On the Anonymity Guarantees of Anonymous Proof-of-Stake Protocols2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00107(1818-1833)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00107
Schnitzler TPöpper CDürmuth MKohls K(2021)We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor2021 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP51992.2021.00030(319-336)Online publication date: Sep-2021
https://doi.org/10.1109/EuroSP51992.2021.00030
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents