Use the red “Join on YouTube” button above to join the livestream. If you cannot see this button, make sure you are logged in (see the upper-right corner of your screen).
Session Chair: Wouter Lueks
- Privacy Preserving Detection of Path Bias Attacks in Tor
- T0RTT: Non-Interactive Immediate Forward-Secure Single-Pass Circuit Construction
- The Road Not Taken : Re-thinking The Feasibility of Voice Calling Over Tor
- Scaling Up Anonymous Communication with Efficient Nanopayment Channels
Lauren Watson (University of Edinburgh), Anupam Mediratta (University of Edinburgh), Tariq Elahi (University of Edinburgh), and Rik Sarkar (University of Edinburgh)
Summary: Anonymous communication networks like Tor are vulnerable to attackers that control entry and exit nodes. Such attackers can compromise the essential anonymity and privacy properties of the network. In this paper, we consider the path bias attack-- where the attacker induces a client to use compromised nodes and thus links the client to their destination. We describe an efficient scheme that detects such attacks in Tor by collecting routing telemetry data from nodes in the network. The data collection is differentially private and thus does not reveal behaviour of individual users even to nodes within the network.
We show provable bounds for the sample complexity of the scheme and describe methods to make it resilient to introduction of false data by the attacker to subvert the detection process. Simulations based on real configurations of the Tor network show that the method works accurately in practice.
Sebastian Lauer (Ruhr University Bochum), Kai Gellert (Paderborn University), Robert Merget (Ruhr University Bochum), Tobias Handirk (Paderborn University), and Jörg Schwenk (Ruhr University Bochum)
Summary: Maintaining privacy on the Internet with the presence of powerful adversaries such as nation-state attackers is a challenging topic, and the Tor project is currently the most important tool to protect against this threat. The circuit construction protocol (CCP) negotiates cryptographic keys for Tor circuits, which overlay TCP/IP by routing Tor cells over n onion routers. The current circuit construction protocol provides strong security guarantees such as forward secrecy by exchanging O(n^2) messages. For several years it has been an open question if the same strong security guarantees could be achieved with less message overhead, which is desirable because of the inherent latency in overlay networks. Several publications described CCPs which require only O(n) message exchanges, but significantly reduce the security of the resulting Tor circuit. It was even conjectured that it is impossible to achieve both message complexity O(n) and forward secrecy immediately after circuit construction (so-called immediate forward secrecy). Inspired by the latest advancements in zero round-trip time key exchange (0-RTT), we present a new CCP protocol Tor 0-RTT (T0RTT). Using modern cryptographic primitives such as puncturable encryption allow to achieve immediate forward secrecy using only O(n) messages. We implemented these new primitives to give a first indication of possible problems and how to overcome them in order to build practical CCPs with O(n) messages and immediate forward secrecy in the future.
Piyush Sharma (IIIT Delhi), Shashwat Chaudhary (IIIT Delhi), Nikhil Hassija (IIIT Delhi), Mukulika Maity (IIIT Delhi), and Sambuddho Chakravarty (IIIT Delhi)
Summary: Anonymous VoIP calls over the Internet holds great significance for privacy-conscious users, whistle-blowers and political activists alike. Prior research deems popular anonymization systems like Tor unsuitable for providing the requisite performance guarantees that real-time applications like VoIP need. Moreover, conclusions from these studies led researchers to propose novel and tailored solutions. However, no such system is available for immediate use. It thus becomes an imperative that the exact performance of VoIP over Tor be quantified and analyzed, so that the potential performance bottlenecks can be amended. We thus conducted an extensive empirical study to shed light on VoIP performance over Tor. In >0.5 million calls spanning 12 months, across seven countries and covering about 6650 Tor relays, we observed that Tor supports good voice quality. Further analysis indicates that in general for most Tor relays, the contentions due to cross-traffic were low enough to support VoIP calls, that are anyways transmitted at low rates (<120 Kbps).
Florentin Rochet (Uclouvain Crypto Group), Thien-Nam Dinh (Sandia), Olivier Pereira (Uclouvain Crypto Group), and Dan Wallach (Rice University)
Summary: Tor, the most widely used and well-studied traffic anonymization network in the world, suffers from limitations in its network diversity and performance. We propose to mitigate both problems simultaneously through the introduction of a premium bandwidth mar-ket between clients and relays. To this end, we present moneTor: incentivizing nodes to join and support Tor by giving them anonymous payments from Tor users. Our approach uses efficient cryptographic nanopayments de-livered alongside regular Tor traffic. Our approach also gives a degree of centralized control, allowing Tor’s managers to shape the economy created by these payments. In this paper, we present a novel payment algorithm as well as a data-driven simulation and evaluation of its costs and benefits. The results show that moneTor is both feasible and flexible, offering upwards of 100% improvements in differentiated bandwidth for paying users with near optimal throughput and latency overheads.