Compromising Anonymity Using
Packet Spinning
Vasilis Pappas, Elias Athanasopoulos,
So:ris Ioannidis and Evangelos P.
Markatos
ICS‐FORTH
Anonymizing Systems
• Many open systems for anonymous
communica:on
– Freenet, TOR, I2P etc
• One of the most successful is TOR
– Approximately 2500 online nodes
• Serving thousands of users
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
2
TOR in a nutshell
• Each node acts as a relayer
• Users create circuits over the relayers in order
to communicate anonymously
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
3
This paper
• A new aOack to compromise TOR’s anonymity
– The Packet Spinning aOack
• Based on:
– Ar:ficially created circular circuits
– Disabling crypto opera:ons on the malicious
relayers
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
4
Roadmap
• TOR Introduc:on
• The Packet Spinning AOack
• Experimental Evalua:on
• Countermeasures
• Conclusions
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
5
TOR Introduc:on
• TOR uses Onion Rou:ng
– Mul:ple layer packet encryp:on
• Three en::es
– Onion Routers (relayers)
– Directory Server
– Clients
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
6
TOR – Example of opera:on
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
7
OR1
Alice
OR2
OR3
OR5
OR4
Bob
First hop created
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
8
OR1
Alice
OR2
OR3
OR5
OR4
Bob
Create
Circuit is extended by one hop
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
9
OR1
Alice
OR2
OR3
OR5
OR4
Bob
Extend
Create
3‐Hop circuit established
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
10
OR1
Alice
OR2
OR3
OR5
OR4
Bob
Relay
Extend
Create
Alice begins a connec:on to Bob
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
11
OR1
Alice
OR2
OR3
OR5
OR4
Bob
Begin
Anonymous connec:on established
Packet Spinning ‐ Vasilis Pappas ‐ FORTH
12
OR1
Alice
OR2
OR3
OR5
OR4
Bob
Roadmap
• TOR Introduc:on
• The Packet Spinning A3ack
• Experimental Evalua:on
• Countermeasures
• Conclusions
Packet Spinning ‐ Vasilis Pappas