Changing of the guards

A framework for understanding and improving entry guard selection in Tor

Tariq Elahi, Kevin Bauer, Mashael Alsabah, Roger Dingledine, Ian Goldberg

Research output: Chapter in Book/Report/Conference proceedingConference contribution

28 Citations (Scopus)

Abstract

Tor is the most popular low-latency anonymity overlay network for the Internet, protecting the privacy of hundreds of thousands of people every day. To ensure a high level of security against certain attacks, Tor currently utilizes special nodes called entry guards as each client's long-term entry point into the anonymity network. While the use of entry guards provides clear and well-studied security benefits, it is unclear how well the current entry guard design achieves its security goals in practice. We design and implement Changing of the Guards (COGS), a simulation-based research framework to study Tor's entry guard design. Using COGS, we empirically demonstrate that natural, shortterm entry guard churn and explicit time-based entry guard rotation contribute to clients using more entry guards than they should, and thus increase the likelihood of profiling attacks. This churn significantly degrades Tor clients' anonymity. To understand the security and performance implications of current and alternative entry guard selection algorithms, we simulate tens of thousands of Tor clients using COGS based on Tor's entry guard selection and rotation algorithms, with real entry guard data collected over the course of eight months from the live Tor network.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Pages43-53
Number of pages11
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event2012 ACM Workshop on Privacy in the Electronic Society, WPES 2012 - Raleigh, NC
Duration: 15 Oct 201215 Oct 2012

Other

Other2012 ACM Workshop on Privacy in the Electronic Society, WPES 2012
CityRaleigh, NC
Period15/10/1215/10/12

Fingerprint

Overlay networks
Internet

Keywords

  • Entry guard
  • Predecessor attack
  • Quality of service
  • Tor

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Elahi, T., Bauer, K., Alsabah, M., Dingledine, R., & Goldberg, I. (2012). Changing of the guards: A framework for understanding and improving entry guard selection in Tor. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 43-53) https://doi.org/10.1145/2381966.2381973

Changing of the guards : A framework for understanding and improving entry guard selection in Tor. / Elahi, Tariq; Bauer, Kevin; Alsabah, Mashael; Dingledine, Roger; Goldberg, Ian.

Proceedings of the ACM Conference on Computer and Communications Security. 2012. p. 43-53.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Elahi, T, Bauer, K, Alsabah, M, Dingledine, R & Goldberg, I 2012, Changing of the guards: A framework for understanding and improving entry guard selection in Tor. in Proceedings of the ACM Conference on Computer and Communications Security. pp. 43-53, 2012 ACM Workshop on Privacy in the Electronic Society, WPES 2012, Raleigh, NC, 15/10/12. https://doi.org/10.1145/2381966.2381973
Elahi T, Bauer K, Alsabah M, Dingledine R, Goldberg I. Changing of the guards: A framework for understanding and improving entry guard selection in Tor. In Proceedings of the ACM Conference on Computer and Communications Security. 2012. p. 43-53 https://doi.org/10.1145/2381966.2381973
Elahi, Tariq ; Bauer, Kevin ; Alsabah, Mashael ; Dingledine, Roger ; Goldberg, Ian. / Changing of the guards : A framework for understanding and improving entry guard selection in Tor. Proceedings of the ACM Conference on Computer and Communications Security. 2012. pp. 43-53
@inproceedings{4a34fa9934f146d691ba1d92a11795bc,
title = "Changing of the guards: A framework for understanding and improving entry guard selection in Tor",
abstract = "Tor is the most popular low-latency anonymity overlay network for the Internet, protecting the privacy of hundreds of thousands of people every day. To ensure a high level of security against certain attacks, Tor currently utilizes special nodes called entry guards as each client's long-term entry point into the anonymity network. While the use of entry guards provides clear and well-studied security benefits, it is unclear how well the current entry guard design achieves its security goals in practice. We design and implement Changing of the Guards (COGS), a simulation-based research framework to study Tor's entry guard design. Using COGS, we empirically demonstrate that natural, shortterm entry guard churn and explicit time-based entry guard rotation contribute to clients using more entry guards than they should, and thus increase the likelihood of profiling attacks. This churn significantly degrades Tor clients' anonymity. To understand the security and performance implications of current and alternative entry guard selection algorithms, we simulate tens of thousands of Tor clients using COGS based on Tor's entry guard selection and rotation algorithms, with real entry guard data collected over the course of eight months from the live Tor network.",
keywords = "Entry guard, Predecessor attack, Quality of service, Tor",
author = "Tariq Elahi and Kevin Bauer and Mashael Alsabah and Roger Dingledine and Ian Goldberg",
year = "2012",
doi = "10.1145/2381966.2381973",
language = "English",
isbn = "9781450316637",
pages = "43--53",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - Changing of the guards

T2 - A framework for understanding and improving entry guard selection in Tor

AU - Elahi, Tariq

AU - Bauer, Kevin

AU - Alsabah, Mashael

AU - Dingledine, Roger

AU - Goldberg, Ian

PY - 2012

Y1 - 2012

N2 - Tor is the most popular low-latency anonymity overlay network for the Internet, protecting the privacy of hundreds of thousands of people every day. To ensure a high level of security against certain attacks, Tor currently utilizes special nodes called entry guards as each client's long-term entry point into the anonymity network. While the use of entry guards provides clear and well-studied security benefits, it is unclear how well the current entry guard design achieves its security goals in practice. We design and implement Changing of the Guards (COGS), a simulation-based research framework to study Tor's entry guard design. Using COGS, we empirically demonstrate that natural, shortterm entry guard churn and explicit time-based entry guard rotation contribute to clients using more entry guards than they should, and thus increase the likelihood of profiling attacks. This churn significantly degrades Tor clients' anonymity. To understand the security and performance implications of current and alternative entry guard selection algorithms, we simulate tens of thousands of Tor clients using COGS based on Tor's entry guard selection and rotation algorithms, with real entry guard data collected over the course of eight months from the live Tor network.

AB - Tor is the most popular low-latency anonymity overlay network for the Internet, protecting the privacy of hundreds of thousands of people every day. To ensure a high level of security against certain attacks, Tor currently utilizes special nodes called entry guards as each client's long-term entry point into the anonymity network. While the use of entry guards provides clear and well-studied security benefits, it is unclear how well the current entry guard design achieves its security goals in practice. We design and implement Changing of the Guards (COGS), a simulation-based research framework to study Tor's entry guard design. Using COGS, we empirically demonstrate that natural, shortterm entry guard churn and explicit time-based entry guard rotation contribute to clients using more entry guards than they should, and thus increase the likelihood of profiling attacks. This churn significantly degrades Tor clients' anonymity. To understand the security and performance implications of current and alternative entry guard selection algorithms, we simulate tens of thousands of Tor clients using COGS based on Tor's entry guard selection and rotation algorithms, with real entry guard data collected over the course of eight months from the live Tor network.

KW - Entry guard

KW - Predecessor attack

KW - Quality of service

KW - Tor

UR - http://www.scopus.com/inward/record.url?scp=84869175529&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869175529&partnerID=8YFLogxK

U2 - 10.1145/2381966.2381973

DO - 10.1145/2381966.2381973

M3 - Conference contribution

SN - 9781450316637

SP - 43

EP - 53

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -