ABSTRACT
Location-hidden services, as offered by anonymity systems such as Tor, allow servers to be operated under a pseudonym. As Tor is an overlay network, servers hosting hidden services are accessible both directly and over the anonymous channel. Traffic patterns through one channel have observable effects on the other, thus allowing a service's pseudonymous identity and IP address to be linked. One proposed solution to this vulnerability is for Tor nodes to provide fixed quality of service to each connection, regardless of other traffic, thus reducing capacity but resisting such interference attacks. However, even if each connection does not influence the others, total throughput would still affect the load on the CPU, and thus its heat output. Unfortunately for anonymity, the result of temperature on clock skew can be remotely detected through observing timestamps. This attack works because existing abstract models of anonymity-network nodes do not take into account the inevitable imperfections of the hardware they run on. Furthermore, we suggest the same technique could be exploited as a classical covert channel and can even provide geolocation.
References
- A. Acquisti, R. Dingledine, and P. F. Syverson. On the economics of anonymity. In R. N. Wright, editor, Financial Cryptography, volume 2742 of LNCS, pages 84--102. Springer-Verlag, 2003.]]Google Scholar
- J. Alves-Foss, C. Taylor, and P. Omanl. A multi-layered approach to security in high assurance systems. In Proceedings of the 37th Hawaii International Conference on System Sciences, Hawaii, January 2004. IEEE CS.]] Google ScholarDigital Library
- Anonymizer, Inc. http://www.anonymizer.com/.]]Google Scholar
- A. Back, I. Goldberg, and A. Shostack. Freedom Systems 2.1 security issues and analysis. White paper, Zero Knowledge Systems, Inc., May 2001.]]Google Scholar
- BBC News. US blogger fired by her airline, November 2004. http://news.bbc.co.uk/1/technology/3974081.stm.]]Google Scholar
- D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical Report 2547, Volume I, MITRE Corporation, March 1973.]]Google Scholar
- O. Berthold, H. Federrath, and S. Köpsell. Web MIXes: A system for anonymous and unobservable Internet access. In H. Federrath, editor, Designing Privacy Enhancing Technologies, volume 2009 of LNCS, pages 115--129. Springer-Verlag, July 2000.]] Google ScholarDigital Library
- P. Boucher, A. Shostack, and I. Goldberg. Freedom Systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc., December 2000.]]Google Scholar
- C-MAC MicroTechnology. HC49/4H SMX crystals datasheet, September 2004. http://www.cmac.com/mt/databook/crystals/smd/hc49_4h_smx.pdf.]]Google Scholar
- W. Dai. PipeNet 1.1, November 1998. http://www.eskimo.com/weidai/pipenet.txt.]]Google Scholar
- D. Dean and A. Stubblefield. Using client puzzles to protect TLS. In Proceedings of the 10th USENIX Security Symposium, Aug. 2001.]] Google ScholarDigital Library
- R. Dingledine and N. Mathewson. Tor protocol specification. Technical report, The Free Haven Project, October 2004. http://tor.eff.org/cvs/doc/tor-spec.txt.]]Google Scholar
- R. Dingledine and N. Mathewson. Tor path specification. Technical report, The Free Haven Project, April 2006. http://tor.eff.org/cvs/doc/path-spec.txt.]]Google Scholar
- R. Dingledine and N. Mathewson. Tor rendezvous specification. Technical report, The Free Haven Project, February 2006. http://tor.eff.org/cvs/doc/rend-spec.txt.]]Google Scholar
- R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 2004.]] Google ScholarDigital Library
- X. Fu, Y. Zhu, B. Graham, R. Bettati, and W. Zhao. On flow marking attacks in wireless anonymous communication networks. In Proceedings of the 25th IEEE International Conference on Distributed Computing Systems, pages 493--503, Columbus, Ohio, USA, June 2005. IEEE CS.]] Google ScholarDigital Library
- I. Goldberg. A Pseudonymous Communications Infrastructure for the Internet. PhD thesis, UC Berkeley, December 2000.]] Google ScholarDigital Library
- H. Grundy. Personal communication.]]Google Scholar
- W.-M. Hu. Reducing timing channels with fuzzy time. In 1991 IEEE Symposium on Security and Privacy, pages 8--20, Oakland, California, May 1991. IEEE CS.]]Google ScholarCross Ref
- W.-M. Hu. Lattice scheduling and covert channels. In 1992 IEEE Symposium on Security and Privacy, pages 52--61, Oakland, California, May 1992. IEEE CS.]] Google ScholarDigital Library
- V. Jacobson, R. Braden, and D. Borman. TCP extensions for high performance. RFC 1323, IETF, May 1992.]] Google ScholarDigital Library
- V. Jacobson, C. Leres, and S. McCanne. libpcap, March 2004. http://www.tcpdump.org/.]]Google Scholar
- P. A. Karger and J. C. Wray. Storage channels in disk arm optimization. In 1991 IEEE Symposium on Security and Privacy, pages 52--63, Oakland, California, May 1991. IEEE CS.]]Google ScholarCross Ref
- T. Kohno, A. Broido, and k. claffy. Remote physical device fingerprinting. In 2005 IEEE Symposium on Security and Privacy, pages 211--225, Oakland, California, May 2005. IEEE CS.]] Google ScholarDigital Library
- M. G. Kuhn. Personal communication.]]Google Scholar
- B. W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613--615, 1973.]] Google ScholarDigital Library
- M. Martinec. Temperature dependency of a quartz oscillator. http://www.ijs.si/time/#temp-dependency.]]Google Scholar
- D. L. Mills. Network time protocol (version 3) specification, implementation and analysis. RFC 1305, IETF, March 1992.]] Google ScholarDigital Library
- S. B. Moon, P. Skelly, and D. Towsley. Estimation and removal of clock skew from network delay measurements. Technical Report 98--43, Department of Computer Science University of Massachusetts at Amherst, October 1998.]] Google ScholarDigital Library
- I. S. Moskowitz, R. E. Newman, D. P. Crepeau, and A. R. Miller. Covert channels and anonymizing networks. In P. Samarati and P. F. Syverson, editors, Workshop on Privacy in the Electronic Society, pages 79--88, Washington, DC, USA, October 2003. ACM Press.]] Google ScholarDigital Library
- I. S. Moskowitz, R. E. Newman, and P. F. Syverson. Quasi-anonymous channels. In M. Hamza, editor, IASTED Communication, Network, and Information Security, pages 126--131, New York, USA, December 2003. ACTAPress.]]Google Scholar
- J. A. Muir and P. C. van Oorschot. Internet geolocation and evasion. Technical Report TR-06-05, Carleton University -- School of Computer Science, April 2006.]]Google Scholar
- S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE CS, May 2005.]] Google ScholarDigital Library
- S. J. Murdoch and S. Lewis. Embedding covert channels into TCP/IP. In M. Barni, J. Herrera-Joancomartí, S. Katzenbeisser, and F. Pérez-González, editors, Information Hiding: 7th International Workshop, volume 3727 of LNCS, pages 247--261, Barcelona, Catalonia (Spain), June 2005. Springer-Verlag.]] Google ScholarDigital Library
- R. M. Needham. Denial of service. In CCS '93: Proceedings of the 1st ACM conference on Computer and communications security, pages 151--153, New York, NY, USA, 1993. ACM Press.]] Google ScholarDigital Library
- R. M. Needham. Denial of service: an example. Commun. ACM, 37(11):42--46, 1994.]] Google ScholarDigital Library
- R. E. Newman, V. R. Nalla, and I. S. Moskowitz. Anonymity and covert channels in simple timed mix-firewalls. In Proceedings of Privacy Enhancing Technologies workshop (PET 2004), volume 3424 of LNCS. Springer-Verlag, May 2004.]]Google ScholarCross Ref
- L. Overlier and P. F. Syverson. Locating hidden servers. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, Oakland, CA, May 2006. IEEE CS.]] Google ScholarDigital Library
- A. Pfitzmann, B. Pfitzmann, and M. Waidner. ISDN-mixes: Untraceable communication with very small bandwidth overhead. In W. Effelsberg, H. W. Meuer, and G. Müller, editors, GI/ITG Conference on Communication in Distributed Systems, volume 267 of Informatik-Fachberichte, pages 451--463. Springer-Verlag, February 1991.]] Google ScholarDigital Library
- J. Postel. Internet control message protocol. RFC 792, IETF, September 1981.]] Google ScholarDigital Library
- R. Redelmeier. CPUBurn, June 2001. http://pages.sbcglobal.net/redelm/.]]Google Scholar
- M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 16(4):482--494, May 1998.]]Google ScholarDigital Library
- Reporters Without Borders. Blogger and documentary filmmaker held for the past month, March 2006. http://www.rsf.org/article.php3?id_article=16810.]]Google Scholar
- G. Uchenick. MILS middleware for secure distributed systems. RTC magazine, 15, June 2006 2006. http://www.rtcmagazine.com/home/article.php?id=100685.]]Google Scholar
Index Terms
Hot or not: Revealing hidden services by their clock skew
Comments