The Wayback Machine - https://web.archive.org/web/20200427035537/https://dl.acm.org/doi/10.1145/1180405.1180410
ACM Digital Library Logo
ACM Logo
Advanced Search
10.1145/1180405.1180410acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedings
ARTICLE
Free Access

Hot or not: Revealing hidden services by their clock skew

Publication: CCS '06: Proceedings of the 13th ACM conference on Computer and communications securityOctober 2006 Pages 27–36https://doi.org/10.1145/1180405.1180410
  • 139citation
  • 1,017
    • Downloads
Metrics
Total Citations139
Total Downloads1,017
Last 12 Months82
Last 6 weeks25

ABSTRACT

Location-hidden services, as offered by anonymity systems such as Tor, allow servers to be operated under a pseudonym. As Tor is an overlay network, servers hosting hidden services are accessible both directly and over the anonymous channel. Traffic patterns through one channel have observable effects on the other, thus allowing a service's pseudonymous identity and IP address to be linked. One proposed solution to this vulnerability is for Tor nodes to provide fixed quality of service to each connection, regardless of other traffic, thus reducing capacity but resisting such interference attacks. However, even if each connection does not influence the others, total throughput would still affect the load on the CPU, and thus its heat output. Unfortunately for anonymity, the result of temperature on clock skew can be remotely detected through observing timestamps. This attack works because existing abstract models of anonymity-network nodes do not take into account the inevitable imperfections of the hardware they run on. Furthermore, we suggest the same technique could be exploited as a classical covert channel and can even provide geolocation.

References

  1. A. Acquisti, R. Dingledine, and P. F. Syverson. On the economics of anonymity. In R. N. Wright, editor, Financial Cryptography, volume 2742 of LNCS, pages 84--102. Springer-Verlag, 2003.]]Google ScholarGoogle Scholar
  2. J. Alves-Foss, C. Taylor, and P. Omanl. A multi-layered approach to security in high assurance systems. In Proceedings of the 37th Hawaii International Conference on System Sciences, Hawaii, January 2004. IEEE CS.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Anonymizer, Inc. http://www.anonymizer.com/.]]Google ScholarGoogle Scholar
  4. A. Back, I. Goldberg, and A. Shostack. Freedom Systems 2.1 security issues and analysis. White paper, Zero Knowledge Systems, Inc., May 2001.]]Google ScholarGoogle Scholar
  5. BBC News. US blogger fired by her airline, November 2004. http://news.bbc.co.uk/1/technology/3974081.stm.]]Google ScholarGoogle Scholar
  6. D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical Report 2547, Volume I, MITRE Corporation, March 1973.]]Google ScholarGoogle Scholar
  7. O. Berthold, H. Federrath, and S. Köpsell. Web MIXes: A system for anonymous and unobservable Internet access. In H. Federrath, editor, Designing Privacy Enhancing Technologies, volume 2009 of LNCS, pages 115--129. Springer-Verlag, July 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. P. Boucher, A. Shostack, and I. Goldberg. Freedom Systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc., December 2000.]]Google ScholarGoogle Scholar
  9. C-MAC MicroTechnology. HC49/4H SMX crystals datasheet, September 2004. http://www.cmac.com/mt/databook/crystals/smd/hc49_4h_smx.pdf.]]Google ScholarGoogle Scholar
  10. W. Dai. PipeNet 1.1, November 1998. http://www.eskimo.com/weidai/pipenet.txt.]]Google ScholarGoogle Scholar
  11. D. Dean and A. Stubblefield. Using client puzzles to protect TLS. In Proceedings of the 10th USENIX Security Symposium, Aug. 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. R. Dingledine and N. Mathewson. Tor protocol specification. Technical report, The Free Haven Project, October 2004. http://tor.eff.org/cvs/doc/tor-spec.txt.]]Google ScholarGoogle Scholar
  13. R. Dingledine and N. Mathewson. Tor path specification. Technical report, The Free Haven Project, April 2006. http://tor.eff.org/cvs/doc/path-spec.txt.]]Google ScholarGoogle Scholar
  14. R. Dingledine and N. Mathewson. Tor rendezvous specification. Technical report, The Free Haven Project, February 2006. http://tor.eff.org/cvs/doc/rend-spec.txt.]]Google ScholarGoogle Scholar
  15. R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. X. Fu, Y. Zhu, B. Graham, R. Bettati, and W. Zhao. On flow marking attacks in wireless anonymous communication networks. In Proceedings of the 25th IEEE International Conference on Distributed Computing Systems, pages 493--503, Columbus, Ohio, USA, June 2005. IEEE CS.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. I. Goldberg. A Pseudonymous Communications Infrastructure for the Internet. PhD thesis, UC Berkeley, December 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. H. Grundy. Personal communication.]]Google ScholarGoogle Scholar
  19. W.-M. Hu. Reducing timing channels with fuzzy time. In 1991 IEEE Symposium on Security and Privacy, pages 8--20, Oakland, California, May 1991. IEEE CS.]]Google ScholarGoogle ScholarCross RefCross Ref
  20. W.-M. Hu. Lattice scheduling and covert channels. In 1992 IEEE Symposium on Security and Privacy, pages 52--61, Oakland, California, May 1992. IEEE CS.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. V. Jacobson, R. Braden, and D. Borman. TCP extensions for high performance. RFC 1323, IETF, May 1992.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. V. Jacobson, C. Leres, and S. McCanne. libpcap, March 2004. http://www.tcpdump.org/.]]Google ScholarGoogle Scholar
  23. P. A. Karger and J. C. Wray. Storage channels in disk arm optimization. In 1991 IEEE Symposium on Security and Privacy, pages 52--63, Oakland, California, May 1991. IEEE CS.]]Google ScholarGoogle ScholarCross RefCross Ref
  24. T. Kohno, A. Broido, and k. claffy. Remote physical device fingerprinting. In 2005 IEEE Symposium on Security and Privacy, pages 211--225, Oakland, California, May 2005. IEEE CS.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. G. Kuhn. Personal communication.]]Google ScholarGoogle Scholar
  26. B. W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613--615, 1973.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. M. Martinec. Temperature dependency of a quartz oscillator. http://www.ijs.si/time/#temp-dependency.]]Google ScholarGoogle Scholar
  28. D. L. Mills. Network time protocol (version 3) specification, implementation and analysis. RFC 1305, IETF, March 1992.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. B. Moon, P. Skelly, and D. Towsley. Estimation and removal of clock skew from network delay measurements. Technical Report 98--43, Department of Computer Science University of Massachusetts at Amherst, October 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. I. S. Moskowitz, R. E. Newman, D. P. Crepeau, and A. R. Miller. Covert channels and anonymizing networks. In P. Samarati and P. F. Syverson, editors, Workshop on Privacy in the Electronic Society, pages 79--88, Washington, DC, USA, October 2003. ACM Press.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. I. S. Moskowitz, R. E. Newman, and P. F. Syverson. Quasi-anonymous channels. In M. Hamza, editor, IASTED Communication, Network, and Information Security, pages 126--131, New York, USA, December 2003. ACTAPress.]]Google ScholarGoogle Scholar
  32. J. A. Muir and P. C. van Oorschot. Internet geolocation and evasion. Technical Report TR-06-05, Carleton University -- School of Computer Science, April 2006.]]Google ScholarGoogle Scholar
  33. S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE CS, May 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. S. J. Murdoch and S. Lewis. Embedding covert channels into TCP/IP. In M. Barni, J. Herrera-Joancomartí, S. Katzenbeisser, and F. Pérez-González, editors, Information Hiding: 7th International Workshop, volume 3727 of LNCS, pages 247--261, Barcelona, Catalonia (Spain), June 2005. Springer-Verlag.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. R. M. Needham. Denial of service. In CCS '93: Proceedings of the 1st ACM conference on Computer and communications security, pages 151--153, New York, NY, USA, 1993. ACM Press.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. R. M. Needham. Denial of service: an example. Commun. ACM, 37(11):42--46, 1994.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. R. E. Newman, V. R. Nalla, and I. S. Moskowitz. Anonymity and covert channels in simple timed mix-firewalls. In Proceedings of Privacy Enhancing Technologies workshop (PET 2004), volume 3424 of LNCS. Springer-Verlag, May 2004.]]Google ScholarGoogle ScholarCross RefCross Ref
  38. L. Overlier and P. F. Syverson. Locating hidden servers. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, Oakland, CA, May 2006. IEEE CS.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. A. Pfitzmann, B. Pfitzmann, and M. Waidner. ISDN-mixes: Untraceable communication with very small bandwidth overhead. In W. Effelsberg, H. W. Meuer, and G. Müller, editors, GI/ITG Conference on Communication in Distributed Systems, volume 267 of Informatik-Fachberichte, pages 451--463. Springer-Verlag, February 1991.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. J. Postel. Internet control message protocol. RFC 792, IETF, September 1981.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. R. Redelmeier. CPUBurn, June 2001. http://pages.sbcglobal.net/redelm/.]]Google ScholarGoogle Scholar
  42. M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 16(4):482--494, May 1998.]]Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Reporters Without Borders. Blogger and documentary filmmaker held for the past month, March 2006. http://www.rsf.org/article.php3?id_article=16810.]]Google ScholarGoogle Scholar
  44. G. Uchenick. MILS middleware for secure distributed systems. RTC magazine, 15, June 2006 2006. http://www.rtcmagazine.com/home/article.php?id=100685.]]Google ScholarGoogle Scholar

Index Terms

  1. Hot or not: Revealing hidden services by their clock skew

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              Get this Publication

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              View Table of Contents
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!

              To help support our community working remotely during COVID-19, we are making all work published by ACM in our Digital Library freely accessible through June 30, 2020. Learn more