Abstract
The second-generation onion router (Tor), as the most popular low-latency anonymous communication network on the Internet, is vulnerable to deanonymization attacks caused by traffic analysis.Evaluating the cost associated with acquiring user traffic is crucial to the measurement of the severity of this threat.Because of the direct correlation between Tor network entry nodes and user identities and the fact that these nodes can also be deployed by adversaries, Tor network entry nodes play a vital role in obtaining user traffic.When constructing communication circuits, Tor clients need to be compelled to select the entry nodes of adversaries, commonly referred to as guards.However, the existing approaches used to obtain user traffic by manipulating guard nodes often overlook cost-effectiveness, leading to cost evaluations that do not truthfully reflect the potential capabilities of adversaries.
To address the cost optimization issue of acquiring Tor user traffic, this study presents a novel model, i.e., the push and pull Tor users'guards through optimized resource portfolios (P-Group).The proposed method deploys controllable nodes to draw user traffic.Meanwhile, the proposed method expedites user traffic migration by utilizing general traffic to congest noncontrollable nodes that are currently used by users.This study unifies the resource measurements of both node deployment and bandwidth attacks and analyzes their correlation to enhance resource allocation efficiency.Through in-depth research into the traffic control and congestion mechanisms of the Tor protocol, P-Group employs queuing theory to quantify the reduction in the observed bandwidth of noncontrollable nodes.Moreover, the impact of attacking noncontrollable nodes with identical traffic can vary based on their bandwidth capacities.P-Group utilizes adapted flow deviation techniques to effectively coordinate the total amount of attack resources and target bandwidth capacity to optimize resource allocation.Considering the extensive operational scope and competitiveness of contemporary cloud service providers, this study assumes that the bandwidth requirements of adversaries are readily obtainable from various sources.By investigating standard hosting product prices across ten cloud service providers, including GoDaddy, the average cost of attack bandwidth is determined and integrated into the experimental assessment.
The analysis and simulation results show that P-Group improves the utility and security levels while achieving a more advantageous cost-effectiveness ratio.Solely focusing on deploying controllable nodes, once their total bandwidth reaches 2% of the entire Tor network capacity, the marginal gain from investing resources decreases significantly.The utility of resource distribution has been improved by 20.5% by the proposed method compared with that of an equal split strategy between node deployment and bandwidth attacking.Furthermore, in the context of bandwidth attacks, the likelihood of planted nodes being selected by Tor clients is 15% higher than those of six traditional traffic distribution methods.With the implementation of P-Group, the average duration of the migration of user traffic from noncontrollable nodes to adversary-controllable nodes is approximately 200h, incurring costs of several hundred dollars.
In summary, while challenges persist in cost management within the existing methods of acquiring Tor user traffic, optimization can mitigate these hurdles to attain practical and feasible goals, thereby elevating traffic analysis attacks to a substantial threat.