8–9 Mar 2018
Centro de Convenciones de Puerto Rico
America/Puerto_Rico timezone

The Effect of DNS on Tor’s Anonymity

9 Mar 2018, 15:30
30m
209-BC (Centro de Convenciones de Puerto Rico)

209-BC

Centro de Convenciones de Puerto Rico

100 Calle Guamaní San Juan 00907 Puerto Rico
Standard Presentation Public Workshop Public Workshop

Speaker

Laura Roberts (Princeton University)

Description

Previous attacks that link the sender and receiver of traffic in the Tor network ("correlation attacks") have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by DNS requests and responses. This additional traffic presents more opportunities for correlation attacks. Our work quantifies how DNS traffic can make Tor users more vulnerable to correlation attacks. We investigate how incorporating DNS traffic can make existing correlation attacks more powerful and how DNS lookups can leak information to third parties about anonymous communication. We (i) develop a method to identify the DNS resolvers of Tor exit relays; (ii) develop a new set of correlation attacks (DefecTor attacks) that incorporate DNS traffic to improve precision; (iii) analyze the Internet-scale effects of these new attacks on Tor users; and (iv) develop improved methods to evaluate correlation attacks. First, we find that there exist adversaries that can mount DefecTor attacks: for example, Google's DNS resolver observes almost 40% of all DNS requests exiting the Tor network. We also find that DNS requests often traverse ASes that the corresponding TCP connections do not transit, enabling additional ASes to gain information about Tor users' traffic. We then show that an adversary that can mount a DefecTor attack can often determine the website that a Tor user is visiting with perfect precision, particularly for less popular websites where the set of DNS names associated with that website may be unique to the site. We also use the Tor Path Simulator (TorPS) in combination with traceroute data from vantage points co-located with Tor exit relays to estimate the power of AS-level adversaries that might mount DefecTor attacks in practice.

Summary

Previous attacks that link the sender and receiver of traffic in the Tor network (“correlation attacks”) have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by DNS requests. We quantify how DNS traffic can make Tor users more vulnerable to correlation attacks.

Talk Duration 30 Minutes

Primary authors

Benjamin Greschbach (KTH Royal Institute of Technology) Laura Roberts (Princeton University) Philipp Winter (Princeton University) Tobias Pulls (Karlstad University)

Co-author

Nick Feamster (Princeton University)

Presentation materials