Detection and analysis of eavesdropping in anonymous communication networks

Sambuddho Chakravarty, Georgios Portokalidis, Michalis Polychronakis, Angelos D. Keromytis

Research output: Contribution to journalArticlepeer-review

15 Scopus citations

Abstract

Anonymous communication networks, like Tor, partially protect the confidentiality of user traffic by encrypting all communications within the overlay network. However, when the relayed traffic reaches the boundaries of the network, toward its destination, the original user traffic is inevitably exposed to the final node on the path. As a result, users transmitting sensitive data, like authentication credentials, over such networks, risk having their data intercepted and exposed, unless end-to-end encryption is used. Eavesdropping can be performed by malicious or compromised relay nodes, as well as any rogue network entity on the path toward the actual destination. Furthermore, end-to-end encryption does not assure defense against man-in-the-middle attacks. In this work, we explore the use of decoys at multiple levels for the detection of traffic interception by malicious nodes of proxy-based anonymous communication systems. Our approach relies on the injection of traffic that exposes bait credentials for decoy services requiring user authentication, and URLs to seemingly sensitive decoy documents which, when opened, invoke scripts alerting about being accessed. Our aim was to entice prospective eavesdroppers to access our decoy servers and decoy documents, using the snooped credentials and URLs. We have deployed our prototype implementation in the Tor network using decoy IMAP, SMTP, and HTTP servers. During the course of over 30 months, our system has detected 18 cases of traffic eavesdropping that involved 14 different Tor exit nodes.

Original languageEnglish
Pages (from-to)205-220
Number of pages16
JournalInternational Journal of Information Security
Volume14
Issue number3
DOIs
StatePublished - 1 Jun 2015

Keywords

  • Anonymity networks
  • Decoys
  • Eavesdropping
  • Proxies
  • Tor

Fingerprint

Dive into the research topics of 'Detection and analysis of eavesdropping in anonymous communication networks'. Together they form a unique fingerprint.

Cite this