Enhancing Anonymity Systems under Network and User Dynamics

Abstract

Privacy on the Internet is eroding rapidly. Anonymity systems have been designed to protect the identity and privacy of users from untrusted destinations and third parties on the Internet. However, many prior works on anonymity systems assume that important system components, such as network routing and user location, are static. In practice, these components are highly dynamic, leading to new vulnerabilities that can compromise user anonymity. In this dissertation, we exploit dynamics in anonymity systems across two different layers: network dynamics (i.e., changes in routing) at the network layer and user dynamics (i.e., changes in user location) at the application layer.

First, we present RAPTOR attacks that exploit the dynamics in Internet routing to compromise user anonymity in the Tor network. The attacks enable adversaries to observe more user traffic and deanonymize them more effectively than previously thought. We successfully demonstrate the attacks by performing them on the live Tor network, ethically.

Second, we build proactive and reactive defenses to protect Tor users from RAPTOR attacks: (1) a novel Tor relay selection algorithm that proactively reduces the probability of Tor users being affected by an attack, and (2) a monitoring system with novel detection analytics that detect routing anomaly for Tor relays in real time.

Finally, we present attacks that exploit user mobility to compromise user anonymity across a wide range of anonymity systems. While prior works assume that user locations are fixed when accessing anonymity systems, we demonstrate that users can be highly mobile and subsequently expose themselves to adversaries as they visit more locations.

In summary, we demonstrate the dangers of abstracting dynamics in Internet routing and user location from the analysis of anonymity systems, and take the step to design anonymity systems with these important system components in mind.