Abstract—Tor is a distributed onion-routing network used
for achieving anonymity and resisting censorship online. Because
of Tor’s growing popularity, it is attracting increasingly larger
threats against which it was not securely designed. In this paper,
we present the Sniper Attack, an extremely low cost but highly
destructive denial of service attack against Tor that an adversary
may use to anonymously disable arbitrary Tor relays. The attack
utilizes valid protocol messages to boundlessly consume memory
by exploiting Tor’s end-to-end reliable data transport. We design
and evaluate a prototype of the attack to show its feasibility and
efficiency: our experiments show that an adversary may consume
a victim relay’s memory by as much as 2187 KiB/s while using
at most only 92 KiB/s of upstream bandwidth. We extend our
experimental results to estimate the threat against the live Tor
network and find that a strategic adversary could disable all of
the top 20 exit relays in only 29 minutes, thereby reducing Tor’s
bandwidth capacity by 35 percent. We also show how the attack
enables the deanonymization of hidden services through selective
denial of service by forcing them to choose guard nodes in control
of the adversary. Finally, we discuss defenses against the Sniper
Attack that provably render the attack ineffective, and suggest
defenses against deanonymization by denial-of-service attacks in
general that significantly mitigate the threat.
read more..........http://www.freehaven.net/anonbib/cache/sniper14.pdf
for achieving anonymity and resisting censorship online. Because
of Tor’s growing popularity, it is attracting increasingly larger
threats against which it was not securely designed. In this paper,
we present the Sniper Attack, an extremely low cost but highly
destructive denial of service attack against Tor that an adversary
may use to anonymously disable arbitrary Tor relays. The attack
utilizes valid protocol messages to boundlessly consume memory
by exploiting Tor’s end-to-end reliable data transport. We design
and evaluate a prototype of the attack to show its feasibility and
efficiency: our experiments show that an adversary may consume
a victim relay’s memory by as much as 2187 KiB/s while using
at most only 92 KiB/s of upstream bandwidth. We extend our
experimental results to estimate the threat against the live Tor
network and find that a strategic adversary could disable all of
the top 20 exit relays in only 29 minutes, thereby reducing Tor’s
bandwidth capacity by 35 percent. We also show how the attack
enables the deanonymization of hidden services through selective
denial of service by forcing them to choose guard nodes in control
of the adversary. Finally, we discuss defenses against the Sniper
Attack that provably render the attack ineffective, and suggest
defenses against deanonymization by denial-of-service attacks in
general that significantly mitigate the threat.
read more..........http://www.freehaven.net/anonbib/cache/sniper14.pdf