You are looking at a specific version 20131024:075928 of this paper. See the latest version.

Paper 2013/664

TUC: Time-sensitive and Modular Analysis of Anonymous Communication

Michael Backes and Praveen Manoharan and Esfandiar Mohammadi

Abstract

The anonymous communication (AC) protocol Tor constitutes the most widely deployed technology for providing anonymity for user communication over the Internet. Tor has been subject to several analyses which have shown strong anonymity guarantees for Tor. However, all previous analyses ignore time-sensitive leakage: timing patterns in web traffic allow for attacks such as website fingerprinting and traffic correlation, which completely break the anonymity provided by Tor. For conducting a thorough and comprehensive analysis of Tor that in particular includes all of these time-sensitive attacks, one of the main obstacles is the lack of a rigorous framework that allows for a time-sensitive analysis of complex AC protocols. In this work, we present TUC (for Time-sensitive Universal Composability): the first universal composability framework that includes a comprehensive notion of time, which is suitable for and tailored to the demands of analyzing AC protocols. As a case study, we extend previous work and show that the onion routing (OR) protocol, which underlies Tor, can be securely abstracted in TUC, i.e., all time-sensitive attacks are reflected in the abstraction. We finally leverage our framework and this abstraction of the OR protocol to formulate a countermeasure against website fingerprinting attacks and to prove this countermeasure secure.

Note: We added acknowledgements.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint. MAJOR revision.
Keywords
cryptographic protocolssecurity analysis of protocolsconcurrent compositionanonymous communication
Contact author(s)
manoharan @ cs uni-saarland de
History
2014-02-12: revised
2013-10-24: received
See all versions
Short URL
https://ia.cr/2013/664
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.