Paper 2021/374

ZXAD: High-volume Attack Mitigation for Tor

Akshaya Mani and Ian Goldberg

Abstract

The Tor anonymity network is often abused by some attackers to (anonymously) convey attack traffic. These attacks abuse Tor exit relays (i.e., the relays through which traffic exits Tor) by making it appear the attack originates there; as a result, many website operators indiscriminately block all Tor traffic (by blacklisting all exit IPs), reducing the usefulness of Tor. Recent research shows that majority of these attacks are ones that generate high traffic volume (e.g., Denial-of-Service attacks). This suggests that a simple solution such as throttling traffic flow at the Tor exits may permit early detection of these attacks, improve overall reputation of exits, and eventually prevent blanket blocking of Tor exits. However, naively monitoring and throttling traffic at the Tor exits can endanger the privacy of the network's users. This paper introduces ZXAD (pronounced "zed-zad"), a zero-knowledge based _private_ Tor exit abuse detection system that permits identification of otherwise unlinkable connections that are part of a high-volume attack. ZXAD does not reveal any information, apart from the fact that some user is conveying a high volume of traffic through Tor. We formally prove the correctness and security of ZXAD. We also measure two proof-of-concept implementations of our zero-knowledge proofs and show that ZXAD operates with low bandwidth and processing overheads.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision.WPES 2021
DOI
10.1145/3463676.3485609
Keywords
anonymityprivacy enhancing technologieszero knowledge
Contact author(s)
akshaya mani @ uwaterloo ca
iang @ uwaterloo ca
History
2021-09-22: revised
2021-03-22: received
See all versions
Short URL
https://ia.cr/2021/374
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/374,
      author = {Akshaya Mani and Ian Goldberg},
      title = {ZXAD: High-volume Attack Mitigation for Tor},
      howpublished = {Cryptology ePrint Archive, Paper 2021/374},
      year = {2021},
      doi = {10.1145/3463676.3485609},
      note = {\url{https://eprint.iacr.org/2021/374}},
      url = {https://eprint.iacr.org/2021/374}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.