Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks (1704.00843v2)

Abstract: Tor is vulnerable to network-level adversaries who can observe both ends of the communication to deanonymize users. Recent work has shown that Tor is susceptible to the previously unknown active BGP routing attacks, called RAPTOR attacks, which expose Tor users to more network-level adversaries. In this paper, we aim to mitigate and detect such active routing attacks against Tor. First, we present a new measurement study on the resilience of the Tor network to active BGP prefix attacks. We show that ASes with high Tor bandwidth can be less resilient to attacks than other ASes. Second, we present a new Tor guard relay selection algorithm that incorporates resilience of relays into consideration to proactively mitigate such attacks. We show that the algorithm successfully improves the security for Tor clients by up to 36% on average (up to 166% for certain clients). Finally, we build a live BGP monitoring system that can detect routing anomalies on the Tor network in real time by performing an AS origin check and novel detection analytics. Our monitoring system successfully detects simulated attacks that are modeled after multiple known attack types as well as a real-world hijack attack (performed by us), while having low false positive rates.

• The paper measured Tor vulnerability to routing attacks, finding some relays have low resilience and showing clients could be deceived during attacks.
• It introduces a novel Tor guard relay selection algorithm incorporating resilience metrics that improved client security against attacks by up to 166%.
• It developed a live BGP monitoring system that detects routing anomalies and attacks on the Tor network in real-time with low false positives.

Analyzing Counter-RAPTOR: Advances in Securing Tor from Active Routing Threats

The paper "Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks," authored by researchers from Princeton University, provides a detailed investigation into the vulnerabilities of the Tor network against active Routing Prefix Threat (RAPTOR) attacks that exploit BGP (Border Gateway Protocol) routing dynamics. The research distinctly outlines innovative approaches aimed at mitigating and detecting these network-level threats, significantly enhancing the security efficacy of Tor, a widely used system for anonymous communication.

Core Contributions and Findings

The paper is structured around three primary contributions, each addressing a critical aspect of securing Tor against active routing attacks:

1. Measurement Study of Tor Vulnerability: The researchers conducted extensive measurements assessing Tor's susceptibility to active BGP prefix hijacks and interceptions by analyzing Autonomous Systems (ASes) resilience. The paper found that some ASes with high Tor relay bandwidths exhibited low resilience values, such as AS 16276 (OVH) with a resilience value of 0.408, indicating that during an attack, the probability of a Tor client using these relays being deceived is close to 60%.
2. Tor Guard Relay Selection Algorithm: The paper introduces a novel Tor guard relay selection algorithm that anticipates the resilience of relays, significantly enhancing the network’s robustness against such attacks. By integrating resilience metrics into relay selection along with bandwidth considerations, the algorithm improved client security by up to 36% on average, with specific clients experiencing improvements up to 166%.
3. Live BGP Monitoring System: To actively detect routing anomalies on the Tor network, the researchers developed a monitoring system capable of identifying unusual routing activities in real-time. This system employs an AS origin check complemented by novel detection analytics, demonstrating low false-positive rates (0.19%) and successfully identifying both simulated and real-world hijack attacks.

Implications for Tor and Network Security

The findings from this research have profound implications on both theoretical and practical fronts in cybersecurity. From a theoretical standpoint, examining AS resilience provides deeper insights into network topology's role in routing security. Practically, the proposed guard relay selection presents a proactive method to enhance Tor’s anonymity protection by minimizing threat exposure. Additionally, the real-time monitoring system marks a forward step in providing transparent and reactive defense mechanisms against network-level adversarial threats.

Future Prospects and Considerations

The developments highlighted in this paper suggest several prospective research directions. Future work could delve into refining AS path inferences, enhancing accuracy, and incorporating adaptive machine learning models in relay selection and anomaly detection. Moreover, scalability and integration of such security mechanisms in broader anonymity networks could be explored. As the threat landscape continually evolves, interdisciplinary approaches merging network engineering with robust cryptographic protocols might be pivotal in fortifying networking systems like Tor.

In conclusion, the "Counter-RAPTOR" paper offers invaluable advancements in strengthening Tor’s defense against active routing threats, marking a significant contribution to the domain of network anonymity and security. Its methodologies and findings provide a foundational basis upon which further research and development can be built, ensuring continuous innovation in safeguarding anonymity networks from sophisticated active attacks.