The paper “50 Bucks Attack on Tor“, submitted as short paper to NordSec, has been accepted. In the paper, we look on Tor’s attacker model from a more practical side and assume a local network administrator as a potential adversary. In addition, we assume that the attacker has 50 € available for operating a Tor relay. The question of the paper is: How long does Tor protect the user’s favorite websites given our scenario. We answer this question by providing a stochastical model estimating the number of circuits required to deanonymize n favorite websites of the user. By simulating the path selection algorithm with a current Tor network state, we demonstrate the feasibility of the attack.
Last week I presented the work Analyzing the Gold Star Scheme in a Split Tor Network at SecureComm in London:
Tor is an anonymity network and two challenges in Tor are (i) to overcome the scalability problems of Tor’s current network information distribution scheme, and (ii) to motivate users to become operators of nodes. Several solutions have been proposed to address these challenges. We investigate the ramifications of combining two seemingly promising proposals, i.e., splitting the Tor network into several sub-networks (for better scalability), while using the Gold Star scheme (for motivating users to become node operators). Through simulation, we show that the sub-networks are likely to end up in a state of highly imbalanced division of size and bandwidth. This threatens the security and worsens the scalability problem of Tor. We identify the ratio of nodes given a gold star and the fact that a gold star is solely awarded based on a node’s bandwidth, being highly skewed in practice, as two factors that contribute to an imbalanced split. We explore several potential mitigating strategies and discuss their strengths and shortcomings.
At the NISNET workshop in Trondheim, I arranged a Capture the Flag contest based on a UCSB CTF from 2005, i.e., Spam 2005. The introduction slides are now available for download.
In June Asgeir Steine and I arrange a Workshop for (PhD,Master) students in Norway who focus on information security in their studies. The workshop will be held in Trondheim. More information about the workshop can be found here
The preproceedings version of the paper Malice vs. AN.ON is online. The presentation will be given at the conference Financial Cryptography and Data Security. The final version of the paper will be published by Springer.
The paper “Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection” has been accepted for publication at the Financial Cryptography and Data Security conference. The conference will be held in February 2011 in St. Lucia. The paper is co-authored by Dogan Kesdogan.
The poster “Splitting the Tor Network: Potential Challenges considering the Gold Star Scheme” of Pern Hui Chia and myself was selected as best poster at the NordSec 2010 conference in Helsinki, Finnland.
My paper Comparison of the Power Consumption of the 2nd Round SHA-3
Candidates was accepted at ICT Innovations 2010 in Ohrid. The paper is co-authered by Danilo Gligorski and Svein Knapskog.