Security, Privacy & Anonymity

Security, Privacy & Anonymity

We have been actively working on several projects within the realm of security, privacy, and anonymity. The first has been a security analysis of Tor, a popular onion routing network used to anonymize TCP connections. Specifically, this work has examined how performance optimizations added to enhance the system’s performance are fundamentally at odds with the network’s ability to ensure strong anonymity properties. Through experimentation with an isolated Tor network deployed on Planetlab, we show that an low-resource adversary can compromise over 46% of all circuits through the network; this is a significant increase over the previously accepted analytical attack success prediction.

Another project has focused on characterizing and modeling anonymous network usage, focusing on Tor, as it is the most widely used anonymous network. We participate in the Tor network as a Tor router and provide a breakdown of application-level protocols that can be observed within Tor, a geopolitical distribution of Tor routers and clients, and a characterization of how networks like Tor are being abused by malicious parties. Our main objective through this study is to better understand the Tor network and through this understanding, propose improvements.

We have also been working on anonymizing protocols for specific applications. In particular, we proposed a simple protocol to add “plausible deniability” to the popular BitTorrent peer-to-peer file sharing protocol. In the current BitTorrent protocol, the identities of all peers sharing a particular file are published by the “tracker” server. Our protocol, called BitBlender, provides light-weight anonymity (in the spirit of the Crowds anomymizing network) by inserting special peers called “relay peers” into the BitTorrent system architecture. These peers act as proxies for other peers that actively share a particular file. In doing so, it becomes unclear to an adversary which peers listed by the trackers are engaged in the sharing of the file and which peers are merely relays. The adversary must now invest more resources and perform more sophisticated (and error-prone) traffic analysis tactics to ascertain the identities of the real peers.

Our projects also focus on security and privacy in wireless networks. Such completed projects include an identifier-free wireless link-layer, a confidential service discovery protocol, an accurate technique for wireless device driver fingerprinting, a method for constructing implicit identifiers using information extracted from the wireless physical layer, and a set of techniques to detect “evil twin” access points in 802.11.

Selected Publications

  • Kevin Bauer, Micah Sherr, Damon McCoy, and Dirk Grunwald. ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation. 4th USENIX Workshop on Cyber Security Experimentation and Test (CSET 2011). San Francisco, CA. (August 2011)
  • Mashael AlSabah, Kevin Bauer, Ian Goldberg, Damon McCoy, Dirk Grunwald, Stefan Savage, and Geoffrey Voelker – DefenestraTor:  Throwing Out Windows in Tor. 11th Privacy Enhancing Technologies Symposium (PETS 2011) Waterloo, ON, July 2011
  • Harold Gonzales, Kevin Bauer, Janne Lindqvist, Damon McCoy, Douglas Sicker – Practical Defenses for Evil Twin Attacks in 802.11. Proceedings of the IEEE Globecom Communications and Information Security Symposium , Miami, FL, December, 2010
  • Dirk Grunwald, Aaron Beach, Kevin Bauer, Qin Lv, Douglas Sicker – The Risks and Regulation of Location. Proceedings of the 38th Research Conference on Communication, Information and Internet Policy (TPRC) , Arlington, VA, October, 2010
  • J. Trent Adams, Kevin Bauer, Asa Hardcastle, Dirk Grunwald, Douglas Sicker – Automated Tracking of Online Service Policies. Proceedings of the 38th Research Conference on Communication, Information and Internet Policy (TPRC) , Arlington, VA, October, 2010
  • Kevin Bauer, Joshua Juen, Nikita Borisov, Dirk Grunwald, Douglas Sicker, Damon McCoy – On the Optimal Path Length for Tor. HotPETS 2010
  • Kevin Bauer, Dirk Grunwald, Douglas Sicker – Predicting Tor Path Compromise by Exit Port. Proceedings of 2nd IEEE International Workshop on Information and Data Assurance , Phoenix, AZ, December, 2009
  • Kevin Bauer, Damon McCoy, Dirk Grunwald, Douglas Sicker – BitStalker: Accurately and Efficiently Monitoring BitTorrent Traffic. Proceedings of the 1st IEEE Workshop on Information Forensics and Security , London, United Kingdom, December, 2009
  • Kevin Bauer, Damon McCoy, Eric Anderson, Markus Breitenbach, Greg Grudic, Dirk Grunwald, Douglas Sicker – The Directional Attack on Wireless Localization – or – How to Spoof your Location with a Tin Can. Proceedings of the IEEE Globecom Communications and Information Security Symposium , Honolulu, HI, USA, December, 2009
  • Kevin Bauer, Dirk Grunwald, Douglas Sicker – The Arms Race in P2P. Proceedings of the 37th Research Conference on Communication, Information and Internet Policy , Arlington, VA, USA, September, 2009
  • Kevin Bauer, Damon McCoy, Ben Greenstein, Dirk Grunwald, Douglas Sicker – Physical Layer Attacks on Unlinkability in Wireless LANs. Proceedings of the 9th Privacy Enhancing Technologies Symposium (PETS 2009) , Seattle, WA, USA, August, 2009
  • Kevin Bauer, Dirk Grunwald, Douglas Sicker – The Challenges of Stopping Illegal Peer-to-peer File Sharing. Proceedings of National Cable & Telecommunications Association Technical Papers , Washington, DC, USA, April, 2009
  • Kevin Bauer, Harold Gonzales, Damon McCoy – Mitigating Evil Twin Attacks in 802.11. Proceedings of 1st IEEE International Workshop on Information and Data Assurance (WIDA 2008) in conjunction with the 27th IEEE International Performance Computing and Communications Conference (IPCCC 2008) , Austin, TX, USA, December, 2008
  • Kevin Bauer, Damon McCoy, Dirk Grunwald, Douglas Sicker – BitBlender: Light-Weight Anonymity for BitTorrent. Proceedings of the Workshop on Applications of Private and Anonymous Communications (AlPACa 2008) in conjunction with SecureComm 2008 , Istanbul, Turkey, September, 2008
  • Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker – Shining Light in Dark Places: Understanding the Tor Network. Proceedings of the 8th Privacy Enhancing Technologies Symposium (PETS 2008) , Leuven, Belgium, July, 2008
  • Kevin Bauer, Damon McCoy, Ben Greenstein, Dirk Grunwald, Douglas Sicker – Using Wireless Physical Layer Information to Construct Implicit Identifiers. Technical Report presented at HotPETS in conjunction with the 8th Privacy Enhancing Technologies Symposium (PETS 2008) , Leuven, Belgium, July, 2008
  • Ben Greenstein, Damon McCoy, Jeffrey Pang, Tadayoshi Kohno, Srinivasan Seshan, David Wetherall – Improving Wireless Privacy with an Identifier-Free Link Layer Protocol. MobiSys ’08: 6th International Conference on Mobile Systems, Application, and Services , Breckenridge, CO, USA, June, 2008
  • Jeffrey Pang, Ben Greenstein, Damon McCoy, Srinivasan Seshan, and David Wetherall – Tryst: The Case for Confidential Service Discovery. HotNets VI: The Sixth Workshop on Hot Topics in Networks , Atlanta, GA, USA, October, 2007
  • Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker – Low-Resource Routing Attacks Against Tor. Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2007) , Alexandria, VA, USA, October, 2007
  • Douglas Sicker, Damon McCoy, Dirk Grunwald – A Mechanism for Detecting and Responding to Misbehaving Nodes in Wireless Networks. SDR Workshop, IEEE SECON , 2007.
  • Jason Franklin, Damon McCoy, Parisa Tabriz, Vicentiu Neagoe, Jamie Van Randwyk, Douglas Sicker – Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. Proceedings of the 15th USENIX Security Symposium , Vancouver, BC, Canada, August, 2006