<html><body><div style="font-family: garamond,new york,times,serif; font-size: 12pt; color: #000000"><div>Laura Roberts will present her General Exam on January 17, 2017 at 10:15am in CS 302.</div><div><div><br></div></div><div>The members of her committee are Nick Feamster (acting adviser), Jennifer Rexford, and Arvind Narayanan.</div><div><br>Everyone is invited to attend her talk, and those faculty wishing to remain for the oral exam following are welcome to do so. Her abstract and reading list follow below.</div><div data-marker="__QUOTED_TEXT__"><div><blockquote class=""><div class=""><div class=""><div style="font-family: garamond, 'new york', times, serif; font-size: 12pt;" class="" data-mce-style="font-family: garamond, 'new york', times, serif; font-size: 12pt;"><div class="">
<div class="">Abstract:<br class="">
Previous attacks that link the sender and receiver of traffic in the Tor network (“correlation attacks”) have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by
DNS requests and responses. This additional traffic presents more opportunities for correlation attacks. Our work quantifies how DNS traffic can make Tor users more vulnerable to correlation attacks. We investigate how incorporating DNS traffic can make existing
correlation attacks more powerful and how DNS lookups can leak information to third parties about anonymous communication. We (i) develop a method to identify the DNS resolvers of Tor exit relays; (ii) develop a new set of correlation attacks (DefecTor attacks)
that incorporate DNS traffic to improve precision; (iii) analyze the Internet-scale effects of these new attacks on Tor users; and (iv) develop improved methods to evaluate correlation attacks. First, we find that there exist adversaries that can mount DefecTor
attacks: for example, Google’s DNS resolver observes almost 40% of all DNS requests exiting the Tor network. We also find that DNS requests often traverse ASes that the corresponding TCP connections do not transit, enabling additional ASes to gain information
about Tor users’ traffic. We then show that an adversary that can mount a DefecTor attack can often determine the website that a Tor user is visiting with perfect precision, particularly for less popular websites where the set of DNS names associated with
that website may be unique to the site. We also use the Tor Path Simulator (TorPS) in combination with traceroute data from vantage points co-located with Tor exit relays to estimate the power of AS-level adversaries that might mount DefecTor attacks in practice.<br class="">
Note: This work is accepted for NDSS 2017 and is joint work with Benjamin Greschbach, Tobias Pulls, Philipp Winter, and Nick Feamster.<br class="">
<br class="">
Reading List:<br class="">
- <span style="text-decoration: underline;" class="" data-mce-style="text-decoration: underline;">Computer Networks: A Systems Approach (5th edition)</span> by Peterson and Davie; 2011<br class="">
- <span style="text-decoration: underline;" class="" data-mce-style="text-decoration: underline;">Security Engineering: A Guide to Building Dependable Distributed Systems</span> by Anderson, Chs. 1-8, 21-24; 2008<br class="">
- “The Effect of DNS on Tor’s Anonymity” by Greschbach, Pulls, Roberts, Winter, and Feamster; 2017<br class="">
- “Tor: The Second-Generation Onion Router” by Dingledine et al.; 2004<br class="">
- “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries” by Johnson et al.; 2013<br class="">
- “DNS measurements at a root server” by Brownlee et al.; 2001<br class="">
- “Defending Tor from Network Adversaries: A Case Study of Network Path Prediction” by Juen et al.; 2015<br class="">
- “Fingerprinting Websites Using Traffic Analysis” by Hintz; 2002<br class="">
- “AS-awareness in Tor Path Selection” by Edman and Syverson; 2009<br class="">
- “Location Diversity in Anonymity Networks” by Feamster and Dingledine; 2004<br class="">
- “A Critical Evaluation of Website Fingerprinting Attacks” by Juarez et al.; 2014<br class="">
- “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms” by Chaum; 1981</div>
<div class=""><br></div></div></div></div></div></blockquote></div></div></div></body></html>