[talks] Laura Roberts will present her General Exam on January 17, 2017 at 10:15am in CS 302.

Nicki Gotsis ngotsis at CS.Princeton.EDU
Tue Jan 10 14:00:06 EST 2017

Laura Roberts will present her General Exam on January 17, 2017 at 10:15am in CS 302. 

The members of her committee are Nick Feamster (acting adviser), Jennifer Rexford, and Arvind Narayanan. 

Everyone is invited to attend her talk, and those faculty wishing to remain for the oral exam following are welcome to do so. Her abstract and reading list follow below. 

Previous attacks that link the sender and receiver of traffic in the Tor network (“correlation attacks”) have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by DNS requests and responses. This additional traffic presents more opportunities for correlation attacks. Our work quantifies how DNS traffic can make Tor users more vulnerable to correlation attacks. We investigate how incorporating DNS traffic can make existing correlation attacks more powerful and how DNS lookups can leak information to third parties about anonymous communication. We (i) develop a method to identify the DNS resolvers of Tor exit relays; (ii) develop a new set of correlation attacks (DefecTor attacks) that incorporate DNS traffic to improve precision; (iii) analyze the Internet-scale effects of these new attacks on Tor users; and (iv) develop improved methods to evaluate correlation attacks. First, we find that there exist adversaries that can mount DefecTor attacks: for example, Google’s DNS resolver observes almost 40% of all DNS requests exiting the Tor network. We also find that DNS requests often traverse ASes that the corresponding TCP connections do not transit, enabling additional ASes to gain information about Tor users’ traffic. We then show that an adversary that can mount a DefecTor attack can often determine the website that a Tor user is visiting with perfect precision, particularly for less popular websites where the set of DNS names associated with that website may be unique to the site. We also use the Tor Path Simulator (TorPS) in combination with traceroute data from vantage points co-located with Tor exit relays to estimate the power of AS-level adversaries that might mount DefecTor attacks in practice. 
Note: This work is accepted for NDSS 2017 and is joint work with Benjamin Greschbach, Tobias Pulls, Philipp Winter, and Nick Feamster. 

Reading List: 
- Computer Networks: A Systems Approach (5th edition) by Peterson and Davie; 2011 
- Security Engineering: A Guide to Building Dependable Distributed Systems by Anderson, Chs. 1-8, 21-24; 2008 
- “The Effect of DNS on Tor’s Anonymity” by Greschbach, Pulls, Roberts, Winter, and Feamster; 2017 
- “Tor: The Second-Generation Onion Router” by Dingledine et al.; 2004 
- “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries” by Johnson et al.; 2013 
- “DNS measurements at a root server” by Brownlee et al.; 2001 
- “Defending Tor from Network Adversaries: A Case Study of Network Path Prediction” by Juen et al.; 2015 
- “Fingerprinting Websites Using Traffic Analysis” by Hintz; 2002 
- “AS-awareness in Tor Path Selection” by Edman and Syverson; 2009 
- “Location Diversity in Anonymity Networks” by Feamster and Dingledine; 2004 
- “A Critical Evaluation of Website Fingerprinting Attacks” by Juarez et al.; 2014 
- “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms” by Chaum; 1981 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cs.princeton.edu/pipermail/talks/attachments/20170110/1cfd552e/attachment.html>

More information about the talks mailing list