Anonymous Communication designs such as Tor build their security upon distributing the trust in many volunteers running relays in many locations globally. In practice, it leads to a heterogeneous network in which many versions of the same Tor software exist, with a different set of protocol features. Because of the heterogeneous aspect of the network, the maintainers employ forward-compatible protocol design strategies to maintain network extensibility. These strategies aim to guarantee that different versions of the Tor software interact without unrecoverable errors. In this work, we cast the protocol tolerance enabled with forward-compatible protocol considerations as a fundamental security issue. Despite being beneficial for the developers, we argue that protocol tolerance is the cause of many strong attacks against Tor in the past fifteen years. To address this issue, we propose FAN for Flexible Anonymous Network, a new software architecture for volunteer-based distributed networks that shifts the dependence away from protocol tolerance without losing the ability for the developers to ensure the continuous evolution of their software. We realize an implementation, evaluate the overheads and, experiment with several of FAN's benefits to defend against a severe attack still applicable to Tor today.
翻译:匿名通信设计(例如Tor)倚赖于在全球很多地方运行的志愿者中分布信任来构建其安全性。实际上,这会导致一个异构的网络,其中存在许多版本的同一Tor软件,具有不同的协议功能集。由于网络的异构性,维护者采用向前兼容的协议设计策略来保持网络的可扩展性。这些策略旨在确保不同版本的Tor软件之间交互时不会产生无法恢复的错误。 在这项工作中,我们将通过向前兼容的协议考虑启用的协议容错性定义为一项基本的安全问题。尽管对于开发人员有益,但我们认为协议容错性是过去15年中针对Tor的许多强攻击的原因。为解决这个问题,我们提出了灵活匿名网络(FAN),一种用于基于志愿者的分布式网络的新软件架构,该架构将依赖性从协议容错性转移而来,同时不失去开发人员确保其软件持续演进的能力。我们实现了一个实现,在评估了开销和许多FAN的优点以防御仍然适用于Tor的严重攻击的同时进行了实验。
相关内容
微信扫码咨询专知VIP会员