Torpedo - SysSec @ DPSS.INESC-ID

MSc Proposal 2019-20

Title

Distributed system for cooperative deanonymization of Tor circuits

Advisor

Nuno Santos

Objectives

The Tor anonymity network is used by numerous individuals engaged in criminal activities. To help investigate such activities, some governments instruct their homeland network providers to collaborate with police authorities by helping to deanonymize Tor communications. In order to deanonymize a Tor circuit, network providers must intercept the traffic in strategic points of the circuit (e.g., at the entry node and at the exit node) and correlate the timing properties of the respective packets so as to link source and destination of the communication endpoints. However, achieving this at such a large scale poses several challenges. First, to deanonymize a specific Tor circuit, network providers need to share traffic traces of many other circuits, which could reveal the identity of individuals engaged in benign activities, such as whistleblowers, reporters, or undercover agents. Second, this need for sharing traffic information constitutes a big hurdle, since oftentimes the Tor circuit endpoints are located in different countries, where the network providers are highly conditioned by the respective national security policies.

Our goal is to build Torpedo, a distributed system aimed at enabling international cooperation between network providers for the purpose of deanonymizing targeted Tor circuits without disclosing information about out-of-scope circuits. To achieve this, Torpedo will rely on a set of middleboxes deployed within the networks of the participating network providers. These middleboxes are responsible for analyzing the local traffic and whenever instructed by the police authorities to deanonymize a given Tor circuit linked to a suspect IP, a deanonymization query will be disseminated across the Torpedo middleboxes; the system will then identify the matching circuit endpoints with high probability without exposing any locally collected traces. An additional challenge will be in revealing across network providers only minimal amount of information about the investigated Tor circuit itself. To prevent potential abuses, Torpedo must also implement authentication and accountability mechanisms so that the queries operate exclusively under the control of the police authorities. This work will advance the state of the art by devising new protocols that combine ML-based traffic analysis with zero-knowledge algorithms for privacy protection purposes.

The mains tasks of this project will be: 1) review the related work, 2) design the Torpedo system, 3) implement a prototype, 4) evaluate the system through simulations, 5) write a scientific article, and 6) write a dissertation.

Requirements

Interest in distributed systems, security, and machine learning. Attendance in the forensics cyber-security course. This topic is already reserved for a concrete student: Pedro Medeiros.

Location

IST-Alameda (INESC-ID)

Observations

This work will be performed in collaboration with Diogo Barradas, a PhD student with expertise in traffic analysis, censorship resistance systems, and machine learning.