Off-campus UMass Amherst users: To download dissertations, please use the following link to log into our proxy server with your UMass Amherst user name and password.

Non-UMass Amherst users, please click the view more button below to purchase a copy of this dissertation from Proquest.

(Some titles may also be available free of charge in our Open Access Dissertation Collection, so please check there first.)

Passive logging attacks against anonymous communications systems

Matthew K Wright, University of Massachusetts Amherst


Anonymous communications protocols have been designed to resist attacks that work in a short period of time. However, people typically use the Internet in regular, consistent ways over long periods of time, and consequently they are vulnerable to losing their privacy over the lifetime of those communications. Our work has focused on long-term attacks against anonymous communications systems. The predecessor attack is an example of this kind of attack; the attacker logs the connections of a user over time, eventually linking the connections to the user's machine. In this thesis, we give a proof that shows that the users of all existing anonymous communications systems are vulnerable to the predecessor attack. Then we analyze specific instances of the attack against several protocols to show how long the attack takes in each case. Attacks take an order of magnitude more time to be successful against Onion Routing[37] over Crowds[57]. When timing attacks can be stopped, the attack cost becomes exponential in the length of the user's path. We use simulation to back up our analytical results and to show how quickly the attack works in practice. We also describe approaches to defending against these attacks and discuss the tradeoffs between security and usability. The next section of this thesis focuses on timing attacks and defenses against them. We began by simulating attack scenarios and show that using a constant rate of traffic for each user makes timing attacks more difficult. We also present defensive dropping, a modification of this defense that more effectively stops timing attacks. Experiments with Tor[55], a developmental Onion Routing system, demonstrate that these attacks work in practice on the Internet. Finally, we use analysis and simulation to understand the combined effects of timing analysis and the predecessor attack. We show how long the predecessor attack requires given varying levels of attackers' timing analysis success. We find that increasing the error rates of timing analysis significantly increases the amount of time required for the attacker to succeed.

Subject Area

Computer science

Recommended Citation

Wright, Matthew K, "Passive logging attacks against anonymous communications systems" (2005). Doctoral Dissertations Available from Proquest. AAI3179934.