Attack per slutrelä, riktad mot en specifik klient

Slutreläer är olika sårbara för den typ av attack presenterad i denna uppsats. Ett webb- platsorakel per slutnod kan konstrueras, där trafik från en specifik klient dirigeras till en mängd särskilt sårbara slutreläer. För detta krävs stora mängder resurser, såsom kontroll av nätverksinfrastruktur och datorkraft. Kan icke sårbara slutreläer skildras som opålitli- ga eller missvisande för en klient kan denna klient istället nyttja sårbara slutreläer, vilket gynnar attackeraren. Överbelastningsattacker mot icke sårbara slutreläer eller blocke- ring av nätverksinfrastruktur som leder till dessa icke sårbara slutreläer gör istället sårbara slutreläer attraktiva. För en sådan attack krävs resurser tillhörande en statsmakt eller en internetleverantör. Notera att dessa resurser kan innehas genom intrång, likt det som hände internetlverantören Belgacom 2012 [46]. Denna attack kan motverkas genom att välja slutnod slumpmässigt, något som utvecklare av mjukvara som nyttjar Tor står ansvariga för. Om en stor mängd slutreläer plötsligt blir okontaktbara för en enstaka klient bör detta undersökas. Att en aktör innehar denna mängd resurser och samtidigt ser Tor som ett mål anses osannolikt, men är värt att tänka på.

Litteraturförteckning

[1] Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second- generation onion router. Paul Syverson, 13, 06 2004.

[2] Wikimedia Commons. Roc space-2.png. https://en.wikipedia.org/wiki/ File:ROC_space-2.png. [Hämtad: 2020,12,21].

[3] Electronic Frontier Foundation. How tor (the onion network) works. https://www.torproject.org/about/overview.html.en, 2011. [Hämtad 2020,10,15].

[4] Wikimedia Commons. Boxplot vs pdf.svg. https://commons.wikimedia.org/

wiki/File:Boxplot_vs_PDF.svg. [Hämtad: 2020,12,22].

[5] Tobias Pulls and Rasmus Dahlberg. Website fingerprinting with website oracles. Proceedings on Privacy Enhancing Technologies, 2020(1):235–255, 2020.

[6] R Elz and R Bush. Rfc2181: Clarifications to the dns specification, 1997.

[7] Edward W Felten and Michael A Schneider. Timing attacks on web privacy. In Proceedings of the 7th ACM conference on Computer and communications security, pages 25–32, 2000.

[8] Livinus Obiora Nweke. Using the cia and aaa models to explain cybersecurity activities. PM World Journal, 6, 2017.

[9] Akeo Adachi. Foundations of Computation Theory. IOS Press, 1990.

[10] Paul Syverson, D Goldschlag, and M Reed. Onion routing for anonymous and private internet connections. Communications of the ACM, 42(2):5, 1999.

[11] Michael G Reed, Paul F Syverson, and David M Goldschlag. Anonymous con- nections and onion routing. IEEE Journal on Selected areas in Communications, 16(4):482–494, 1998.

[12] Tim Dierks and Eric Rescorla. Rfc 5246-the transport layer security (tls) protocol version 1.2. The Internet Engineering Task Force (IETF), 2008.

[13] Mike Tigas. A more secure and anonymous propublica using tor hidden services. https://web.archive.org/

web/20201015071046/https://www.propublica.org/nerds/

a-more-secure-and-anonymous-propublica-using-tor-hidden-services, 2016. [Hämtad 2020,10,21].

[14] Alex Biryukov, Ivan Pustogarov, Fabrice Thill, and Ralf-Philipp Weinmann. Content and popularity analysis of tor hidden services. In 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW), pages 188–193. IEEE, 2014.

[15] Föreningen för Digitala Fri- och Rättigheter. Questions about running tor in sweden. https://web.archive.org/web/20201102132550/https://www. dfri.se/projekt/tor/tor-i-sverige/?lang=en. [Hämtad: 2020,10,15].

[16] Roger Dingledine. Def con 25 - roger dingledine - next generation tor onion services. https://youtu.be/Di7qAVidy1Y, 2017. [Hämtad: 2020,10,15].

LITTERATURFÖRTECKNING 59 https://www.torproject.org/about/history/, 2020. [Hämtad: 2020,10,15].

[18] Richard E Smith. A contemporary look at saltzer and schroeder’s 1975 design principles. IEEE Security & Privacy, 10(6):20–25, 2012.

[19] Jason Farina, Mark Scanlon, Stephen Kohlmann, Nhien-An Le Khac, M Kechadi, et al. The 10th adfsl conference on digital forensics, security and law (cdfsl 2015). In The 10th ADFSL Conference on Digital Forensics, Security and Law (CDFSL 2015), pages 135–150. ADFSL, 2015.

[20] Kelley Misata. the tor project: An inside view. XRDS: Crossroads, The ACM Magazine for Students, 20(1):45–47, 2013.

[21] Trevor Hastie, Robert Tibshirani, and Jerome Friedman. The elements of statistical learning: data mining, inference, and prediction. Springer Science & Business Media, 2009.

[22] Jeff Schneider. Cross validation. A Locally Weighted Learning Tutorial Using Vizier, 1, 1997.

[23] Gitte Vanwinckelen and Hendrik Blockeel. On estimating model accuracy with repeated cross-validation. In Benelearn 2012: Proceedings of the 21st belgian- dutch conference on machine learning, pages 39–44, 2012.

[24] Krishni. K-fold cross validation. https://medium.com/datadriveninvestor/

k-fold-cross-validation-6b8518070833. [Hämtad: 2020,12,29].

[25] Jonas F. Ludvigsson, Anders Ekbom. Medicinsk statistik diagnostiska tes- ter. https://www.internetmedicin.se/behandlingsoversikter/ovrigt/

[26] Jacob Yerushalmy. Statistical problems in assessing methods of medical diagnosis, with special reference to x-ray techniques. Public Health Reports (1896-1970), pages 1432–1449, 1947.

[27] Google Developers. Classification: Roc curve and auc. https://developers. google.com/machine-learning/crash-course/classification/

roc-and-auc. [Hämtad: 2020,12,21].

[28] Christopher D Brown and Herbert T Davis. Receiver operating characteristics curves and related decision measures: A tutorial. Chemometrics and Intelligent Laboratory Systems, 80(1):24–38, 2006.

[29] Kirill Fuchs. Machine learning classification models. https://medium.com/ fuzz/machine-learning-classification-models-3040f71e2529. [Häm- tad: 2020,12,29].

[30] Guido Van Rossum et al. Python programming language. In USENIX annual technical conference, volume 41, page 36, 2007.

[31] Yubao Wu, Fengpan Zhao, Xucan Chen, Pavel Skums, Eric L Sevigny, David Maimon, Marie Ouellet, Monica Haavisto Swahn, Sheryl M Strasser, Mohammad Javad Feizollahi, et al. Python scrapers for scraping cryptomarkets on tor. In International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, pages 244–260. Springer, 2019.

[32] The Tor Project. Rust in tor. https://web.archive.org/web/

20200621164446/https://trac.torproject.org/projects/tor/wiki/ RustInTor. [Hämtad: 2020,09,22].

[33] Steve Klabnik and Carol Nichols. The Rust Programming Language (Covers Rust 2018). No Starch Press, 2019.

LITTERATURFÖRTECKNING 61 [34] Cameron Newham and Bill Rosenblatt. Learning the bash shell: Unix shell

programming. Ö’Reilly Media, Inc.", 2005.

[35] Ron Peters. cron. Expert Shell Scripting, pages 81–85, 2009.

[36] Damian Johnson. Welcome to stem! https://web.archive.org/

web/20201015143748/https://stem.torproject.org/index.html, 2019. [Hämtad: 2020,10,15].

[37] NullHypothesis, atagar, frankcash, zackw, arlolra, oorestisime, apexhat, s4chin, radman404, qbi, nogoegst, manuteleco, intchloe, gunesacar, DonnchaC. Nullhypothesis/exitmap: A fast and modular scanner for tor exit relays. https://web.archive.org/web/20201102132952/https:

//github.com/NullHypothesis/exitmap, 2019. [Hämtad 2020,11,02].

[38] Philipp Winter. https://web.archive.org/web/20201101001312/https://

nymity.ch/, 2020. [Hämtad 2020,11,02].

[39] The Tor Project. torsocks - wrapper to torify applications. https:

//web.archive.org/web/20201102133952/https://gitweb.torproject. org/torsocks.git, 2020. [Hämtad 2020,11,02].

[40] The Tor Project

. Tor: Overview. https://web.archive.org/web/20201015140545/https: //2019.www.torproject.org/about/overview, 2020. [Hämtad: 2020,10,15].

[41] Frederik Michel Dekking, Cornelis Kraaikamp, Hendrik Paul Lopuhaä, and Ludolf Erwin Meester. A Modern Introduction to Probability and Statistics: Understanding why and how. Springer Science & Business Media, 2005.

[42] IT-ord. Skript | idg:s ordlista. https://it-ord.idg.se/ord/skript/. [Hämtad: 2020,12,28].

[43] Johann Mitlöhner, Sebastian Neumaier, Jürgen Umbrich, and Axel Polleres. Characteristics of open data csv files. In 2016 2nd International Conference on Open and Big Data (OBD), pages 72–79. IEEE, 2016.

[44] Martin F Krafft. The Debian system: concepts and techniques. No Starch Press, 2005.

[45] Matplotlib development team. Matplotlib: Visualization with python. https: //matplotlib.org/. [Hämtad: 2020,12,22].

[46] Ryan Gallagher. The inside story of how british spies hacked belgiums largest telco. https://theintercept.com/2014/12/13/