资源融合分配的洋葱路由网络用户守卫节点操纵  

作　　者：张国强 徐明伟[1,2] ZHANG Guoqiang;XU Mingwei(Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China;Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China)

机构地区：[1]清华大学计算机科学与技术系,北京100084 [2]清华大学网络科学与网络空间研究院,北京100084

出　　处：《清华大学学报（自然科学版）》2024年第8期1293-1305,共13页Journal of Tsinghua University(Science and Technology)

摘　　要：第二代洋葱路由网络(the second-generation onion router,Tor)面临流量分析去匿名化威胁,分析用户流量获取成本是评估其威胁程度的重要内容。然而,现有的用户流量获取方法较少研究费效比问题。Tor客户端构建匿名通信路径时使用的守卫节点,是敌手获取用户流量的重要途径。该文针对守卫节点操纵,提出一种资源融合分配的成本优化模型:P-Group(push and pull guards through optimized resource portfolios)模型,并在此基础上进行流量分析威胁评估。P-Group模型统筹分配守卫节点操纵过程中部署可控节点和拥塞非可控节点所需的资源。同时,通过排队论方法对拥塞非可控节点的过程进行建模,利用改进的流偏移技术统筹拥塞攻击资源总量与非可控节点带宽容量以提升资源分配效益。实验结果表明:P-Group模型能够有效降低费效比;相比于简单在部署和拥塞节点间平分带宽,该模型将资源分配效益提升了20.5%;相比于传统攻击流量分配算法,其部署的可控节点中选率提升了15%;敌手操纵用户流量从非可控节点迁移到可控节点的平均成本约为数百美元。这表明用户流量获取具有成本可行性,Tor流量分析构成现实威胁。[Objective]The second-generation onion router(Tor),as the most popular low-latency anonymous communication network on the Internet,is vulnerable to deanonymization attacks caused by traffic analysis.Evaluating the cost associated with acquiring user traffic is crucial to the measurement of the severity of this threat.Because of the direct correlation between Tor network entry nodes and user identities and the fact that these nodes can also be deployed by adversaries,Tor network entry nodes play a vital role in obtaining user traffic.When constructing communication circuits,Tor clients need to be compelled to select the entry nodes of adversaries,commonly referred to as guards.However,the existing approaches used to obtain user traffic by manipulating guard nodes often overlook cost-effectiveness,leading to cost evaluations that do not truthfully reflect the potential capabilities of adversaries.[Methods]To address the cost optimization issue of acquiring Tor user traffic,this study presents a novel model,i.e.,the push and pull Tor users'guards through optimized resource portfolios(P-Group).The proposed method deploys controllable nodes to draw user traffic.Meanwhile,the proposed method expedites user traffic migration by utilizing general traffic to congest noncontrollable nodes that are currently used by users.This study unifies the resource measurements of both node deployment and bandwidth attacks and analyzes their correlation to enhance resource allocation efficiency.Through in-depth research into the traffic control and congestion mechanisms of the Tor protocol,P-Group employs queuing theory to quantify the reduction in the observed bandwidth of noncontrollable nodes.Moreover,the impact of attacking noncontrollable nodes with identical traffic can vary based on their bandwidth capacities.P-Group utilizes adapted flow deviation techniques to effectively coordinate the total amount of attack resources and target bandwidth capacity to optimize resource allocation.Considering the extensive operational scope and

关 键 词：第二代洋葱路由网络 守卫节点 带宽消耗 流偏移 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]