| Tor is the most widely used anonymous communication system.Tor path selection technology is the core technology to provide anonymity for users.The entry node(or guard node)is the key node in Tor multi hop routing,once it is maliciously controlled,anonymity will be greatly damaged.Therefore,it is of great significance to study Tor path selection technology for protecting user privacy and Tor system anonymity.Although Tor path selection technology ensures the anonymity of both sides of communication to a certain extent.By implanting controlled guard nodes into Tor network to attack,it can effectively destroy user anonymity.Therefore,Tor establishes a guard mechanism for the entry node,the controlled guard node has to wait passively for the normal rotation of client’s guard node for a long time.But rotation cycle of guard node is long,which leads to the high cost of implanting node and the difficulty of attack.Based on the above problems,we study Tor path selection technology in this thesis,propose attack methods and defense countermeasure to improve the selection rate of controlled guard nodes in Tor network.The main work is as follows:(1)The security of Tor path selection is analyzed.Based on the theoretical derivation of path selection algorithm and its node selection probability,and the research of guard mechanism of entry node,the related factors affecting the attack success probability of embedded guard node are analyzed and simulated.The smaller the guard set is,the longer the rotation period is,and the lower the selection probability is;The higher the bandwidth of the node,the higher the probability of the node being selected.(2)This thesis proposes an attack method to improve the selection rate of the controlled guard node,starting from the implantation of the controlled node and the implementation of active attack to improve the selection rate of the controlled guard node.Aiming at the problem that Tor guard mechanism leads to high attack cost of implanted nodes,based on the theoretical analysis of the input attack resources,the deployment method of controlled guard nodes is optimized.When the total attack resources are fixed,the bandwidth and the number of nodes that affect the attack strength are evenly allocated through simulation experiments to maximize the utilization of bandwidth resources and enhance the attack strength of the relay level adversary under certain resources.Aiming at the problem of long rotation period of guard nodes and long-term passive waiting selection of controlled nodes,a Do S active attack based on bandwidth depletion is designed.In order to achieve the purpose of covert attack in Tor network,the target node bandwidth is consumed as the attack means.By using the Tor protocol vulnerability,the client is manipulated to build a custom circuit,and the attack target is taken as the entry node to consume its bandwidth.The limitation of Tor fixed circuit length is broken through the proxy tunnel,and the circuit length is increased to amplify the attack effect.(3)Aiming at the defense of guard bandwidth consumption attack,we needs to solve the problem of identifying the traffic type of client connection without damaging the anonymity of users.A dynamic current limiting algorithm based on EWMA(exponentially weighted moving average)is proposed.Research and design the identification node bandwidth module and current limiting module.The identification of node bandwidth module is used to find out whether the node bandwidth is sufficient,which is the preliminary work to determine the implementation of current limiting operation.In the current limiting module,the EWMA value of the traffic in the latest period is used to distinguish the high traffic clients,mark and limit the high traffic clients without affecting the user privacy.At the same time,it can improve the congestion problem caused by Tor for large file users to other interactive applications. |
