| Tor is the most widely used anonymous communication system,tor path selection technology is the core mechanism to provide the anonymity of Tor users.In order to improve the anonymity of the Tor network,attacks against tor path selection algorithm and the algorithm improvements against attacks are also an important part of the research.With the development of computer technology and the emergence of machine learning,the security threats faced by Tor users are further intensified.Once the tor path selection used by users has security risks,it will greatly damage anonymity.Therefore,research on Tor path selection algorithm is of great significance for protecting user anonymity.Tor multipathing algorithm is a novel path selection algorithm,which is designed to resist fingerprint attack and correlation attack and improve the security of path selection algorithm.However,because the multipathing algorithm needs to select multiple entry nodes and build multiple circuits for one transmission,multipathing is more vulnerable to some attacks.By analyzing the characteristics of Tor multipathing algorithm and the attacks of Tor,this paper summarizes the attacks faced by multipathing algorithm,and proves it by experiments.Based on the difference of attackers,a multipathing algorithm node-level adversary defense scheme and an ASlevel adversary defense scheme are proposed,and each scheme is designed,implemented and evaluated.The main work is as follows:(1)Aiming at the characteristics of multipathing algorithm building multiple circuits in one transmission,four kinds of attacks are proposed,including traffic confirmation attack,supportive attack,traffic correlation attack and AS-level fingerprint collusion attack and the feasibility of the multipathing algorithm is proved by experiments.Experiments show that,compared with the normal path selection algorithm,the success rate of these attacks in deanonymizing multipathing algorithms is significantly improved,and with the use of portals increases as the number of entry nodes increases.(2)Proposed a defense strategy against tor multipathing algorithm’s node-level adversaries,multipathing algorithm based on the guard set.Aiming at the limitation of node selection in multipathing algorithm and the optimization of the number of ingress nodes,we improves the strategy of guard set in the case of resource exhaustion,and designs the restriction rules for the region where nodes are located.Establish the dependency between the number of multipathing entry nodes and the size of the guard set.Experiments show that when the size of the guard set is 1 larger than the number of multipathing entry nodes,and the rotation time is 270 days,the algorithm is available when 99% of the circuits are constructed,and the probability of the entry node being perceived by malicious entry nodes is reduced to 6% than the algorithm is not used.(3)Proposed a defense strategy against tor multipathing algorithm’s AS-level adversaries,AS-aware tor multipathing algorithm.Aiming at the characteristics of multipathing AS-level adversary’s strong traffic observation ability,and the characteristics of multipathing construction of multiple circuits to generate multiple traffic,we aware whether the user can build a safe transmission to improve the availability of circuit construction.Experiments show that the algorithm reduces the feasibility of traffic correlation attacks from 90% to 2%,and reduces the success rate of AS-level fingerprint collusion attacks to one-third of the original.At the same time,the performance drop is less than 20%,and the algorithm availability reached 97.5%when visiting the 1000 most visited websites.In this paper,four more effective attacks against tor multipathing algorithm are proposed and proved by experiments.Then two defense methods are proposed and evaluated.Experiments show that these two methods can effectively resist the threat of attackers and greatly improve the anonymity of users. |
