Anonymisation tools are used to increase user privacy and claim to provide partial or full online anonymity. These tools are useful for legitimate causes, for example, allowing citizens or journalists in repressed nation states to communicate openly without fear of reprisal. However, they are also used to conceal nefarious activity. In light of recent alleged mass-surveillance by intelligence agencies, revealed by whistleblowing, anonymisation tools are becoming increasingly popular (Greenwald, 2014). Some of the most notable tools are: the Tor browser for anonymous web browsing (Dingledine et al., 2004), Bitcoin for anonymous payments (Nakamoto, 2008a), Pretty Good Privacy (PGP) for encrypted e-mail communications (Zimmermann, 1995) and Truecrypt for encrypted, and optionally hidden, storage. Techniques to de-anonymise activities undertaken by these tools have been proposed that can lead to attribution of an adversary.
Approaches
Tor, which stands for The Onion Router, enables anonymous Internet browsing for clients and anonymous hosting for servers (Dingledine et al., 2004). Traffic is encrypted multiple times and routed between many servers, known as Tor relays, before reaching the intended destination. A connection of Tor relays, known as a circuit, consists of at least an entry relay, middle relay(s) and an exit relay. Tor defends against network traffic analysis when an observer has partial control of the Tor network. Incentives for anti-Tor technology have been expressed, e.g. by the Russian government, who offered a bounty of $110,000 to de-anonymise Tor users (Technica, 2014).
If an attributor controls an entry and exit relay that is used by a circuit, they can use traffic analysis techniques, i.e. stream matching (page 48), to identify that they are related (Bauer et al., 2007). As Tor does not use traffic padding, it should be possible to use both content and timing- based approaches. An entry relay could also inject a signature or watermark that can be detected by the exit relay. This is known as a traffic confirmation attack.
To control more relays and increase the possibility of being both an entry and exit relay, new relays can falsely advertise their uptime and bandwidth as being exceptionally good, when they are not, as there is no verification process. If traffic only flows through either an entry or exit relay, then this can be used to disrupt the path. The path then needs to be rebuilt. When it is rebuilt there is a chance that it will flow through both the entry and exit relay controlled by an attributor. To increase the possibility further, DoS and DDoS attacks can be launched against legitimate relays. Gaining access or possessing a portion of the network is one way to de-anonymise Tor communications. Other traffic analysis approaches have used Cisco Netflow data and injecting TCP traffic patterns to reportedly de-anonymise 81.4% of users (Chakravarty et al., 2014).
Side-channel attacks are also effective against Tor for attribution. For example, the Tor browser is based on the Firefox web browser. A zero-day exploit was found to be exploiting a vulnerability in Firefox version 17 (CVE 2013-1690, 2014). The exploit payload was unique; rather than exploiting the system it merely reported the user’s hostname, MAC address and IP address to a web server in Northern Virginia, U.S. The payload also checked to ensure that the target browser was Firefox ESR, a specific version for the Tor browser, so that Firefox 17 users were not targeted, only those using the Tor browser were. It is reported that the FBI deployed the exploit on a hosting provider, Freedom Hosts, alleged to host child pornography websites, to de-anonymise visitors (Wired, 2013). Finally, simply using Tor may raise suspicion and detecting Tor traffic is trivial (Fleischer, 2009).
Bitcoin, a peer-to-peer decentralised payments system and digital currency (Nakamoto, 2008a), can also be de-anonymised by various approaches. Bitcoins, a unit of digital currency, are created by performing computationally expensive calculations, known as mining. The history of Bitcoin transactions is stored in the “block-chain”, a file that each user stores on their computer. This prevents double-spending of Bitcoins. Bitcoin enables anonymous transactions, so that the sender and recipient are not personally identifiable to one another or anybody else listening in to the transaction, e.g. using traffic analysis. When performing non-technical attribution techniques, such as “follow the money” (page 76), this might lead to payment using Bitcoin. Therefore, attacks against the anonymity of Bitcoin and other digital currencies may lead to attribution.
The entire history of an individual’s Bitcoin transactions are stored openly in the block-chain. If an individual is linked to a Bitcoin account, then a history of transactions is also visible. Kaminsky (2011) identified a technique to relate IP addresses to Bitcoin public keys by opening a connection to all peers in the network at once, however this doesn’t work when using Tor. Vulnerabilities have been identified in Bitcoin that can reveal IP addresses and subsequently geographic regions, even when using Tor (Biryukov et al., 2014). Third party sources can be used that inadvertently associate Bitcoin transactions to IP addresses, as can self-disclosure, e.g. when users post their public-key as a forum signature (Reid and Harrigan, 2013). Digital currencies that aim to resolve some of these challenges have been proposed, i.e. Darkcoin (2014). This approach modifies the block-chain, renamed the Darksend, such that multiple transactions are combined, also known as laundering.
number of machines, a few gigabytes of storage and fewer than 50 connections to each Bitcoin server. This is estimated to cost less than 1500 euros per month. The approach maps clients to entry nodes that each client connects to, to identify them. A Bitcoin client connects to 8 entry nodes; these are used as a unique identifier. These 8 nodes are unique to that client for one session and therefore can even be used to uniquely identify users who are behind NAT or share the same public IP address. The approach also subverts Tor by blocking incoming Tor connections.
While only reviewing a subset of approaches in this section, the principles, such as traffic analysis, side channel attacks and exploitation of vulnerabilities in software are likely to underpin various approaches at de-anonymisation of anonymisation techniques.
Criteria
Attribution artifacts that are collected: This technique typically does not reveal the content being transmitted, but instead, implicates two parties as communicating. Tor anonymity attacks can reveal the same artifacts as stream matching approaches (page 48). It can also identify actual source origins e.g. IP addresses. Attack actors rely on anonymisation techniques to mask their activity, so may not use stepping stones when launching an attack. Some digital currencies such as Bitcoin have open transaction histories, e.g. the block-chain. Identifying a public key implicated in an attack may also reveal additional transactions by analysing the block-chain, that could lead to further attribution artifacts.
Technique reliability: Approaches identified in this section mostly rely on a priori positioning; that the victim or attributor is already positioned to be able to perform traffic analysis to de- anonymise streams. This is likely to be part of a combined approach. For example, non-technical techniques such as “follow the money” (page 76) may be used and in doing so may lead to Bitcoin transactions over Tor. To follow the trail further, techniques to de-anonymise Tor activity and Bitcoin transactions may be useful.
Technique limitations: De-anonymising techniques are only useful when anonymising tech- niques are used in an attack, i.e. they are a set of approaches for specific situations. Approaches against Tor cannot be used after an attack. They require a priori positioning, i.e. Tor nodes in place before an attack. Also new approaches may only succeed for a short amount of time, such as those that rely on exploiting software vulnerabilities, e.g. CVE 2013-1690 (2014). Of course, this relies on the adversary using the latest version of the software, which might not be the case. Similarly, traffic matching approaches may be deemed a vulnerability by anonymising tool developers and patched over time. Although, intelligent adversaries are likely to be aware of public known vulnerabilities in anonymisation techniques and will take extra precautions when using them.
Legal and ethical issues: De-anonymising techniques can reveal adversaries who are executing cyber attacks and illegal activity. However, these techniques are equally effective when used against legitimate and innocent users, e.g. civilians or journalists in repressed nation states.
De-anonymising techniques, when used in certain approaches, can be considered as cyber attacks. For example, deploying DoS or DDoS attack against Tor relay nodes so that traffic is instead routed through attributor-controlled relay nodes. Therefore, legal and ethical issues identified for hack back (page 59), must also be considered.
Deployment requirements: This technique does not require modifying core routing infras- tructure e.g. wide-scale changes and does not require external collaboration e.g. ISPs. This technique
requires that the attributor is in the right place at the right time, i.e. a priori positioning. Sybil at- tacks require at least partial control of the network, which may only be feasible for law enforcement, military, intelligence agencies and perhaps large organisations. Although research has demonstrated that these techniques can be achieved with less funding and less control of the network (Murdoch and Danezis, 2005).
Alternatively, side-channel approaches, such as identifying and exploiting vulnerabilities in soft- ware, e.g. Tor Browser (CVE 2013-1690, 2014), requires either a skilled team of researchers to identify, develop and deploy exploits or funding to purchase exploits from third parties. Attribu- tors considering this approach should use the Russian bounty of $110,000 for Tor de-anonymising techniques, as an indicator of expected initial costs (Technica, 2014).
Relevance outside of the laboratory: Techniques have been demonstrated in realistic labo- ratory conditions, e.g. ExperimenTor (Bauer et al., 2011) and the Bitcoin Test Network. There are increasing reports of these techniques being used outside of the laboratory to identify illegal activity and have, in some cases, resulted in arrests (Wired, 2013).