An Anti circuit Control Attack Method Based on Fragmentation reassembly in Anonymous Network

2018 International Conference on Modeling, Simulation and Analysis (ICMSA 2018) ISBN: 978-1-60595-544-5

An Anti-circuit Control Attack Method Based on

Fragmentation-reassembly in Anonymous Network

Jie LING and Jing CHEN*

Faculty of Computer, Guangdong University of Technology, Guangzhou 510006, China

*Corresponding author

Keywords: Anonymous network, Circuit control, Fragmentation-reassembly, Combine segment.

Abstract. Aiming at the current problem that the anonymous network controlled through circuit reconfiguration, we propose a method of anti-circuit control attack in anonymous network based on fragmentation-reassembly in this paper. The data segment is divided by random fragmentation-reassembly method according to L interval, and two data fragments are combined into a new data segment, then the new data segment will be sent to the receiver. After the receiver receives all segments, it reassembles the data segments. Experiment and theoretical analysis show that the method proposed in this paper has more types of anti-circuit control attack than the redundancy method, and consumes less resources and provides data reorganization security.

Introduction

The most commonly used anonymous communication networks are the Mix anonymous communication network, Crowds [1] anonymous communication network, Tor [2] anonymous communication network and so on. The attack technology of anonymous communication system is divided into active attacks and passive attacks based on its attack mode. Active attacks mainly include denial of service attacks and replay attacks. Passive attacks mainly include time attacks and precursor attacks. Jansen R et al. [3] proposed a denial-of-service attack against Tor anonymous communication network, which uses Tor valid protocol message to invalidate any Tor anonymous communication network node. Fu X et al. [4] proposed a way to make AES-CTR mode out of order by replay attacks, so that the communication circuit of Tor is cut off, and the purpose of tracing is achieved by monitoring the response of both ends of communication. Targeted nodes are attacked by some common denial of service attacks methods, such as Tor anonymous directory server, Tarzan's PNAT and Crowds, paralyzing the entire anonymous communication process, so as to achieve denial of service purpose.

About anonymous communication attacks technology, the main ways to resist the time attacks are increasing the transmission-delay, confusion, traffic-filling, etc. This can disturb the accuracy of time related parameters which the attacker calculates, efficiently resists the time attacks, and improves the survivability of the system. The main idea for resisting the predecessor attacks is to make the predecessors of the nodes in the system not unique. Liu Z et al. [5] proposed an anonymous communication technology against circuit congestion attacks, introducing dynamic data filling mechanism, obscuring the delay changes caused by circuit congestion attacks, removing statistical features, destroying the relevance of the delay of anonymous communication circuits to the sending mode of attack data, to achieve the purpose of protecting communication circuits.Implementing this technique requires running a dynamic padding program on the sender's host and setting up a padding server to receive padding data, which both enhance the cost of time and resources.

Organization Common Methods Resist Circuit Control Attacks

Nodes and circuits are the core of anonymous communication systems. How to ensure the security of both nodes and circuits is the primary task in anonymous communication technology. Destroying nodes and circuit security means destroying the security of anonymous communication.

Node control is related to node selection. Various node selection algorithms are mentioned in the references [6,7] that malicious attackers can improve the probability of malicious nodes being selected by modifying node selection strategies with increasing node bandwidth. Aiming at these node selection strategies, the user may periodically update the selected node. Xiao W et al. [8] proposed to use family attributes of nodes to resist circuit control attacks. However, not all the nodes have the attribute and it cannot ensure the circuit security when the anonymous network encounters collusion attacks. Zhuo Z et al. [9] proposed a method of circuit control attack based on node failure. To effectively control the circuit, the fake TCP reset information is sent to simulate the node failure, so that the client will not stop choosing nodes until it selects the controlled ones. This method requires multiple reconfiguration of circuits. It is only applicable to short circuits.

Aiming at the circuit control attack base on node failure. Wang S et al. [10] proposed a fragmentation-redundancy mechanism, which firstly divides the message into k slices, then encodes the k slices of messages to form n slices of redundant messages (n>k), later n pieces of message are forwarded to the receiver through multiple paths. The receiver can use these pieces of message reconstruct the information by decoding if it received any k'(k'>=k) messages, even though some of paths of circuit not working. Adopting this method effectively reduces the probability of path reconstruction and enhances the stability and anti-attack ability of anonymous system. However, this method only suits for circuit control attack based on node failure. And it does not mention how to provide data security when the circuit is controlled by man-in-the-middle attacks, and how the receiver processes incomplete data segments.

Aiming at the problems existing in the method of anti-circuit control attack in anonymous communication network introduced above, this paper proposes a random fragmentation-reassembly method, which is resistant to multiple circuit control attack, consumes less resources and provides security for data reorganization.

The Method Proposed in This Paper

Aiming at the existing problems of anti-circuit control attack methods, this paper proposes a method based on L-interval random fragmentation-reassembly. When the link is intercepted or maliciously controlled by a middleman, the attacker knows only part of the information and cannot restore original data. Our method has more types of anti-circuit control than the redundancy method, and consumes fewer resources and provides data reorganization security.

Fragmentation-reassembly Method

Firstly, the sender divides the original data segment into many fragments of L intervals, and each fragment has a position identifier. Then two fragments are combined into a new segment, and the positions of the two fragments are discontinuous, besides the position difference is at least L. Before transferring each segment, the sender initiates a circuit request to the directory server and sends the segments to the receiver through different paths according to the circuit information returned by the directory server. The number of nodes in each path may be different. After receiving the data segments, the receiver reorganized according to the position identifier and check if there is missing segment. If the entire data is not received within a certain time, the receiver will ask the sender to resend the missing segment.

Process:

(1) Divide the message into m fragments, and each fragment is identified as ai (1≤i≤m). As shown

a1 a2 ... ai ... an

data

Figure 1. Fragments.

(2) Set a length value L, 1<L<m;

(3) Select a piece ak randomly from the m fragments, and put the akas the first part of the first group of fragment combination. The selected data fragment is marked as selected;

(4) Randomly select another fragment aj from the remaining fragments as the second part of the first group of fragment combination, and L≤|i-j|<m. Restructure these two fragments into a new segment (B1). B1contains the two selected fragments and the position identifier of them. As shown in Figure 2, the new segment (Bi) includes two data fragments (akand aj) and the position identifier of the two fragments in the original data segment;

ak aj (k,j)

Bi

Figure 2. New data segment Bi.

(5) Repeat step (3) and step (4) until all the selected fragments are combined into a new segment; (6) The sender initiates the circuit request to the directory server, and the sender forwards each segment according to the circuit information returned by the server until all segments are forwarded to the receiver;

(7) After the recipient receives all segments, it will restore the data according to the fragment identifier. As shown in Figure 3, the receiver will receive the data and reassemble them into the original data;

B1 B2 ... Bn

data

Figure 3. Reassemble the segments.

(8) If the receiver fails to receive complete data within a certain time, the receiver will inform the sender to resend the missing fragment until the receiver receives all segments.

The Anti-circuit Control Attack Model

Figure 4 shows the model proposed in this paper. According to the random fragmentation method, the sender splits the original data into multiple fragments. Then two fragments are combined into a segment. Sender initiates the circuit request to the directory server. The sender sends the segments to the receiver through different links according to the returned information. Receiver reassembles the segments according to the position identifier. The method proposed in this paper has more types of anti-circuit control than redundancy method, consumes fewer resources and provides data reorganization security.

data

B1 B1

B2 B3

Bi Bi

Bn Bn

Bn-1 Bn-1

data

circuit control attack

sender receiver

directory server

reassemble node

fragment

As shown in Figure 4, the sender slices the original message into multiple fragments (B1, B2, … ,

Bn) according to the fragmentation-reassembly method of L intervals. These fragments are forwarded to receiver through the intermediate nodes. Then the receiver reconstruct the segments to restore the original data. The process is shown in Figure 5.

Subdivide data as data fragments

Two data fragments are combined into a

segment

Sender initiates circuit request

Sender sends segments to the

receiver

Receiver reassembles the

segments

Sender resends the missing

segments Yes

Start

End

Receiver checks segments

No

Figure 5. Process.

Experiment and Result Analysis

With the development of anonymous communication technology, various methods of attack emerge in endlessly. Nodes and circuits are the basic components of anonymous communication system. By controlling nodes or circuits, the attacker can reduce the communication anonymity of both communication parties and steal the mutual information of both communication parties. Contrast between fragmentation-reassembly method and redundancy method by experiments and analysis are shown as follows.

The Tools of the Experiment

The tool used in this experiment is Shadow [11], which is a simulator of discrete events and allows users to customize the network and behavior. Shadow contains many analysis tools that analyze the results of the experiment and generate charts graphically.

The Purpose of the Experiment

To compare the circuit request for restoring data between fragment redundancy and fragment reassembly method in the event of a circuit control attack.

Results Analysis

Figure 6. Request ratio.

Analysis of the experimental results is described as follows:

For the same piece of data, it is subdivided into m fragments. Figure 6 shows that when circuit node failure attack occurs, the number of circuit requests initiated by the fragmentation-reassembly method is less than that by the fragment-redundancy mechanism. The proportion approaches to 1/4.

For the same data segment, it is subdivided into m portions under both fragmentation-reassembly method and fragment-redundancy mechanism. Table 1 shows that when the circuit fails, the least number h of circuit requests need initiated in order to ensure the success of data recovery.

Table 1. Number of circuit requests.

Condition Fragment-redundancy Fragmentation-reassembly A specific circuit is failed m+1 (1/2m)+1

Any circuit is failed 2m (1/2m)+1 k circuits are failed m+ k≤ h≤ k*m (1/2m)+k

(1) Resource consumption analysis. In the redundancy mechanism, if you want to achieve that any circuit fails without affecting the communication, so that the receiver can receive the all data segments, then you need at least m pieces of redundant segments and the number of circuit requests that needs to be initiated is at least 2m under fragment-redundancy mechanism. In the fragmentation- reassembly method mentioned in this paper, after the sender subdivides the data segment into multiple fragments and restructure them into a new segment at the interval of L, and the number of combined segments is 1/2m. When any one circuit fails, at least (1/2m) + 1 circuit requests are required. Theoretically, when the circuit fails, the circuit request ratio of the two methods is between ((1/2m) +k)/(m +k)) and ((1/2m)+k)/(k*m)), but under the influence of experimental conditions, the ratio approaches 1/4. The method we propose better solves the problem that the number of circuit is too many and applies less servers.

(2) Data security analysis. In this paper, we propose an L-interval random fragmentation-reassembly method, which firstly divides the data into multiple uncorrelated refined fragments, then combines two refined fragments into a new data segment, and sends the new data segment to the receiver through different paths. The receiver restores the data after receiving all the segments. During transmission, if one or more paths are controlled by malicious attackers, attackers can only get parts of the unrelated and discontinuous fragments, so the attackers cannot combine the fragments into original data segment.

Table 2. Comparison of two methods.

Condition Fragment-redundancy Fragmentation-reassembly A specific circuit is failed m+1 (1/2m)+1

Any circuit is failed 2m (1/2m)+1 k circuits are failed m+ k≤ h≤ k*m (1/2m)+k

Conclusion

Based on the L-interval random fragmentation-reassembly method, the discontinuity and randomness of fragments are adopted to ensure that the data fragments are not related. When the circuit is attacked, the fragment is stolen, and the data segment cannot be restored, it cannot ensure the security of the data. By the method that the sender reduces the number of circuit request initiated to the directory server, it does not take up high server resources. The method proposed in this paper has more types of anti-circuit control than the fragmentation-redundancy method, and consumes fewer resources and provides data reorganization security.

Acknowledgement

This work is supported by the science and technology project of Guangdong Province (No.2015B090906015, 2016B010107002, 2016B090918058), and the project of Guangzhou Science and Technology (No.201604016003,201604016067).

References

[1] He G, Chen L, Zhang T, et al. Improved Anonymous Communication Protocol Based on Crowds, A. Journal of System Simulation, 2015, 27(12): 3050-3056.

[2] Zhou Y, Yang Q, Yang B, et al. A Tor Anonymous Communication System with Security Enhancements. Journal of Computer Research and Development, J. 2014, 51(7): 1538-1546.

[3] Jansen R, Johnson A. The sniper attack:anonymously deanon-ymizing and disabling the Tor

network [EB/OL]. [2015-04-10].

http://www.dtic.mil/get-tr-doc/pdf?Location=U2&doc=GetTR-Doc.pdf&AD=ADA599695.

[4] Fu X, Ling Z, Luo J.et al. One cell is enough to break Tor’s anonymity [EB/OL]. [2015-04-10]. http://blackhat.com/presentation/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf. [5] Liu Z, Qi J Q, Jiang H. Anonymous Communication Technology Against Circuit Clogging Attack, J. Journal of Information Engineering University, 2017, 18(03):333-337,342.

[6] Chao W. Research on Node Selection Attack Technology for TOR. National University of Defense Technology, 2009.

[7] Ming Y. Randomized bandwidth-weighted node selection algorithm for anonymous Communication, J. Journal of Southeast University, 2010.

[8] Xiao W, Fang B X, Liu P P, et al. Measuring and analyzing node families in the Tor anonymous Communication network, J. Journal on Communications, 2015.

[9] Zhuo Z, Zhang X, Ruixing L I, et al. Anonymous circuit control method for the onion router based on node failure, J. 2015.

[10] Wang S, Jiang J, Xiao F. New Design of Rerouting-based Anonymous Communication System, J. Computer Science, 2016, 43(10):154-159.