Available Online at www.ijpret.com 1676
INTERNATIONAL JOURNAL OF PURE AND
APPLIED RESEARCH IN ENGINEERING AND
TECHNOLOGY
A PATH FOR HORIZING YOUR INNOVATIVE WORK
PROVIDING SECURE AUTHENTICATION TO ANONYMOUS NETWORK & FINDING
DIFFERENT ATTACKS
MISS. PALLAVI MOHAN BHUJBAL, PROF. S. V. GUMASTE
Computer Engineering Department, Sharadchandra Pawar College of Engineering, Savitribaiphule Pune University, Pune, India
Accepted Date: 05/03/2015; Published Date: 01/05/2015
Abstract: In today’s world mainly people are concentrating on security and privacy of data. If there is some change in Security behavior, it is not as per user intention. In the network some people make unintentional expose of personal information or relationships and other things in front of people. Technology gives us solution for these types of exposures that is encryption and decryption for data i.e. change view and appearance of data for other or unknown persons. In networking there are mainly two types of attacks Passive and Active attack. Passive i.e. only monitoring the system network and data which is send. But the active attack focuses about the only change in data send by client. Attackers interested in changing of data and to get detail about the communication happen in the sender and receiver. In TOR (The Onion Router), attack happen at the exit onion router. While searching basically this attack is based on active attacks. But main problem in this type is degrading attacks and hidden services. In this attack, attacker select particular IP packet at exit onion router and changes that packet. So my aim is to detect attacker and degrade anonymous services grows proportionally to the number of mixes through which it is routed. It also struck the performance. The method is too expensive.
Keywords: Mix network, Onion routing network, Hidden services, Directory Server
Corresponding Author: MISS. PALLAVI MOHAN BHUJBAL
Access Online On:
www.ijpret.com
How to Cite This Article:
Pallavi Mohan Bhujbal, IJPRET, 2015; Volume 3 (9): 1676-1689
Available Online at www.ijpret.com 1677
INTRODUCTION
The Tor network was designed to provide freedom of speech by guaranteeing anonymous communications. Whereas the cryptographic foundations of Tor, based on onion-routing, are known to be robust, identity leaks at the application level can be exploited by adversaries to reveal Tor users identity. Indeed, Tor does not cipher data a streams end-to-end, but from the source to a Tor exit node. Then, streams from the Tor exit node to the destinations are in plain text (if the application layer does not encrypt the data). Therefore, it is possible to analyze the data stream seeking for identity leaks at the application level. Tor does not considers protocol normalization, that is, the removal of any identity leak at the application level, as one of its design goals. Whereas this assumption is fair, Tor focuses on anonymizing the network layer, it makes the task of users that want to anonymize their communications much harder. As an illustration, the Web communications on Tor are the subject of many documented attacks. For instance, attacks can leverage from misbehaving browsers to third party plugging or web components (JavaScript, Flash, CCS, cookies, etc.) present in the victims browser to reveal browsers history, location information, and other sensitive data. In order to prevent or at least reduce these attacks, the Tor project recommends the use of web proxy solutions like Provoke. The Tor project is even maintaining a Firefox plug-in (Tor-button) that, by disabling potentially vulnerable browser components, aims to countermeasure most of the well-known techniques an adversary can exploit to compromise identity information of Tor users. Thus a big efforts has been invested and is heading on improvement and protection of the HTTP protocol on top of Tor, but surprisingly, such an effort is limited to this protocol. Communicating parties usually identify themselves to one another, there is no reason that the use of a public network like the Internet thought to reveal to others who is talking to whom and what they are talking about.
For this while searching, it can get that Tor network but also it is not safe because this network get attack that called new cell base attack. In that attacker embeds signal i.e. make changes in packet which is send. So prevent and detect this attacker is motive of this system.
I LITERATURE SURVEY
o Basic Concept
Available Online at www.ijpret.com 1678 anonymous communication with other. Onion Routing gives protection in anticipation of traffic analysis attacks or passive attack. Packets are kept hide from eavesdropper also initiator and responder is hide. Encryption technique is handling by using any of algorithms for sending packet. Onion routers are present they are machines available in network. There are some entry points consist, that accepts connection request from client also called entry router and some are exit routers. Such services”. Can be WWW, electronic mail, node-to-node applications, etc. When a client application wishes to establish an anonymous connection to a server (such all proxy are firstly connected who wishes to communicate. Data is transferred to next node or router. The OR proxy design data structure an onion. Packet is passed to an entry node. When an entry node receives packet, it decrypts it, which reveals a layer containing information about the next hop in the route constructed. This packet is forwarded on to this next node. Onion packet is reaches an exit node. Decryption is held by the application proxy at the beginning of the connection establishment. Packet is forwarded to receiver. Onion Routing relies on using Public Key encryption and decryption provide it to encrypt layers of packet such that only intended recipients of each layer can decrypt it with private key. All nodes through path only know about the previous hop (that it received the onion from) and the next hop (that it was instructed to forward the packets).Whole packet is decrypted at each router present in the path. Means other analyzer sees the onion for a specific message enters a node does not know which of the onions leaving that node corresponds to that same data. If an attacker compromises a host in the network of OR, an attacker see from which node this packet is came and to which is destination. The absolute source and destination of the onion are hidden.
o Mix Networks And TOR Network
Mixes get their security from the mixing done by their component mixes, and may or may not use route that cannot be predicted to enhance security [8]. It is very difficult to detect and observe path for any packet or route from which path data is send, which for designs deployed to date has meant choosing unpredictable routes. OR (i.e. onion routers) typically no use of mixing. This gets at the fundamental nature of two even if it is a bit too quick to each side. A Mix network also intends to resist an adversary that can observe all traffic everywhere. Onion routing assumes that an adversary who observes both ends of a communication path will completely break the anonymity of its traffic. To resist local attacker OR networks are designed, one that can only see network and the traffic on it.
Available Online at www.ijpret.com 1679 Firstly discuss about components present in network and role and which process the cell and provide communication.
Alice is the client called onion proxy (OP) to anonymize the client data into TOR.
Bob is TCP applications such as a Web service.
Onion routers are special proxies that relay the application data between Alice and Bob. In TOR, transport-layer security (TLS) connections are used for the overlay link encryption between two onion routers. Data is encapsulates into same-sized cells (512 B) carried through TLS connections.
Directory servers hold onion router information such as public keys. Directory server authorizes hold information on onion routers and directory caches. download directory information of onion.
Traffic analysis attack i.e. passive attack studied to degrade anonymity service provided in the communication. There is happened existing traffic analysis attack can be categorized into two groups: passive traffic analysis and active watermarking techniques. On the basis of sender’s outbound traffic and receiver’s inbound traffic based on statistical measures will passive traffic analysis. Based on the active watermarking technique, for example, proposed a flow-marking scheme direct sequence spread spectrum technique [3]. Attacker includes secret signal into target traffic by interfering rate of suspect sender’s traffic and changing rate. By get determining relay or control cell by attacker in TOR. Suspect flushes all cells in queue and manipulates the control cell. In this way, the attacker can embed a series of 1/0 bits into the variation of the cells during a small amount of time period in the network target traffic.
o Idea Of Cell Base Attack
Available Online at www.ijpret.com 1680 piece of the three cells for carrying bit "1" maybe split into two portions. The first portion having the first cell and the second portion having the second and third cell together.
Due to the network congestion and delay, attention must be paid to take these into account to recognize a signal bit the cells may be combined or separated at the middle OR, or the network link between the OR i.e. onion routers. The write event is added to the queue, and the cell waits to be written to the network by the write event. Since the interval is small, the three cells for the second bit 1 and the cell for the third bit 0 also arrive at the middle onion router and stay in the queue. When the write event is called, the first cell for carrying the first bit 0 will be written on network, while next three cells for carrying the second bit of the signal and one cell for carrying the third bit of the signal will be written to the output buffer together. After this original signal will get distort. Therefore, the attacker needs to choose the proper delay interval for transmitting cells[4], [7].
Fig: 1 Cell-counting-based attack
II SYSTEM IMPLEMENTATION
Here in this proposed model of detection of attack against the Tor network actually divides the whole implementation idea into three parts like:
Tor Router
Directory Server
End User
Available Online at www.ijpret.com 1681 anonymity need to maintain can be easily embed system for its enhancement. The basic idea of handling cell counting based attack against Tor network is to design a system which uses strong network cipher cryptographic techniques. Like reverse circle cipher encryption with blended model to identify the hacker in the data using counting characters in the data block cells.
Figure 2: Architecture of Tor System
A. Directory Server Updation
Here in this module Directory Server is created which is a part of the Tor Router, Its job is to store the routing information along with the transferred data. Here Directory server receives the data along with the nick name of the user, senders IP address, Receivers IP Address, File name, Date and Time etc., And finally it updates all this in its database.
B . Reverse Circle Cipher
In this process, divide string in the fixed block length, then rotate block according to rotation factor. Then each character of the block is replaced by the special character. Finally each block is concatenate to form a final string.
C. Routing Data
Here in this module Tor Router actually fetches the routing information about the data from Directory server. Then by using TCP/IP protocols which are blended with socket programming in java Tor forwards the data to the desired receiver.
D. Attack Identification
Available Online at www.ijpret.com 1682 originality based on the reverse circle cipher approach. And then attacked data files are discarded to download at the receivers end.
III.ALGORITHM
A.Reverse Circle Cipher Encryption
Step 0: Start
Step 1: Get Input String S
Step 2 : Initialize a String ENC as empty
Step 3: Divide the string S in N blocks of size 10 characters Step 4: for i =1 to N
Step 5: Let String BS =10 character of each block
Step 6: rotate block with I characters in clock wise
Step 7: for j=1 to 10
Step 8: substitute each character
Step 9: Replace character
Step 10: End of inner for
Step 11: ENC=ENC+BS
Step 12:End of Outer for
Step 13: Stop
B.Reverse Circle Cipher Decryption
Step 0: Start
Step 1: Get Input String S
Step 2: Initialize a String DCR as empty
Step 3: Divide the string S in N blocks of size 10 characters Step 4: for i =1 to N
Available Online at www.ijpret.com 1683 Step 6: rotate block with I characters in anti clock wise
Step 7: for j=1 to 10
Step 8: substitute each character
Step 9: Replace character
Step 10: End of inner for
Step 11: DCR=DCR+BS
Step 12: End of Outer for
Step 13: Stop
IV.MATHMATICAL MODEL
A. Set Theory
1. Let S= be as system for Intrusion detection for tor network
2. Identify Input as F= f1 , f2 ,.. fn Where fn=Files S= F
3. Identify I as Output i.e. Intrusion Detection S= F,I
4. Identify Process P S= F, I, P P= Du , ,Rcc , Rt, Td
Where Du=Directory Server Updation Rcc =Reverse Circle Cipher Rt= Routing Data Td= Tampered Detection
5. S = F, I, Du ,Rcc , Rt , Td
B. Set Details
1.Directory Server Updation
Du0= Nick Name
Du1=Broadcast IP
Du2=Receiving by Tor
Available Online at www.ijpret.com 1684 2.Reverse Circle Cipher Set Rcc:
Rcc0 = Read the data in string
Rcc1 = Divide string into blocks
Rcc2 =Consider block index
Rcc3 =Calculate key factor in integer
Rcc4 =get rotation factor
Rcc5 =Rotate block according to rotation factor
Rcc6 =Replace with special character
Rcc7 =Concatenate block String
3.Routing Data
Set Rt:
Rt0 =Time Interval
Rt1 =get Directory server information
Rt2 = Identify Receiver
Rt3 =Identify File
Rt4 = Send Data
4.Tampered Detection
Set Td:
Td0 =Data cell vector
Td1 =vector index
Td2 =Index Data
Td3 =Cell value Authentication
Available Online at www.ijpret.com 1685 C. Set Operation
(A) Set Du = Du0 , Du1, Du2, Du3 Set Rcc = Rcc0 , Rcc1, Rcc2, Rcc3, Rcc4 , Rcc5 , Rcc6 , Rcc7 Set (Du U Rcc)= Du0 Du1,Du2,Du3,Rcc0,Rcc1, Rcc2, Rcc3, Rcc4,Rcc5, Rcc6, Rcc7
(B) Set Rt = Rt0 , Rt1, Rt2, Rt3, Rt4 Set (Du U Rcc U Rt) = Du0 , Du1, Du2, Du3 , Rcc0 , Rcc1, Rcc2, Rcc3, Rcc4 , Rcc5 Rcc6 , Rcc7 , Rt0 , Rt1, Rt2, Rt3, Rt4
(C) Set Td = Td0 , Td1, Td2, Td3, Td4 Set (Du U Rcc U Rt U Td) = Du0 , Du1, Du2, Du3 , Rcc0 , Rcc1, Rcc2, Rcc3, Rcc4, Rcc5,Rcc6 ,Rcc7, Rt0,Rt1, Rt2, Rt3, Rt4,Td0,Td1,Td2,Td3, Td4
V.RESULT
To evaluate the electiveness of the proposed approach, it should be examined how many relevant files are been identified and hacked by the attackers at the Tor routers end. The identification effectiveness can be defined in terms of precision and recall rates. So precision can be defined as the ratio of the number of relevant files attack is identified to the total number of irrelevant and relevant files are been identified. It is usually expressed as a percentage. This gives the information about the relative effectiveness of the system. Whereas Recall is the ratio of the number of relevant files are been identified to the total number of relevant files in the directory server. It is usually expressed as a percentage. This gives the information about the absolute accuracy of the system. The advantage of having the two for measures like precision and recall is that one is more important than the other in many circumstances.
For more clarity let us assign
A = The number of relevant files are been identified,
B = The number of relevant files are been not identified, and
Available Online at www.ijpret.com 1686
Figure 3: Retrieval average precision of the proposed approach
In Fig. 3, it is observed that the tendency of average precision for the relevant files are been identified is 95.5 percent which is actually a better precision result in Tor attack detection system
Figure. 4. Retrieval average Recall of the proposed approach In Fig. 4, we observe that the tendency of average Recall for the relevant files are been identified is about 95.2% which is actually a better recall result.
Available Online at www.ijpret.com 1687
VI. CONCLUSION
In this project attack introduced on Tor which is difficult to detect and is able to quickly and accurately conform the anonymous communication relationship among users on Tor. An attacker at the malicious exit onion router slightly manipulates the transmission of cells from a target stream and embeds a data stream and send to receiver. At receiver end the attack is going to detect the attacker and goal achieved.
ACKNOWLEDGEMENT
I would like to express my sincere thanks to my Guide Prof. S. V. Gumaste, Assistant Professor of Sharadchandra Pawar College of Engg., Pune for his consistence support and valuable suggestions.
REFERENCES
1. "Protecting Computer Network with Encryption Technique:" A Study Dr. Ka-maljit I. Lakhtaria MCA Department, Atmiya Institute of Technology and Science, Yogidham, Rajkot, Gujarat, INDIA, Vol. 4, No. 2, June, 2011.
2. L. verlier and P. Syverson, "Locating hidden servers", in Proc. IEEE Sand P, May2006, pp. 100114.
3. W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao, "DSSS-based flow marking technique for invisible trace back," in Proc. IEEE S and P, May 2007, pp. 1832.
4. "A New Cell-Counting-Based Attack Against Tor," Volume:PP, Issue:99, IEEE2012.
5. A. Serjantov and P. Sewell, "Passive attack analysis for connection based anonymity systems," in Proc. ESORICS,Oct. 2003, pp. 116131.
6. B. N. Levine,M. K. Reiter, C.Wang, and M.Wright, "Timing attacks in low-latency MIX systems," in Proc. FC, Feb. 2004, pp. 251565.
7. X. Fu, Z. Ling, J. Luo, W. Yu,W. Jia, and W. Zhao, "One cell is enough to break Tors anonymity," in Proc. Black Hat DC, Feb. 2009.
Available Online at www.ijpret.com 1688 9. Roger Dingledine; Nick Mathewson, Paul Syverson. "Tor: The Second-Generation Onion Router". Retrieved 26 February 2011.
10.R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The secondgenerationonion router,” in Proc. 13th USENIX Security Symp., Aug.2004, p. 21.
11.T. G. Abbott, K. J. Lai, M. R. Lieberman, and E. C. Price. Browser-based attacks on tor. In PET07: proceeding of the 7th international conference on Privacy enhancing technologies, pages 184-199, Berlin, Hei- delberg, 2007. Springer-Verlag
12.G. OGorman and S. Blott. Large scale simulation of tor: modelling a global passive adversary. In ASIAN07: Proceedings of the 12th Asian comput- ing science conference on Advances in computer sci- ence, pages 48-54, Berlin, Heidelberg, 2007. Springer- Verlag.
13.Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In 13th USENIX Security Symposium (2004).
14.Reiter, M., and Rubin, A. Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1, 1 (June 1998).
15.Murdoch, S. J., and Danezis, G. Low-cost traffic analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy (May 2005), IEEE CS.
16.verlier, L., and Syverson, P. Locating hidden servers. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (May 2006), IEEE CS.
17.Murdoch, S. J., and Zielinski, P. Sampled traffic analysis by internet-exchangelevel adversaries. In Proceedings of Privacy Enhancing Technologies Workshop (PET 2007) (June 2007).
18.K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker. Low-resource routing attacks against tor. In WPES 07: Proceedings of the 2007 ACM workshop on Privacy in electronic society, pages 11-20, New York, NY, USA, 2007.
19.Gurudas v. r,prevention against new cell counting attack against TOR,in Proc international journual in engineering and technology.
Available Online at www.ijpret.com 1689 21.R. Dingledine, N. Mathewson, and P. Syverson, Tor: The secondgeneration onion router, in Proc. 13th USENIX Security Symp., Aug. 2004, p. 21-34
22.L. verlier and P. Syverson, Locating hidden servers, in Proc. IEEE SP, May 2006, pp. 100-114.
23.X. Fu,Y. Zhu, B.Graham, R. Bettati, andW. Zhao, On flow marking attacks in wireless anonymous communication networks, in Proc. IEEE ICDCS, Apr. 2005, pp. 493-503
24.A. Serjantov and P. Sewell, Passive attack analysis for connection- based anonymity systems, in Proc. ESORICS,Oct. 2003, pp. 116-131.
25.B. N. Levine,M. K. Reiter, C.Wang, and M. Wright, Timing attacks in lowlatency MIX systems, in Proc. FC, Feb. 2004, pp. 251-265.
26.Q. X. Sun, D. R. Simon, Y. Wang, W. Russell, V. N. Padmanabhan, and L. L. Qiu, Statistical identication of encrypted Web browsing trac, in Proc. IEEE S and P, May 2002, pp. 19-30.
