Privacy Preserving Detection of Path Bias Attacks in Tor

Abstract

Anonymous communication networks like Tor are vulnerable to attackers that control entry and exit nodes. Such attackers can compromise the essential anonymity and privacy properties of the network. In this paper, we consider the path bias attack– where the attacker induces a client to use compromised nodes and thus links the client to their destination. We describe an efficient scheme that detects such attacks in Tor by collecting routing telemetry data from nodes in the network. The data collection is differentially private and thus does not reveal behaviour of individual users even to nodes within the network. We show provable bounds for the sample complexity of the scheme and describe methods to make it resilient to introduction of false data by the attacker to subvert the detection process. Simulations based on real configurations of the Tor network show that the method works accurately in practice.