Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

A-Tor: Accountable Anonymity in Tor

Download
189 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_46,
        author={Quanwei Cai and Jonathan Lutes and Jingqiang Lin and Bo Luo},
        title={A-Tor: Accountable Anonymity in Tor},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Tor Accountability Revocable anonymity},
        doi={10.1007/978-3-319-78813-5_46}
    }
    
  • Quanwei Cai
    Jonathan Lutes
    Jingqiang Lin
    Bo Luo
    Year: 2018
    A-Tor: Accountable Anonymity in Tor
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_46
Quanwei Cai, Jonathan Lutes1, Jingqiang Lin, Bo Luo1
  • 1: The University of Kansas

Abstract

Tor is the most popular anonymous communication system. In Tor, each user chooses onion routers (ORs) to construct a circuit to relay the traffic. The final OR of the circuit, called exit node, forwards regular traffic for the Tor user to the destination. As a result, the exit nodes are often accused of the anonymous users’ illegal activities. In this paper, we propose an extension for Tor, called A-Tor, to provide accountable anonymity. A-Tor protects the exit nodes with verifiable evidences that the illegal or malicious packets are originated from the certain users but not the exit nodes. An A-Tor user firstly constructs a Tor circuit to apply for an anonymous certificate. Then, a second Tor circuit is constructed to access the destination server as in Tor, and the anonymous certificate is presented as a credential to the exit node; otherwise, the exit node refuses to forward his/her packets. A-Tor provides anonymity with the same level of assurance as Tor, and cooperative ORs are able to trace the anonymous A-Tor user (when illegal or malicious packets are detected in the future). Moreover, non-repudiation is achieved in the revocation of anonymity; that is, during the application of anonymous certificates and the subsequent anonymous communications through Tor circuits, a chain of evidences are generated by the A-Tor user and the ORs, and these evidences cannot be forged by collusive ORs. The performance overhead introduced by the A-Tor extension is also evaluated.