Abstract
When choosing the three relays that compose a circuit, Tor selects the first hop among a restricted number of relays called entry guards, pre-selected by the user himself. The reduced number of entry guards, that until recently was fixed to three, helps in mitigating the effects of several traffic analysis attacks. However, recent literature indicates that the number should be further reduced, and the time during which the user keeps the relays as guards increased. Therefore, developers of Tor recently proposed selecting only one entry guard, which is to be used by the user for all circuits and for a prolonged period of time (nine months). While this design choice was made to increase the security of the protocol, it also opens an unprecedented opportunity for a market mechanism where relays get paid for traffic by the users.
In this paper, we propose to use the entry guard as the point-of-sale: users subscribe to their entry guard of choice, and deposit an amount that will be used for paying for the circuits. From the entry guard, income is then distributed to the other relays included in circuits through an inter-relay accounting system. While the user may pay the entry guard using BitCoins, or any other anonymous payment system, the relays exchange I Owe You (IOU) certificates during communication, and settle their balances only at synchronized, later points in time. This novel deferred payment approach overcomes the weaknesses of the previously proposed Tor payment mechanisms: we separate the user’s payment from the inter-relay payments, and we effectively unlink both from the chosen path, thus preserving the secrecy of the circuit.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Androulaki, E., Raykova, M., Srivatsan, S., Stavrou, A., Bellovin, S.M.: PAR: payment for anonymous routing. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 219–236. Springer, Heidelberg (2008)
Arnold, C., Jansen, R., Lin, Z., Parker, J.: On par for attack. Technical report, May 2009
Biryukov, A., Pustogarov, I., Weinmann, R.: Trawling for tor hidden services: Detection, measurement, deanonymization. In: 2013 IEEE Symposium on Security and Privacy, SP 2013. pp. 80–94. IEEE Computer Society (2013)
Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? In: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007. pp. 92–102. ACM (2007)
Carbunar, B., Chen, Y., Sion, R.: Tipping pennies? privately practical anonymous micropayments. IEEE Trans. Inf. Forensics Secur. 7(5), 1628–1637 (2012)
Chen, Y., Sion, R., Carbunar, B.: Xpay: practical anonymous payments for tor routing and other networked services. In: Al-Shaer, E., Paraboschi, S. (eds.) WPES, pp. 41–50. ACM, London (2009)
Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: a distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 46–66. Springer, Heidelberg (2001)
Dingledine, R., Kadianakis, N.H.A.G., Mathewson, N.: One fast guard for life (or 9 months). In: 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2014) (2014)
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: USENIX Security Symposium, pp. 303–320. USENIX (2004)
Elahi, T., Bauer, K.S., AlSabah, M., Dingledine, R., Goldberg, I.: Changing of the guards: a framework for understanding and improving entry guard selection in Tor. In: Yu, T., Borisov, N. (eds.) Proceedings of the 11th annual ACM Workshop on Privacy in the Electronic Society, WPES 2012, pp. 43–54. ACM (2012)
Franz, E., Jerichow, A.: A mix-mediated anonymity service and its payment. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 313–327. Springer, Heidelberg (1998)
Franz, E., Jerichow, A., Wicke, G.: A payment scheme for mixes providing anonymity. In: Lamersdorf, W., Merz, M. (eds.) TREC 1998. LNCS, vol. 1402, pp. 94–108. Springer, Heidelberg (1998)
Freedman, M.J., Sit, E., Cates, J., Morris, R.: Introducing tarzan, a peer-to-peer anonymizing network layer. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 121–129. Springer, Heidelberg (2002)
Humbert, M., Manshaei, H., Hubaux, J.P.: One-to-n scrip systems for cooperative privacy-enhancing technologies. In: 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 682–692 (2011)
Johnson, A., Jansen, R., Syverson, P.: Onions for sale: putting privacy on the market. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 399–400. Springer, Heidelberg (2013)
Johnson, A., Wacek, C., Jansen, R., Sherr, M., Syverson, P.F.: Users get routed: traffic correlation on tor by realistic adversaries. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 337–348. ACM, New York (2013)
Nielson, S.J., Wallach, D.S.: The bittorrent anonymity marketplace. CoRR abs/1108.2718
Palmieri, P., Pouwelse, J.: Key management for onion routing in a true peer to peer setting. In: Yoshida, M., Mouri, K. (eds.) IWSEC 2014. LNCS, vol. 8639, pp. 62–71. Springer, Heidelberg (2014)
Wendolsky, R.: A volume-based accounting system for fixed-route mix cascade systems. In: Second Privacy Enhancing Technologies Convention (PET-CON). pp. 26–33 (2008)
Westermann, B.: Security analysis of AN.ON’s payment scheme. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 255–270. Springer, Heidelberg (2009)
Wright, M.K., Adler, M., Levine, B.N., Shields, C.: The predecessor attack: an analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. 7(4), 489–522 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Palmieri, P., Pouwelse, J. (2015). Paying the Guard: An Entry-Guard-Based Payment System for Tor. In: Böhme, R., Okamoto, T. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47854-7_26
Download citation
DOI: https://doi.org/10.1007/978-3-662-47854-7_26
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-47853-0
Online ISBN: 978-3-662-47854-7
eBook Packages: Computer ScienceComputer Science (R0)