This paper examines an existential threat to Tor— the increasing frequency at which websites apply discriminatory behavior to users who arrive via the anonymity network. Our main contribution is the introduction of Tor exit bridges. Exit bridges, constructed as short-lived virtual machines on cloud service providers, serve as alternative egress points for Tor and are designed to bypass server-side censorship. Due to the proliferation of managed cloud-based desktop services (e.g., Amazon Workspaces), there is already a surprisingly large fraction of web requests that originate in the cloud. Trivially disrupting exit bridges by blocking requests from the cloud would thus lead to significant collateral damage. Our experiments demonstrate that exit bridges effectively circumvent server-side blocking of Tor with low overhead. Ad- ditionally, we perform a cost-analysis of exit bridges and show that even a large-scale deployment can be done at low cost.
Bypassing Tor Exit Blocking with Exit Bridge Onion Services
Tor exit blocking, in which websites disallow clients arriving from Tor, is a growing and potentially existential threat to the anonymity network. This paper introduces HebTor, a new and robust architecture for exit bridges—short-lived proxies that serve as alternative egress points for Tor. A key insight of HebTor is that exit bridges can operate as Tor onion services, allowing any device that can create outbound TCP connections to serve as an exit bridge, regardless of the presence of NATs and/or firewalls. HebTor employs a micro-payment system that compensates exit bridge operators for their services, and a privacy-preserving reputation scheme that prevents freeloading. We show that HebTor effectively thwarts server-side blocking of Tor, and we describe the security, privacy, and legal implications of our design.
- Publication Date:
- NSF-PAR ID:
- Journal Name:
- 2020 ACM Conference on Computer and Communications Security
- Page Range or eLocation-ID:
- 3 to 16
- Sponsoring Org:
- National Science Foundation
More Like this
Testing and Evaluation of Radio Frequency Immunity of Unmanned Aerial Vehicles For Bridge InspectionRecent technological advances have led to an increase in the adoption of Unmanned Aerial Vehicles (UAVs) in a variety of use-case scenarios. In particular, Departments of Transportation in several states in the United States have been exploring the use of UAVs for bridge and infrastructure inspections to improve safety and reduce the costs of the inspection process. UAVs are remotely piloted from a cockpit or a ground station via radio channels. The UAV's state information and payload information are also transmitted to the cockpit/ground station via radio frequency (RF) signals. The RF channels that are commonly used by most UAVs are 72-73, 902-928 and 2400-2483.5 MHz bands, which is also shared by several other communication protocols such as, WiFi and ZigBee networks, and therefore, the interference effects with the other services on the UAV's operation performance cannot be overlooked, particularly to maintain the minimum distance from the close by surfaces while flying alongside and underneath the bridges to achieve the best results. The loss of signal or even signal strength during such close flights can cause damage to the UAV. Especially while inspecting the bridges located in the urban areas that involve a lot of RF communication around due tomore »
Abstract Nested symmetric encryption is a well-known technique for low-latency communication privacy. But just what problem does this technique aim to solve? In answer, we provide a provable-security treatment for onion authenticated-encryption (onion-AE). Extending the conventional notion for authenticated-encryption, we demand indistinguishability from random bits and time-of-exit authenticity verification. We show that the encryption technique presently used in Tor does not satisfy our definition of onion-AE security, but that a construction by Mathewson (2012), based on a strong, tweakable, wideblock PRP, does do the job. We go on to discuss three extensions of onion-AE, giving definitions to handle inbound flows, immediate detection of authenticity errors, and corrupt ORs.
Assessing the Significance of Dynamic Soil-Structure Interaction Using Large-Amplitude Mobile ShakersTo accurately describe the dynamic characteristics of bridges, it is important in some instances to take into consideration the flexibility and damping of the soil-foundation system. The ability to evaluate those properties in the field can serve as both a check for the design assumptions, and as assistance in the design of bridges with similar superstructure/substructure loading and soil conditions in the future. The goal of the presented study is to demonstrate the use of large-amplitude shaking as an effective tool in measuring actual response/behavior of bridges, and developing better understanding of the dynamic response of bridge systems. For that purpose, a large-amplitude shaking of a bridge in Hamilton Township, New Jersey, was carried out. The T-Rex, a mobile shaker from the Natural Hazards Engineering Research Infrastructure (NHERI) experimental facility at the University of Texas, Austin was employed to shake the bridge. A large number of sensors, geophones and accelerometers, were installed at various locations on the bridge deck, pier cap, and on the adjacent ground to capture the dynamic response of the bridge system. Furthermore, the results from field testing were used to calibrate a 3D finite element model of the bridge. The model was used to conduct amore »
Real-time fatigue health monitoring has the potential to serve as a valuable complement to structural health monitoring (SHM) for bridge inspections. SHM is an objective supplement to visual bridge inspections with a minimum interval between bridge inspections at 24 months. SHM can provide quantitative and objective data on a bridge’s fatigue condition for fracture-critical components, of which fatigue is a criterion. Current methods of continuous structural health monitoring for condition assessment are performed by collecting measured bridge response subjected to operational traffic from an array of sensors installed on fracture-critical members of a bridge. The measured responses are used to determine the remaining fatigue life of the bridge—the minimum time before repair. The large amount of data involved in this process complicates the design of a system that will automate the data collection process at a bridge, analyze that data, and display information about bridge health to researchers and engineers. Variations in bridge designs and condition assessment algorithms also necessitate that such a system be modular and adaptable to allow for expansion to additional structures. A new system has been developed that separates bridge SHM from the data storage and communication system. This architecture creates a reliable interface for sendingmore »