BridgeSPA: A Single Packet Authorization System for Tor Bridges

dc.contributor.authorSmits, Rob
dc.date.accessioned2012-01-10T16:29:21Z
dc.date.available2012-01-10T16:29:21Z
dc.date.issued2012-01-10T16:29:21Z
dc.date.submitted2012
dc.description.abstractTor is a network designed for low-latency anonymous communications. Tor clients form circuits through relays that are listed in a public directory, and then relay their encrypted traffic through these circuits. This indirection makes it difficult for a local adversary to determine with whom a particular Tor user is communicating. Tor may also be used to circumvent regional Internet censorship, since the final hop of a user's connection can be in a different country. In response, some local adversaries restrict access to Tor by blocking each of the publicly listed relays. To deal with such an adversary, Tor uses bridges, which are unlisted relays that can be used as alternative entry points into the Tor network. Unfortunately, issues with Tor's bridge implementation make it easy to discover large numbers of bridges. This makes bridges easy to block. Also, an adversary that hoards this information may use it to determine when each bridge is online over time. If a bridge operator also browses with Tor on the same machine, this information may be sufficient to deanonymize him. We present BridgeSPA as a method to mitigate these issues. A client using BridgeSPA relies on innocuous single packet authorization (SPA) to present a time-limited key to a bridge. Before this authorization takes place, the bridge will not reveal whether it is online. We have implemented BridgeSPA as a working proof-of-concept for GNU/Linux systems. The implementation is available under a free licence. We have integrated our implementation to work in an OpenWRT environment. This enables BridgeSPA support for any client behind a deployed BridgeSPA OpenWRT router, no matter which operating system they are running.en
dc.identifier.urihttp://hdl.handle.net/10012/6446
dc.language.isoenen
dc.pendingfalseen
dc.publisherUniversity of Waterlooen
dc.subjectPrivacyen
dc.subjectToren
dc.subjectBlocking Resistanceen
dc.subjectPort Knockingen
dc.subject.programComputer Scienceen
dc.titleBridgeSPA: A Single Packet Authorization System for Tor Bridgesen
dc.typeMaster Thesisen
uws-etd.degreeMaster of Mathematicsen
uws-etd.degree.departmentSchool of Computer Scienceen
uws.peerReviewStatusUnrevieweden
uws.scholarLevelGraduateen
uws.typeOfResourceTexten

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Smits_Robin.pdf
Size:
3.17 MB
Format:
Adobe Portable Document Format

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
249 B
Format:
Item-specific license agreed upon to submission
Description: