IX-Level Adversaries on Entry- and Exit-Transmission Paths in Tor Network

Tor is a worldwide publicly deployed low-latency anonymity system. In order to prevent observers from telling where the data came from and where it's going, data packets on the Tor network take a pathway through several intermediate relays. However, nodes selection to build such a pathway is oblivious to Internet routing, so anonymity guarantees can break down in cases where an attacker can correlate traffic across the entry- and exit-segments of a Tor circuit. Although many works have been done to avoid this kind of collusion attack, recent researches [18] indicated that some Internet exchanges (IXes) locating at the entry- and exit-transmission paths in Tor network (that are the paths from the client to the chosen entry node and from the chosen exit node to the destination) are still possible to perform a correlation attack. However, few works have been done to suggest and verify modifications to Tor's path selection algorithm that would help clients avoid an IX-level observer. In this paper, we first, based on the entry-exit pairs chosen by Tor's path selection algorithm, demonstrated that the probability of a single IX observing both ends of an anonymous Tor connection is greater than previously thought. And then, we proposed and evaluated the effectiveness of a simple IX-awareness path selection algorithm that help to resist IX-level attackers.