Evaluating Realistic Deployments of Trusted Execution Environments in the Tor Network
Abstract
Tor, the anonymity network, provides privacy to users browsing and communicating over the internet. However, Tor has been demonstrated to be vulnerable to various deanonymizing attacks on its users. In this thesis, we demonstrate how trusted execution environments (TEEs) can be leveraged realistically in the Tor network to mitigate several classes of attacks. As TEEs provide confidentiality and integrity through isolation and attestation, attacks which modify the Tor source code and/or exploit sensitive circuit information violate these security guarantees. We approach this by introducing a framework composed of two parts :\ (1) we first decompose the attacks to establish a mapping between attacks and the required TEE placements in a circuit to mitigate them, and (2) we model Tor as a graph and introduce an adapted relay selection algorithm to assess the security-performance tradeoff under various deployment scenarios (i.e., TEE availability and placement in a Tor circuit). We find that only one attack analyzed requires every relay in a circuit to be within a TEE to ensure protection. If, based on Random deployment of TEEs, 53% of relays in the network use TEEs, users only see a 32% decrease in performance compared to a non-TEE network, while mitigating all 5 attacks. Our findings show that TEEs provide an effective means to protect users’ privacy, with low overhead for even the strictest security requirements(mitigation for all attacks).
