By Topic

Effective Attacks in the Tor Authentication Protocol

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Yang Zhang ; State Key Lab. of Networking & Switching Technol., Beijing Univ. of Posts & Telecommun., Beijing, China

As an anonymous Internet communication system Tor is popular and famous, being used by lots of users. The security of Tor is based on the authentication protocol. Although the Tor authentication protocol has been proved secure, this paper discovers its security vulnerability through its concurrency analysis, and shows it cannot be securely executed by multiple concurrent sessions. A new session-key exchange protocol for Tor is proposed to dispose of the security vulnerability, where a modular method is adopted to design a secure key exchange protocol in realistic world. Finally, the proposed protocol is proved secure in the UC (universally composable) model which defines conditions for a protocol to securely compose with other protocols in a concurrent environment.

Published in:

Network and System Security, 2009. NSS '09. Third International Conference on

Date of Conference:

19-21 Oct. 2009