摘要
Tor隐藏服务能保护服务提供方身份地址位置隐私。在分析Tor隐藏服务协议的基础上,提出了针对隐藏服务进行DoS攻击的策略。针对Tor隐藏服务发布、链路建立以及数据传输的不同阶段对隐藏服务目录、引入节点、隐藏服务守卫节点以及隐藏服务器等隐藏服务相关的网络节点实施基于带宽和内存的DoS攻击,达到降低隐藏服务可用性的目的。通过仿真实验进行了攻击验证,实验结果表明,对守卫节点的DoS攻击具有较好的攻击效果,采用带宽级别DoS攻击,自定义构建20个长路径能够消耗守卫节点大约1.2 MB/s的带宽资源,令普通用户获取隐藏服务的延迟时间中位数从9 s上升到30 s。采用内存级别的DoS攻击策略,敌手每构建一个内存级别的停止读攻击连接消耗大约60 KB/s的带宽资源就能以6 MB/s的速率消耗守卫节点内存。
Tor hidden service can protect the privacy of service provider′s identity address and location.On the basis of analyzing the Tor hidden service protocol,this paper proposes a DoS attack strategy for hidden services.DoS attacks based on bandwidth and memory are carried out on network nodes related to hidden services such as hidden service catalogs,introduction nodes,hidden service guard nodes,and hidden servers at different stages of Tor hidden service release,link establishment,and data transmission to reduce hidden services.The attack is verified by simulation experiments.The experimental results show that the DoS attack on the guard node has a good attack effect.Using the bandwidth-level DoS attack,the custom construction of 20 long paths can consume about 1.2 MB/s of bandwidth resources of the guard nodes,which increases the median delay time for ordinary users to obtain hidden services from 9 s to 30 s.Using the memory-level DoS attack strategy,the adversary consumes about 60 KB/s of bandwidth resources for each memory-level stop-read attack connection to consume the guard node memory at a rate of 6 MB/s.
作者
杨欢乐
刘志天
Yang Huanle;Liu Zhitian(School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China)
出处
《网络安全与数据治理》
2022年第7期63-69,共7页
CYBER SECURITY AND DATA GOVERNANCE
