计算机应用 ›› 2015, Vol. 35 ›› Issue (10): 2843-2847.DOI: 10.11772/j.issn.1001-9081.2015.10.2843

• 网络与通信 • 上一篇    下一篇

基于节点失效的洋葱路由匿名链路控制方法

卓中流, 张小松, 李瑞杏, 陈厅, 张景中   

  1. 电子科技大学 计算机科学与工程学院, 成都 611731
  • 收稿日期:2015-05-12 修回日期:2015-07-12 出版日期:2015-10-10 发布日期:2015-10-14
  • 通讯作者: 卓中流(1990-),男,四川资阳人,博士研究生,主要研究方向:流量识别、匿名通信,zhuozhongliu@126.com
  • 作者简介:张小松(1968-),男,四川双流人,教授,博士,主要研究方向:软件脆弱性、信息安全;李瑞杏(1990-),女,河北石家庄人,硕士研究生,主要研究方向:流量识别、网络安全;陈厅(1987-),男,四川双流人,讲师,博士,主要研究方向:动态符号执行、软件测试;张景中(1936-),男,河南汝南人,教授,中国科学院院士,主要研究方向:几何定理机器证明。
  • 基金资助:
    国家自然科学基金资助项目(61402080);中国博士后科学基金资助项目(2014M562307)。

Anonymous circuit control method for the onion router based on node failure

ZHUO Zhongliu, ZHANG Xiaosong, LI Ruixing, CHEN Ting, ZHANG Jingzhong   

  1. School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 611731, China
  • Received:2015-05-12 Revised:2015-07-12 Online:2015-10-10 Published:2015-10-14

摘要: 针对洋葱路由(Tor)随机选路算法选取的通信路径不可控制,进而导致匿名技术滥用和溯源方法失效的问题,提出了一种基于节点失效的Tor匿名链路控制方法。通过发送伪造的TCP复位信息模拟节点失效,从而不断让Tor客户端重新选路,并最终选择到受控链路,来达到有效链路控制的目的。对Tor网络选路算法的理论分析和在拥有256个洋葱路由组成的私有Tor网络中的实际测试结果表明,与传统部署高带宽路由吸引用户选中受控节点的方法相比,该方法在Tor客户端默认开启入口守卫的情况下,将传统方法选择受控入口节点的概率由4.8%提高到约60%。实验结果表明,随着受控链路长度的增大,链路建立的成功率会降低,因此所提方法适用于控制较短链路的情形。

关键词: 洋葱路由, 选路算法, 节点失效, 受控节点, 匿名链路

Abstract: Focusing on the issue that the communication path selected by random routing algorithm of the onion router (Tor) can not be controlled, thus leading to problems such as the abuse of anonymous techniques and the failure of tracing methods, a Tor anonymous circuit control method based on node failure was proposed. To effectively control the circuit, the fake TCP reset information was sent to mimic the node failure, so that the Tor client would not stop choosing nodes until it selected the controlled ones. The results of theoretic analysis of Tor network path selection algorithm and the real test in a private Tor network composed of 256 onion routers demonstrate the effectiveness of the proposed approach. Compared with traditional methods which deploy high bandwidth routers to attract users to select the controlled nodes, the proposed method can improve the probability of choosing controlled entry node from 4.8% to about 60%, when entry guard was generally enabled by Tor client by default. The results also show, as the length of a controlled path increases, the success rate of building path decreases. Therefore the proposed method is suitable for controlling short paths.

Key words: The onion router (Tor), path selection algorithm, node failure, controlled node, anonymous circuit

中图分类号: