International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 2392

A Novel Cell Reckoning Intrusion against TOR
Ujjaneni Siva Lalitha
1
, Prof.S.V.Achutha Rao
2

Ujjaneni Siva Lalitha pursuing M.Tech(CSE), Vikas College of Engineering and Technology (VCET), Nunna, Vijayawada,
Affliated to JNTU,Kakinada,A.P.,India
2
S.V. Achuta Rao is working as a Professor & Head,Department of CSE at Vikas College of Engineering and Technology
(VCET), Nunna, Vijayawada, India.

Abstract:- TOR (The onion router) is a low latency anonymous
communication system for enabling online anonymity. TOR
directs Internet traffic through a free, worldwide volunteer
network consisting of more than three thousand relays

to conceal
a user's location or usage from anyone conducting network
surveillance or traffic analysis. Tor aims to conceal its users'
identities and their network activity from surveillance and traffic
analysis by separating identification and routing. It is an
implementation of onion routing, which encrypts and then
randomly bounces communications through a network of relays
run by volunteers around the globe.
Because the internet address of the sender and the
recipient are not both in clear text at any hop along the way,
anyone eavesdropping at any point along the communication
channel cannot directly identify both ends. Furthermore, to the
recipient it appears that the last Tor node (the exit node) is the
originator of the communication rather than the sender. Because
of this TOR communication system, if an intruder is going to
make any unauthenticated changes to system then it is not
possible to track him back. In this paper we proposed a solution
for this problem by using Cell-Reckoning-Intrusion Against
TOR. By the no of experiment on TOR we found that the size of
IP packets in the Tor network can be very dynamic because a cell
is an application concept and the IP layer may repack cells. In
this attack, the attacker can embed a secret signal into the
variation of cell counter of the target traffic. The embedded
signal will be carried along with the target traffic and arrive at
the malicious entry onion router. Then, an accomplice of the
attacker at the malicious entry onion router will detect the
embedded signal based on the received cells and confirm the
communication relationship among users. We have implemented
this intrusion against Tor, and our experimental data validate is
highly effective and efficient.
Keyword- Anonymous, reckoning, mix networks, intrusion,
signal, Tor
I-INTRODUCTION
Tor abbreviation is The Onion Router; it is free software for
enabling online anonymity. Tor directs Internet traffic through
a free, worldwide volunteer network consisting of more than
three thousand relays to conceal a user's location or usage
from anyone conducting traffic analysis. Using Tor makes it
more difficult to trace Internet activity, including "visits to
Web sites, online posts, instant messages and other
communication forms", back to the user and is intended to
protect users' personal privacy, freedom, and ability to
conduct confidential business by keeping their internet
activities from being monitored.
Onion routing refers to the layers of the encryption used. The
original data, including its destination, are encrypted and re-
encrypted multiple times, and sent through a virtual circuit
comprising successive, randomly selected Tor relays. Each
relay decrypts a "layer" of encryption to reveal only the next
relay in the circuit in order to pass the remaining encrypted
data on to it. The final relay decrypts the last layer of
encryption and sends the original data, without revealing or
even knowing its sender, to the destination. This method
reduces the chance of the original data being understood in
transit and, more notably, conceals the routing of it.

Fig 1: TOR Work Flow
As we can see that when a user A want to communicate the
User B, the communication can be done directly and if we
want to provide security to the application i.e. to hide the
details like IP Address of A we need to go for a new type of
an router which is Onion Router.
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 2393

Onion Router as shown above does two things i.e. encryption
and also the decryption of the details. As the communication
in distributed architecture happens only through the IP
address. So we can hide the IP from being shown to others
and it is possible only through the TOR.
Working of the TOR
TOR stands for The Onion Router and this router helps the
user to change his IP and then go for his search over the
internet. Just because of TOR the user can break the rules of
Cyber world i.e. if the user uses TOR IP address can be
spoofed i.e. modified and the IP which will be generated is the
one which never exists in reality. TOR internal structure look
s like Onion i.e. many roots inside it means that out of many
routes the route can be selected and then communication can
be processed.
User A gives his request to the system which is we can call as
middle ware server which has the onion router inbuilt in it and
just because of this router the IP will be encrypted and the
request will be forwarded to the system which was requested
as originally, this server which contains onion router creates a
new IP address and that IP if we try to track it we can never
track it back because that ID never exists.
This TOR gives benefit and disadvantage in equal manner. Its
advantage is that the IP address of an defense organization can
be saved from being shown to the users which is actually not
required, the disadvantage of this router is that if a user uses
for his illegal work i.e. crashing any server by changing his IP,
and when the cyber crime organization tries to track the
details of the user who has done that crime then the details
cannot be tracked just because of the onion router which that
user has used to modify the IP Address.

TOR Network



Server/Client Server/Client
Middle Ware/Server
Fig 1-TOR network

II BACKGROUND

Here we are going to discuss about the work done to show the
implementation of the TOR attacks. We have simulated two
things in the implementation i.e., showing how can we create
a onion router and at the same time if somebody uses onion
router then track login details and verify the actioon at every
step. With this experimental setup we are showing that we can
save our data as well as Server by keeping a continuous track
on the user part of actions done in that application.

We show the process of onion router creation,

a. Randomized router simulation implementation

We have implemented the above concept which actually helps
the user to spoof his IP address i.e., modify the actual IP and
generate a random IP and that IP which is generated by this
router is almost similar to onion router means which cannot be
tracked back by anybody for further process.

The class which is been used here in this process of IP
generation is Random and is provided from the utility
package. Random class is used to generate a random number
from within the limit that we specify for it as an input. The
work that we are going to do here in this project is track the
actual IP of the user and then depending on their request on
using this randomized router a new IP will be generated based
on the values of the actual IP.

Here we need to take care is that the simulation will work
more efficiently when we run the code for the new IP
generaton when the current system is connected in LAN as we
want to show an distributed type of an application. Once the
system is in LAN the IP will be dynamic i.e., it will no more
be an localhost and IP of which will be 127.0.0.1 and this
scenario will not support randomized router simulation
because we need a non-zero digit for the Random class with
which it is going to generate a new number sequence for the
user and in this manner four different set of number can be
generated and on clubbing those numbers a new IP will be
generated and it can also be called as an virtual IP.

Processing cell at onion routers- Fig. 3 illustrates the
procedure of processing cells at onion routers.



Fig 2-processing cell at onion router.

International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 2394

In the above diagram we can see that how a cell is being
processed at different layers for transmitting data from one
end to the other.


III. CELL-RECKONING-BASED INTRUSION

Here we are going to show the implementation of this concept
and also the implementation of the Randomized router
simulation i.e., how are we getting a new IP address.

A. Basic Idea of Cell Reckoning Intrusion-
The main idea about this concept is that we are showing how a
user tries to change IP address using a router and then when
tries to modify or do something on the server then the
accessibility will be blocked because of the illegal action
being done. Here illegal action refers to the changing of IP
and then trying to take data, which is not allowed in this
application the protocol is designed in this manner for safer
transaction on the servers.




Fig 3-Cell-Reckoning-Based Intrusion

Randomized Router Simulation:

As discussed earlier this process is used to modify the actual
IP address to a new IP which is similar to an IP but the thing
is when we start tracking it we cannot trace back the original
user.

Input to the router : Actual IP other than local host(127.0.0.1)
should be given because the user is expected to be from a
remote machine and not from the stand alone machine.

Once the IP is given or tracked the router will break it into
pieces and then generate a new IP address, and the class used
will be Random class

Random class from Utility package,

To generate a random number from between 0 and 10,

Random r=new Random();
int a=r.nextInt(10);

The variable a will have a value in-between 0 and 10, it can
also be 0 or it can also be 10 or it can be any value between 0
and 10.

B.Issues and Solutions-with the discussion we know that there
are two circuit issues related to the attack.
a)Encoding Signals at Exit Onion Router-
It is not enough to encode a signal at the entry side to encode
the input with 1 bit.

Let S={ }be the signal where n is signal
length and Sj=0 or 1 and Time Sequence of signal S arrive to
OR be T={T0,T1,.,Tn-1},and average time of calling the
read event is Tread and average time for write event is Trite
and Delay interval between signal is I and D is the delay in
data transmission. The relationship is-

T
i+1
=T
i
+ I + D(0i<n-1).


T
i
+ T
read
+ T
write
T
i+1
+T
read
T
I
+ T
write
T
i
+ I + D
T
write
I + D
b)Decoding Signals at Entry Onion Router-

when a cell has to travel so many nodes over the network its
obvious that the signal strength is going to be weaken and
which will be a problem for the transmission of the signal
over the network for the communication process. We need to
take care about the number of nodes in between to complete
the communication process should be minimized.

{ } ={1} { , } ={1,0}
{ , } { , } ={1, (2+1)} ={1 , 3}
Type I Type II
{ , , } ={0,1,0} { , , } ={0,1,0}
{ } ={(1+3+1)} ={5} { , } ={(1+1),(2+1)}={2,3}
Type III Type IV
Fig 4-Example of signal division and combination.


International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 2395


IV- ANALYSIS

Here we are going to discuss about the accuracy of the system
that we have designed for the safer communication purpose.
We have the router and also we are showing that how can we
stop the cyber online crime in online web applications. So it
the minimum requirement to have this type of implementation
to avoid the attacks which are being done by the unknown
users or intruders or attackers.

A. Detection Rate-

We view that the major factor causing detection error is
network dynamics, which leads to combination and division
of cell groups.
Detection rate is defined as the detection rate for an
n-bit original signal-

P
D ,n
= (P
D
)
n


Which is a monotonously increasing function with the delay
interval as well.

B. False Positive Rate-
The false positive rate for recognizing an n-bit signal can be
calculated by

P
F, n
= ( )
n
=( )
n



C.Attack Capacity-

The channel model in our system is a discrete and memory
less channel (DMC). This attack can be modeled as a binary
erasure communication channel.

The capacity in units of bits per second for a DMC
is given by-

C
t
=


V -EXPERIMENTAL EVALUATION

A.Experimental Setup-
In our experiment we have shown that when a user tries to use
a router which is onion router then the application senses
every part of the application and will block the request which
is coming from the IP which is modified and being the
original one.

This can detect that change because in the application it is
written like when a user is logging in a normal way the details
like login id and also the IP is tracked and once after the onion
router is used and when requests for a file the IP addresses are
compared and its obvious that the IP will not match and in this
scenario the user request will get blocked by the application
and from there on the user cannot perform any task.

B. Experimental Result-

Below graph is giving us the experimental results carried out
with different inputs and it shows the way delay gets
introduced when the communication links gets increased in
the system. So, it is preferred to have a system which should
be flexible to the user request and to capture the type of user
whether a genuine user or an intruder trying to access the
details.


Fig 5- Detection rate versus delay interval


VI- CONCLUSION

We have given a solution for a system like the way it can
catch hold an intruder who is trying to damage the server by
changing the original IP address. This paper gives a good
knowledge on TOR and also the way to avoid the attacks
made by the system/user who tries to modify the content on
server without the authentication. So it is necessary for every
application to track all the details of a particular user from the
time started browsing the application till the user moves out
from that application. We have done the same process i.e., we
have shown a user trying to access the details in a normal way
and also shown the process in which trying to access the
details after modifying the IP address and in both of these
scenarios the second one should not be supported where when
a user is trying to access the details from the server after
modifying the IP then the user will get blocked and cannot do
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 2396

anything. By this we can say that all the applications in real-
time can be created in the same manner to avoid the damage
of servers.

REFERENCES

N. S. Evans, R. Dingledine, and C. Grothoff, A practical
congestion.
attack on Tor using long paths, in Proc. 18th USENIX
Security Symp., Aug. 1014, 2009
S. J. Murdoch, Hot or not: Revealing hidden services by
their clock skew, in Proc. 13th ACM CCS, Nov. 2006
R. Pries, W. Yu, X. Fu, and W. Zhao, A new replay attack
against anonymous communication networks, in Proc. IEEE
ICC, May 1923, 2008.
D. Mccoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker,
Shining light in dark places: Understanding the Tor
network, in Proc. 8thPETS, 2008.
S. U. Khaunte and J. O. Limb, Packet-level traffic
measurements from a Tier-1 IP backbone, Georgia Institute
of Technology, Atlanta, GA, Tech. Rep., 1997.


AUTHORS PROFILE



Ujjaneni Siva lalitha,
Pursuing M.Tech(CSE) Vikas
College of Engineering and
Technology (VCET), Nunna,
Vijayawada.Affliated to
JNTUK, Kakinada,A.P.,India



Prof S.V.Achutha Rao, is
working as a HOD of CSE
at Vikas College of
Engineering and
Technlogy(VCET),Nunna,V
ijayawada,Affliated to
JNTUK,Kakinada,A.P.,India








.