Instant Degradation of Anonymity in Low-Latency Anonymisation Systems

Low-latency anonymisation systems are very popular, both in academic research and in operational environments. Several attacks against these systems exist aiming to reveal the identity of a particular user, mostly by trying to assign the real IP address of the sender to a known connection. Nevertheless, the hidden identity of a user is not only based on the IP address, also location information can be of relevance. In this paper, we propose an alternative approach to instantly disclose the location of users based on Round Trip Time measurements. Even if the identity of a user can not be revealed, the correlated location information may already provide sufficient information to degrade the level of anonymity significantly. Our attack is based on virtual network coordinate systems, mapping physical nodes to a n-dimensional space to reveal a geographical proximity. Taking advantage of this feature, we define a model that leverages network coordinates based on only a single connection of a user to a malicious website for instance. Evaluation on the Planet-Lab research network proves that by the use of our proposed model a local attacker has good chance to disclose the location of a user and to utilise this information to create an low-latency anonymity system independent anonymity measure.