匿名通信システムTorにおけるウルフウェブサイトの提案

全文

(1)Vol.2015-CSEC-70 No.19 Vol.2015-SPT-14 No.19 2015/7/2. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. ಗ໊௨৴γεςϜ Tor ʹ͓͚Δ΢ϧϑ΢ΣϒαΠτͷఏҊ தా ‫ݠ‬ೋ࿠1,a). দӜ ‫װ‬ଠ1,b). ֓ཁɿಗ໊௨৴γεςϜ Tor ͸ૹ৴ऀͱड৴ऀͷͭͳ͕Γͷಗ໊ੑΛอূ͢Δɽ͔͠͠ͳ͕Βɼͦͷಗ໊ ੑΛഁΔ߈ܸ΋ൃ‫͞ݟ‬Εͭͭ͋ΓɼதͰ΋ࢦ໲߈ܸ͸߈ܸʹඞཁͳࢿ‫͕ݯ‬গͳ͘‫࣮ݱ‬తͳ‫ڴ‬ҖͱͳΓ͏Δ ΋ͷͱͯ͠஫໨͞Ε͍ͯΔɽͦ͜Ͱզʑ͸ɼࢦ໲߈ܸʹର͢Δ๷‫ޚ‬ͷࢳ‫ͯ͠ͱޱ‬΢ϧϑ΢ΣϒαΠτΛఏ Ҋ͢Δɽ͜͜Ͱ΢ϧϑ΢ΣϒαΠτͱ͸ɼτϥϑΟοΫ্ଞͷ΢ΣϒαΠτʹͳΓ͢·͠΍͍͢΢Σϒα Πτͱఆٛ͢ΔɽͦΕͧΕͷτϥϑΟοΫΛ΢ϧϑ΢ΣϒαΠτʹٖଶͤ͞Δ͜ͱͰɼ௨৴ྔͷΦʔόʔ ϔουΛ࠷খ‫ʹݶ‬཈͑ͨ··ࢦ໲߈ܸͷ߈ܸ੒ޭ཰Λେ͖͘Լ͛Δ͜ͱ͕Ͱ͖Δͱߟ͑ΔɽຊߘͰ͸ɼຊ ఏҊʹ޲͚ͨ‫ه͍ͯͭʹݧ࣮ૅج‬ड़͢Δɽ. 1. ͸͡Ίʹ. ͨ໰୊Λ࣋ͭɽྫ͑͹ɼ͢΂ͯͷύέοτ͕ MTU ͷେ͖ ͞ͱͳΔΑ͏ʹύσΟϯάΛߦ͏͜ͱͰɼτϥϑΟοΫͷ. ۙ೥Πϯλʔωοτ͸‫ٸ‬଎ʹී‫͓ͯ͠ٴ‬Γɼ༷ʑͳ༻్. ಛ௃Λେ͖ࣦ͘Θͤ߈ܸΛࠔ೉ʹ͢Δ͜ͱ͸Ͱ͖Δ͕ɼඞ. Ͱར༻͞Ε͍ͯΔɽ͔͠͠ͳ͕Βɼͦͷ‫ٸ‬଎ͳ֦େʹ൐͍ɼ. ཁͳ௨৴ྔ͕ඇৗʹେ͖͘ͳΓ‫࣮ݱ‬తͳղܾ๏ͱ͸ͳΒ. ϢʔβͷϓϥΠόγ͕े෼ʹอ‫͞ޢ‬Ε͍ͯͳ͍ͱ͍͏໰୊. ͳ͍ɽ. ʹର͢Δ‫ݒ‬೦͕େ͖͘ͳ͍ͬͯΔɽ͜Εʹର͠ɼ‫ࢸʹࡏݱ‬. ຊ‫Ͱڀݚ‬͸ɼࢦ໲߈ܸ΁ͷޮՌతͳ๷‫ޚ‬ͷࢳ‫ͯ͠ͱޱ‬ɼ. Δ·ͰϢʔβͷϓϥΠόγΛอ‫͢ޢ‬ΔͨΊͷ༷ʑͳٕज़͕. ΢ϧϑ΢ΣϒαΠτΛఏҊ͢Δɽ΢ϧϑͱ͸ɼଟ͘ͷొ࿥. ։ൃ͞Ε͖ͯͨɽͦͷٕज़ͷҰͭʹ҉߸௨৴͕͋Δɽ͔͠. ςϯϓϨʔτʹର͠‫ͯͬޡ‬ड͚ೖΕΒΕΔೖྗ৘ใͷ͜ͱ. ͠ͳ͕Βɼ҉߸௨৴͸௨৴ͷ಺༰Λൿಗ͢Δ͜ͱ͕Ͱ͖Δ. Ͱ͋Δɻզʑ͸ɼ΢ϧϑ΢ΣϒαΠτΛʮࢦ໲߈ܸͷ๦͛. ͕ɼૹड৴ऀͷؔ܎ੑΛൿಗ͢Δ͜ͱ͸Ͱ͖ͳ͍ɽͦ͜Ͱɼ. ͱͳΔ΄Ͳɺଟ͘ͷ΢ΣϒαΠτͱࣅͨࢦ໲ʹͳΔ΢Σϒ. ૹड৴ऀͷؔ܎ੑΛൿಗ͢Δ͜ͱΛ໨తͱͯ͠ߟҊ͞Εͨ. αΠτʯͱఆٛ͢Δɽ͜ͷͱ͖ɼ࣮ੈքʹ΢ϧϑ΢Σϒα. ͷ͕ಗ໊௨৴γεςϜͰ͋Δɽಗ໊௨৴γεςϜ͸ 1981. Πτ͸ଘࡏ͢Δͷ͔ɼ͋Δ΢ΣϒαΠτΛ΢ϧϑ΢Σϒα. ೥ʹ Chaum[4] ʹΑͬͯॳΊͯఏҊ͞ΕɼҎ༷߱ʑͳಗ໊. Πτʹِ૷ͤ͞Δํ๏ʹͲͷΑ͏ͳํ๏͕͋Δ͔ɼͱ͍ͬ. ௨৴γεςϜ͕ߟҊ͞Εͨɽ͜ͷಗ໊௨৴γεςϜͷதͰ. ͨ͜ͱΛ୳Δͷ͕‫ڀݚ‬ͷ໨తͰ͋Δɽ΢ϧϑ΢ΣϒαΠτ. ࠷΋༗໊͔ͭී‫͍ͯ͠ٴ‬Δͷ͸ Tor[6] Ͱ͋ΔɽTor ͸ɼୈ. ͷൃ‫૷ِͼٴݟ‬ͷ‫ڀݚ‬ΛਐΊΔ͜ͱʹΑΓɼ௨৴ྔͷΦʔ. ೋੈ୅ΦχΦϯϧʔςΟϯάͷ࣮૷ʹ͋ͨΓɼTCP ϓϩ. όʔϔουΛ࠷খ‫ʹݶ‬཈͑ͨ··ࢦ໲߈ܸͷ੒ޭ཰Λେ͖. τίϧ্ͷಗ໊௨৴ΛՄೳʹ͠ɼ֤छΞϓϦέʔγϣϯʹ. ͘௿Լͤ͞Δ͜ͱ͕Ͱ͖Δͱߟ͑Δɽ. ϓϥΠόγอ‫ޢ‬Λࢪ͢‫ج‬൫ٕज़ͱͯ͠‫ػ‬ೳ͢Δɽ. ຊߘͰ͸ɼୈ 2 ষͰલఏͱͳΔ Tor ΍ࢦ໲߈ܸʹ͍ͭͯ. ҰํͰɼTor ͷಗ໊ੑΛ௿Լͤ͞Δ༗ޮͳ߈ܸखஈ΋ൃ. આ໌͠ɼୈ 3 ষͰઌߦ‫͍ͯͭʹڀݚ‬ɼୈ 4 ষͰզʑ͕ఏҊ. ‫͞ݟ‬Ε͍ͯΔɽࢦ໲߈ܸ͸ͦͷதͷҰͭͰ͋ΓɼTor ͷೖ. ͢Δ΢ϧϑ΢ΣϒαΠτʹ͍ͭͯड़΂ɼୈ 5 ষͰ‫ݧ࣮ૅج‬. Γ‫ޱ‬ϊʔυͷ‫͏͍ͱࢹ؂‬ऑ͍ԾఆͰ߈ܸ͕ՄೳͰ͋Δͨ. ʹ͍ͭͯ‫ه‬ड़͢Δɽ࠷‫ʹޙ‬ୈ 6 ষͰࠓ‫ޙ‬ͷ՝୊ʹ͍ͭͯड़. Ίɼ‫࣮ݱ‬తͳ‫ڴ‬ҖͱͳΓ͏Δ΋ͷͱͯ͠஫໨͞Ε͍ͯΔɽ. ΂Δɽ. ଟ͘ͷࢦ໲߈ܸ͕ఏҊ͞ΕΔʹͭΕ [3], [9], [13], [19],. [20]ɼ๷‫ޚ‬ख๏΋ෳ਺ఏҊ͞Ε͖ͯͨ [8], [12], [14], [21]ɽ. 2. ಗ໊௨৴γεςϜ Tor ͱࢦ໲߈ܸ. ͔͍ͣ͠͠Εͷ๷‫ޚ‬ख๏΋ɼ๷‫ޚ‬ͷͨΊͷίετ͕େ͖͢. 2.1 ಗ໊௨৴γεςϜ. ͗Δɼ·ͨ͸߈ܸ੒ޭ཰Λ΄ͱΜͲԼ͛ΒΕͳ͍ɼͱ͍ͬ. Πϯλʔωοτ͸զʑʹ༷ʑͳԸ‫ܙ‬Λ༩͍͑ͯΔ͕ɼಉ ࣌ʹར༻ऀͷϓϥΠόγΛ‫͍͔ͯ͠ڴ‬Δɽࠓ೔ɼΠϯλʔ. 1 a) b). ౦‫ژ‬େֶ ੜ࢈ٕज़‫ॴڀݚ‬ IIS, Meguro, Tokyo 153–8505, Japan [email protected] [email protected]. c 2015 Information Processing Society of Japan . ωοτͷ‫ٸ‬଎ͳ֦େʹ൐͍ɼ‫ݸ‬ਓͷϓϥΠόγΛอ‫͠ޢ‬ ͨ··৘ใͷަ‫׵‬Λߦ͍͍ͨͱ͍͏धཁ͕ߴ·͍ͬͯΔɽ. 1.

(2) Vol.2015-CSEC-70 No.19 Vol.2015-SPT-14 No.19 2015/7/2. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. SSL ௨৴ʹ୅ද͞ΕΔ҉߸Խ௨৴͸ɼ௨৴ͷ಺༰Λୈࡾऀ. ࢤ͕ఏ‫͢ڙ‬Δ໿ 6,500[2] ͷϊʔυͱͦΕΒͷ৘ใΛ؅ཧ͢. ʹରͯ͠Ӆณ͠ɼҰఆͷϓϥΠόγΛ֬อ͢Δɽ͔͠͠ͳ. ΔσΟϨΫτϦαʔόʹΑͬͯΦʔόʔϨΠωοτϫʔΫ. ͕Βࣗ෼͕௨৴Λͨ͠ͱ͍͏ࣄ࣮ͦͷ΋ͷΛӅณ͍ͨ͠. Λߏங͢Δɼ௿ϨΠςϯγͷ௨৴γεςϜͰ͋ΔɽTor ͸. ৔߹΋ଘࡏ͠ɼ͜ͷΑ͏ͳ࣌ʹಗ໊௨৴γεςϜ͕ඞཁͱ. Ұ೔౰ͨΓ໿ 2,000,000 ͷϢʔβʹ༻͍ΒΕ͓ͯΓɼຖඵ. ͳΔɽ ࣾձతʹσϦέʔτͳ໰୊Λѻ͏ͱ͖ɼಗ໊௨৴γε ςϜ͸༗༻Ͱ͋Δ [5]ɽྫ͑͹ɼWikiLeaks ౳ͷ಺෦ࠂൃ. ໿ 6,000MB ͷσʔλ௨৴Λߦ͍ͬͯΔɽຊઅͰ͸ɼࢦ໲ ߈ܸʹؔ࿈͢Δ෦෼Λத৺ʹ Tor Λ঺հ͢Δɽ. 2.2.1 ΦχΦϯϧʔςΟϯά. αʔϏεͰ͸ɼϢʔβ͸ࣗ෼͕ࠂൃͨ͠ͱ͍͏ࣄ࣮ΛӅณ. ΦχΦϯϧʔςΟϯάͱ͸ɼΠϯλʔωοτ্Ͱಗ໊. ͨ͠··ࠂൃΛߦ͍͍ͨ͸ͣͰ͋Δɽ·ͨɼࠃ‫ऀه͖ͳڥ‬. ௨৴Λ࣮‫ͤ͞ݱ‬ΔͨΊͷٕज़Ͱ͋Δɽ͜Ε͸ɼMichael G.. ஂͳͲ͸ɼࠂൃ΍Πϯλʔωοτ্Ͱͷ৘ใௐࠪʹಗ໊௨. ReedɼPaul F. SyversonɼDavid M. Goldschlag ΒʹΑͬ. ৴γεςϜΛ༻͍Δ͜ͱʹΑΓ৘ใఏ‫ऀڙ‬ͷϓϥΠόγͱ. ͯൃ໌͞ΕɼΞϝϦΧւ‫ʹ܉‬Αͬͯถࠃಛ‫ ڐ‬No.6266704. ҆શΛक͍ͬͯΔɽ͜ͷ༷ͳࠂൃऀͷಗ໊ੑΛ֬อ͢Δ͜. ͕औಘ͞Ε͍ͯΔ [17]ɽTor ͸ΦχΦϯϧʔςΟϯάΛ࠾. ͱ͸ɼಗ໊௨৴γεςϜͷ༗ྗͳ༻్Ͱ͋Δɽ·ͨɼΠϯ. ༻͍ͯ͠Δ࠷΋ී‫͋Ͱ૷࣮ͨ͠ٴ‬Γɼ͜͜Ͱ Tor ͕ΦχΦ. λʔωοτ‫ݕ‬Ӿ͕‫͍͠ݫ‬Ұ෦஍ҬͰ͸ɼΠϯλʔωοτΛ. ϯϧʔςΟϯάΛͲͷΑ͏ʹ࣮૷͍ͯ͠Δ͔ͷུ֓Λઆ໌. ௨ͨ͡‫ݴ‬࿦ͷࣗ༝͕ಘΒΕͳ͍ɽྫ͑͹தࠃͰ͸ۚ६ͱ‫ݺ‬. ͢Δɽ. ͹ΕΔωοτ‫ݕ‬ӾγεςϜΛಋೖ͓ͯ͠ΓɼΠϯλʔωο. Tor Ͱ͸ɼࡾͭͷ Tor ϊʔυ (OR1,OR2,OR3 ͱ͢Δ) Λ. τϢʔβ͕੓෎ʹର͠ෆརͳ৘ใΛൃ৴͢Δͱɼۚ६ʹ. ༻͍ͯΦχΦϯϧʔςΟϯάΛ࣮ߦ͢Δɽ࠷ॳʹɼΫϥ. Αͬͯ৘ใఏ‫ऀڙ‬ͷಛఆ͕ͳ͞ΕΔɽ͔͠͠ɼ͜ͷΑ͏ͳ. ΠΞϯτ͸ Diffie-Hellman ‫׵ަݤ‬Λ༻͍ͯɼOR1ɼOR2ɼ. ‫ݕ‬Ӿ͕ߦΘΕ͍ͯΔΠϯλʔωοτ্Ͱ΋ಗ໊௨৴γες. OR3 ͦΕͧΕͱηογϣϯ‫ݤ‬Λ‫ڞ‬༗͢Δɽ࣍ʹɼΫϥΠΞ. ϜΛಋೖ͢Δ͜ͱʹΑΓɼࣗ༝ͳٞ࿦͕ߦ͑ΔΑ͏ʹͳΔɽ. ϯτ͸ͦͷࡾͭͷ‫ݤ‬Λ༻͍ͯɼਤ 1 ͷ༷ʹϝοηʔδΛଟ. ͜ͷΑ͏ͳ༻్͕ߟ͑ΒΕΔಗ໊௨৴γεςϜͰ͋Δ͕ɼ. ॏʹ҉߸Խ͠ɼࡾͭͷϊʔυΛத‫ͯ͠ܧ‬ϝοηʔδΛૹ৴. ͦͷ‫ج‬ຊ֓೦͸ 1986 ೥ʹ Pfitzmann ͱ Waidner ʹΑͬͯ. ͢Δɽ͜ͷͱ͖ɼϝοηʔδ͕֤ϊʔυΛ௨ͬͯஈ֊తʹ. ఏএ͞Εͨ [15]ɽͦͷதͰɼ൴Β͸ಗ໊௨৴ʹ͓͍ͯ࠷΋. ෮߸͞Ε͍༷͕ͯ͘ɼ‫ۄ‬Ͷ͗ͷൽΛΉ͍͍༷ͯ͘ࢠʹͳͧ. ॏཁͳཁૉ͸ҎԼͷࡾͭͰ͋Δ͜ͱΛࣔͨ͠ɽ. Β͑ΒΕͯΦχΦϯϧʔςΟϯάͱ‫ݺ‬͹Ε͍ͯΔɽ. • ड৴ऀಗ໊ੑ recipient anonymity. ΦχΦϯϧʔςΟϯάΛߦ͏ͱɼத‫ࢀʹܧ‬Ճ֤ͨ͠ϊʔ. ϝοηʔδ M ͕ड৴ऀΛ࣋ͨͳ͍ͱ͖ɼड৴ऀಗ໊. υ͸ࣗ਎ͷ௚લ௚‫ؔ͢ʹޙ‬Δͭͳ͕Γ͔͠஌Δ͜ͱ͸Ͱ͖. ੑΛߟ͑Δඞཁ͸ͳ͍ɽҰํͰɼಛఆͷड৴ऀ R ͷΈ. ͳ͍ɽैͬͯɼ֤ϊʔυ΍్தͷ௨৴Λ౪ௌͨ͠ୈࡾऀ͕. ʹ M ΛૹΔͱ͖ɼʮM ͷड৴ऀ͕ R Ͱ͋Δ͜ͱʯΛ. ૹ৴ऀͱड৴ऀͷਅͷͭͳ͕ΓΛ஌Δ͜ͱ͸Ͱ͖ͳ͍ɽΦ. ୈࡾऀʹରͯ͠ൿಗͰ͖Δ͔Ͳ͏͔ɼΛड৴ऀಗ໊ੑ. χΦϯϧʔςΟϯάͷར఺ʹɼ͢΂ͯͷϊʔυΛ৴པ͢Δ. ͱ‫Ϳݺ‬ɽ. ඞཁ͕ͳ͍ͱ͍͏͜ͱ͕‫͛ڍ‬ΒΕΔɽԾʹ͋ΔҰͭͷϊʔ. • ૹ৴ऀಗ໊ੑ sender anonymity. υ͕ѱҙͷ͋Δୈࡾऀʹ઎‫͞ڌ‬Εͨ৔߹Ͱ͋ͬͯ΋ɼ্‫ه‬. ϝοηʔδ M ͷૹ৴ऀ S ͕ɼ ʮM ͷૹ৴ऀ͕ S Ͱ͋. ͷཧ༝ʹΑΓಗ໊௨৴ͷಗ໊ੑ͸ഁΒΕͳ͍ɽ. Δ͜ͱʯΛୈࡾऀʹରͯ͠ൿಗͰ͖Δ͔Ͳ͏͔ɼΛૹ. 2.2.2 Tor ͷσβΠϯ. ৴ऀಗ໊ੑͱ‫Ϳݺ‬ɽ. • ૹ৴ऀͱड৴ऀͷͭͳ͕Γͷಗ໊ੑ unlinkability of. Tor ͸ɼΫϥΠΞϯτ͕ͦͷ௨৴ઌͱ݁ͼ෇͚ΒΕΔͷ Λ๷ࢭ͢Δ͜ͱΛ໨తͱ͍ͯ͠Δɽ͢ͳΘͪɼΫϥΠΞϯ. sender and recipient. τΛ‫͢ࢹ؂‬Δୈࡾऀ͕ɼΫϥΠΞϯτ͕ͲͷαʔόʹΞΫ. ૹ৴ऀ S ͕ड৴ऀ R ʹϝοηʔδ M ΛૹΔͱ͖ɼM. ηε͍ͯ͠Δ͔Λಛఆ͢Δ͜ͱ͕Ͱ͖ͳ͍Α͏ʹ͠ɼ·ͨ. ʹ͍ͭͯʮS ͕ R ʹૹ৴ͨ͠ϝοηʔδͰ͋Δ͜ͱʯ. αʔόଆ͔Β΋ɼTor Λ࢖༻͍ͯ͠ΔΫϥΠΞϯτΛҰҙ. Λୈࡾऀʹରͯ͠ൿಗͰ͖Δ͔Ͳ͏͔ɼΛૹ৴ऀͱड. ʹಛఆ͢Δ͜ͱ͕Ͱ͖ͳ͍Α͏ʹ͢Δɽ. ৴ऀͷͭͳ͕Γͷಗ໊ੑͱ‫Ϳݺ‬ɽ. ΫϥΠΞϯτ͸ϑϦʔιϑτ΢ΣΞΛμ΢ϯϩʔυɼΠ. ಗ໊௨৴͸ɼ࣮༻্ͷ‫Ͱ఺؍‬͸ૹ৴ऀͱड৴ऀͷͭͳ͕. ϯετʔϧ͢Δ͜ͱʹΑͬͯ Tor Λར༻͢Δ͜ͱ͕Ͱ͖. Γͷಗ໊ੑ͕ຬͨ͞ΕΕ͹े෼Ͱ͋Δ͜ͱ͕ଟ͘ɼैͬͯ. Δɽ؆୯ʹ͸ Tor ϒϥ΢βΛհͯ͠ΠϯλʔωοτʹΞΫ. ΄ͱΜͲͷಗ໊௨৴γεςϜ΋͜ͷಗ໊ੑͷΈΛอূͯ͠. ηε͢Ε͹Α͘ɼ͜Ε͸ Tor ͷརศੑΛߴΊ͍ͯΔɽ. ͍Δɽ. σΟϨΫτϦαʔό͸֤ Tor ϊʔυͷՄ༻ੑ΍ଳҬ෯ͳ ͲΛ‫؍‬ଌ͓ͯ͠Γɼఆ‫ظ‬తʹ‫ط‬஌ͷ Tor ϊʔυͷঢ়ଶϦε. 2.2 Tor. τΛ࡞੒͍ͯ͠ΔɽΫϥΠΞϯτ͕ Tor Λར༻͢Δࡍʹ͸ɼ. ‫࠷ࡏݱ‬΋ී‫͍ͯ͠ٴ‬Δಗ໊௨৴γεςϜ͸ɼୈೋੈ୅ͷ. ·ͣσΟϨΫτϦαʔόʹ઀ଓ͜͠ͷϦετ (consensus. ΦχΦϯϧʔςΟϯάʹ͋ͨΔ Tor[6] Ͱ͋ΔɽTor ͸ɼ༗. file ͱ‫ݺ‬͹ΕΔ) Λμ΢ϯϩʔυ͢Δɽͦͷ‫ޙ‬ΫϥΠΞϯ. c 2015 Information Processing Society of Japan . 2.

(3) Vol.2015-CSEC-70 No.19 Vol.2015-SPT-14 No.19 2015/7/2. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. ਤ 1. ΦχΦϯϧʔςΟϯά. τ͸Ϧετதͷϊʔυ͔Βࡾͭͷϊʔυ (OR1,OR2,OR3) Λબ୒͠ɼ࠷ॳͷத‫ܧ‬ϊʔυ OR1 ͱͷ҉߸Խ௨৴࿏Λ‫ܗ‬ ੒͢Δɽ͜ͷ௨৴࿏͸ Diffie-Hellman ‫׵ަݤ‬Λ༻͍ͨηο γϣϯ‫ݤ‬ͷ‫ڞ‬༗ʹΑͬͯ҉߸Խ͞ΕΔɽͦͯ͠ɼ͜ͷ҉߸ Խ௨৴࿏Λ༻͍ͯ OR1 ͱ OR2 ͷؒʹؔͯ͠΋ಉ༷ͷ҉߸ Խ௨৴࿏Λ‫ܗ‬੒͠ɼ·ͨ OR2 ͱ OR3 ʹ͍ͭͯ΋ಉ༷ͷૢ ࡞Λߦ͏ɽ֤҉߸Խ௨৴࿏Ͱ͸ TLS ௨৴͕ߦΘΕΔɽ͜ ͷΑ͏ʹͯ͠ɼΫϥΠΞϯτ͸ࡾ൪໨ͷϊʔυ OR3 ͱͷ ઀ଓΛอ͍࣋ͯ͠Δ͕ɼOR3 ͸ OR1 ΍ΫϥΠΞϯτʹͭ ͍ͯͷ৘ใΛ஌Δ͜ͱ͸ͳ͍ɽಉ༷ʹɼOR1 ΋ΫϥΠΞϯ τ͕ OR3 ʹͲͷϊʔυΛબ୒͔ͨ͠Λ஌Δ͜ͱ͸ͳ͍ɽ ΫϥΠΞϯτͷ IP ΞυϨεΛ஌Δ OR1 ʹΑͬͯಗ໊ੑ ͕ഁΒΕΔ֬཰Λ௿͘͢ΔͨΊʹɼEntry guard ͱ‫ݺ‬͹Ε Δ࢓૊Έ͕࠾༻͞Ε͍ͯΔɽ·ͣɼTor ϊʔυͷ͏ͪे෼ ͳଳҬ෯Λ࣋ͬͨϊʔυͷΈ͕ Guard ϑϥάΛಘΔɽΫ ϥΠΞϯτ͸ϑϥάΛ࣋ͬͨϊʔυͷத͔Β͍͔ͭ͘ (σ ϑΥϧτͰࡾͭ) ϥϯμϜʹબ୒͠ɼͦΕΒΛ Guard Ϧε τͱͯ͠อ࣋͢Δɽ͜ͷϦετΛ࡞੒͢ΔࡍɼͦΕͧΕͷ. guard ʹ͍ͭͯຬྃ࣌ؒΛ 30 ೔͔Β 60 ೔ͷؒͰϥϯμϜ ʹઃఆ͢Δɽ͜ͷຬ͕ྃ࣌ؒա͗Δͱɼͦͷ guard ͸Ϧε τ͔Β֎ΕɼϑϥάΛ࣋ͬͨผͷϊʔυ͕Ϧετʹ૊Έ ࠐ·ΕΔɼͱ͍ͬͨΑ͏ʹϩʔςʔγϣϯ͍ͤͯ͞Δɽ࣮ ࡍʹ࢖ΘΕΔ OR1 ͸ɼTor ͷύε͕৽͘͠࡞ΒΕΔ͝ͱ ʹϦετͷத͔ΒϥϯμϜʹબ͹ΕΔɽ͜ͷΑ͏ʹ Entry. ਤ 2. ࢦ໲߈ܸ. guard ͱ࣮ͯ͠ࡍʹ࢖ΘΕΔϊʔυΛ‫ݶ‬ఆ͢Δ͜ͱͰɼTor Ͱ͸߈ܸऀͷ઎‫ڌ‬ɼ‫ࢹ؂‬ର৅ͱͳΔ֬཰ΛԼ͍͛ͯΔɽ. Tor ͷ௨৴͸ɼ512bytes ‫ݻ‬ఆαΠζͷɼϔομͱϖΠϩʔ υ͔Βߏ੒͞ΕΔηϧʹΑΓߦΘΕΔɽϔομʹ͸αʔ Ωοτ ID(circID) ͱίϚϯυ (CMD) ͕‫·ؚ‬ΕΔɽίϚϯ υʹΑΓηϧ͸੍‫ޚ‬ηϧ͔ϦϨʔηϧʹ෼͚ΒΕɼϦϨʔ ηϧʹ͸ϖΠϩʔυͷલʹ෇Ճతͳϔομ͕‫·ؚ‬ΕΔɽ. 2.3 ࢦ໲߈ܸ ಗ໊௨৴γεςϜʹର͢Δ߈ܸख๏ͷதͰ༗ޮͳख๏. c 2015 Information Processing Society of Japan . 3.

(4) Vol.2015-CSEC-70 No.19 Vol.2015-SPT-14 No.19 2015/7/2. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. ʹɼࢦ໲߈ܸ͕͋Δ [18]ɽTor ʹର͢Δࢦ໲߈ܸͷ֓‫؍‬Λ. ηϧΛ༻͍ͯ‫ݻ‬ఆ௕ͷσʔλ୯ҐͰ௨৴Λߦ͍ͬͯΔͨΊ. ਤ 2 ʹࣔ͢ɽTor ΁ͷࢦ໲߈ܸͰ͸ɼ͋ΔΠϯλʔωοτ. Ͱ͋Δɽ͜ΕʹՃ͑ɼTor Ͱ͸ճઢߏஙʹ༻͍ΒΕΔ੍‫ޚ‬. Ϣʔβ͕ಗ໊௨৴γεςϜ Tor Λ༻͍ͯ͋Δ΢ΣϒαΠτ. ηϧͳͲ͕ύέοτͱͯ͠ྲྀΕ͓ͯΓɼࢦ໲߈ܸΛߦ͏ࡍ. ʹΞΫηε͓ͯ͠ΓɼͦͷϢʔβ͕ར༻͢Δ Entry guard. ʹϊΠζͱͳΓ߈ܸͷੑೳΛ௿Լͤ͞Δɽ. Λ߈ܸऀ͕‫͍ͯ͠࡯؍‬Δঢ়ଶΛ૝ఆ͢Δɽ Ұൠతͳ΢Σϒϖʔδ͸ɼը૾ϑΝΠϧ΍ javascript ͷ ιʔεϑΝΠϧͳͲɼଟ͘ͷؔ࿈ϑΝΠϧΛಡΈࠐΜͩ͏. 3. ؔ࿈‫ڀݚ‬ ຊষͰ͸ɼࢦ໲߈ܸʹؔ͢Δ͍͔ͭ͘ͷख๏ʹ͍ͭͯɼ. ͑Ͱදࣔ͞ΕΔɽ͢ͳΘͪɼ΢ΣϒαΠτʹΞΫηε͢Δ. ๷‫ޚ‬ख๏ͱ߈ܸख๏ʹ෼͚ͯ‫ه‬ड़͢Δɽͳ͓ɼ͜͜Ͱ঺հ. ࡍ͸ɼ΢ΣϒϖʔδϑΝΠϧ͚ͩͰͳͦ͘ΕΒͷϑΝΠϧ. ͢Δ๷‫ޚ‬ख๏͸ඞͣ͠΋ Tor ͷͨΊʹߟҊ͞Εͨ΋ͷͰ͸. ʹରͯ͠΋ϦΫΤετΛߦ͏ɽ΢ΣϒϖʔδϑΝΠϧࣗମ. ͳ͍ɽ. ͷαΠζ΍ؔ࿈ϑΝΠϧͷ૯਺ɼ‫ݸͼٴ‬ʑͷαΠζ͸΢Σ ϒαΠτຖʹҟͳΔͨΊɼ΢ΣϒαΠτʹΞΫηεͨ͠ࡍ. 3.1 ๷‫ޚ‬. ʹੜ͡Δ௨৴ͷྲྀΕ΋΢ΣϒαΠτຖʹҟͳͬͨ΋ͷͱͳ. ͢Ͱʹ Tor Ͱ࣮૷͞Ε͍ͯΔ๷‫ޚ‬ख๏ʹɼpipeline ran-. Δɽ͜ͷ௨৴ͷྲྀΕ (΢ΣϒτϥϑΟοΫͱ‫ )Ϳݺ‬ͷதʹੜ. domization ͕͋Δ [14]ɽ͜Ε͸ Tor ͷ։ൃऀͨͪʹΑΓఏ. ͡Δ΢ΣϒαΠτಠࣗͷಛ௃ (͜ΕΛࢦ໲ͱ‫ )Ϳݺ‬ΛͱΒ. এ͞Εͨ΋ͷͰɼHTTP ύΠϓϥΠϯΛ࢖༻Մೳʹ͠ɼύ. ͑ɼϢʔβ͕Ͳͷ΢ΣϒαΠτʹΞΫηε͍ͯ͠Δ͔Λಛ. ΠϓϥΠϯαΠζ‫ͼٴ‬ϦΫΤετͷॱ൪ΛϥϯμϜʹఆ. ఆ͢Δɼͱ͍͏͜ͱ͕ࢦ໲߈ܸͷ‫ج‬ຊతͳํ਑Ͱ͋Δɽ. ΊΔɽ࣮૷ίετ͕খ͘͞ɼΦʔόʔϔου͕ൃੜ͠ͳ͍. ࢦ໲߈ܸ͕ଞͷ߈ܸͱେ͖͘ҟͳΔͷ͸ɼ‫͖΂͢࡯؍‬. ͨΊ‫Ͱࡏݱ‬΋༻͍ΒΕ͍ͯΔɽ͔͠͠ͳ͕Βɼ͜ͷख๏ʹ. ϊʔυ͕Ұ͔ॴͰΑ͍ͱ͍͏఺Ͱ͋ΔɽTor ʹ͓͍ͯ͸ɼ. Αͬͯࢦ໲߈ܸͷ੒ޭ཰Λେ͖͘Լ͛ͨͱ͍͏ใࠂ͸ͳ͍ɽ. OR1 ΋͘͠͸ΫϥΠΞϯτ͔Β OR1 ʹࢸΔ‫ܦ‬࿏্Ͱύ. ଞͷϥϯμϜੑΛ๷‫͍༻ʹޚ‬Δख๏ʹɼtraffic morph-. έοτΛ౪Έ‫ݟ‬Δ͜ͱ͕Ͱ͖Ε͹Α͍ɽಗ໊௨৴γεςϜ. ing[21] ΍ Panchenko Βͷ background noise[13] ͕͋Δɽ. ʹର͢Δ߈ܸख๏ʹ͸ɼ݁ୗ߈ܸ (sybil attack)[7] ΍ઌߦ. traffic morphing Ͱ͸ɼ͋Δ΢ΣϒαΠτʹΞΫηεͨ͠. ఺߈ܸ (predecessor attack)[22]ɼλΠϛϯά߈ܸ (timing. ࡍʹੜͨ͡τϥϑΟοΫ (ҎԼΠϯελϯεͱ‫ )Ϳݺ‬ͷύ. attack)[10], [11] ΍൓ࣹ߈ܸ (replay attack)[16] ͱ͍ͬͨख. έοταΠζ෼෍ΛɼผͷΠϯελϯεͷύέοταΠζ. ๏͕ߟҊ͞Ε͍ͯΔ͕ɼ͍ͣΕͷख๏΋ೋͭҎ্ͷϊʔυ. ෼෍ʹ֬཰తʹ͚ۙͮΔɽ͔͠͠খ͘͞ͳ͍Φʔόʔϔο. ͷ‫͕࡯؍‬ඞཁͰ͋Γɼ࣮‫ݱ‬Մೳੑ͕௿͍ɽ͜Εʹର͠ɼࢦ. υ͕ੜ͡Δ͜ͱɼ੩తʹద༻͞ΕΔ͜ͱɼTor ্Ͱద༻͠. ໲߈ܸ͸ඞཁͳԾఆ͕ଞͷख๏ͱൺ΂ͯඇৗʹऑ͘ɼ߈ܸ. ͨͱ͖ʹ͋·ΓޮՌ͕‫ݟ‬ΒΕͳ͔ͬͨͱ͍͏ใࠂ͕͋Δ͜. ͷ࣮‫ݱ‬ੑ͕ߴ͍ͨΊ‫࣮ݱ‬తͳ‫ڴ‬ҖͱͳΓ͏Δɽ. ͱ͔Β [3]ɼղܾ๏ͱ͸ͳΓʹ͍͘ɽBackground noise Ͱ. Ұൠతͳࢦ໲߈ܸͷखॱ͸ҎԼͰ͋Δɽ·ͣɼ߈ܸऀ͸. ͸ɼΫϥΠΞϯτ͕΢ΣϒϖʔδʹΞΫηε͢Δͷͱಉ࣌. ‫͍ͨ͠ࢹ؂‬΢Σϒϖʔδ‫ʹ܈‬ΞΫηε͠ɼੜ͡Δύέοτ. ʹɼϥϯμϜʹબ͹Εͨผͷϖʔδʹ΋ΞΫηε͢Δɽ͜. ྻΛऩू͢Δɽ࣍ʹ߈ܸऀ͸ɼඃ߈ܸऀ͕΢Σϒϖʔδʹ. ΕʹΑΓ߈ܸ੒ޭ཰͸େ͖͘‫ݮ‬গ͢Δ͕ɼେ͖ͳΦʔόʔ. ΞΫηε͢Δ͜ͱͰੜ͡ΔύέοτྻΛ‫͢࡯؍‬Δɽͦͯ͠. ϔουΛඞཁͱ͢Δɽ. ‫ࢣڭ‬༗ֶश͞Εͨ෼ྨ‫Ͱث‬ඃ߈ܸऀ͕Ͳͷ΢Σϒϖʔδʹ ΞΫηε͔ͨ͠Λಛఆ͢Δɽ ࢦ໲߈ܸΛߦ͏߈ܸऀ͸‫ج‬ຊతʹҎԼࡾͭͷԾఆΛஔ͘. ( 1 ) ߈ܸऀ͸‫؍‬ଌ͢Δύέοτʹ͍ͭͯ͋ΔҰͭͷϖʔδ ϩʔυͷ࢝఺ͱऴ఺Λ஌Δɽ. ܾఆ࿦తͳ๷‫ޚ‬ख๏ʹ HTTPOS[12] ΍ BuFLO[8] ͕͋ ΔɽTor ͕‫ݻ‬ఆ௕ηϧΛ༻͍ͯ௨৴Λߦ͍ͬͯΔͷ΋ܾఆ ࿦తख๏ʹ͋ͨΔɽHTTPOS ͸ΫϥΠΞϯτͷϒϥ΢β ্Ͱಈ࡞͠ɼMSS ΍΢Οϯυ΢αΠζͷύϥϝʔλΛௐ અ͢Δ͜ͱͰύέοτͷେ͖͞Λෆ໌ྎʹ͢ΔɽΦʔόʔ. ( 2 ) ඃ߈ܸऀ͸Ұ౓ʹҰͭͷϖʔδΛϩʔυ͠ɼϖʔδ. ϔου͸খ͍͕͞ɼ͜ͷ๷‫ޚ‬ख๏͸ޮՌ͕খ͍͞ͱ͍͏ओ. ϩʔσΟϯάͱϑΝΠϧμ΢ϯϩʔυΛಉ࣌ʹߦ͏ͱ. ு͕͋Δ [3]ɽBuFLO Ͱ͸ɼૹड৴྆ํ޲ʹɼ௨৴͕ऴΘ. ͍ͬͨߦҝ͸ߦΘͳ͍ɽ. Δ·ͰɼҰఆִؒͰσʔλΛૹΓଓ͚Δɽ߈ܸ੒ޭ཰Λେ. ( 3 ) ߈ܸऀ͸ඃ߈ܸऀͱಉ͡৚݅Ͱ෼ྨ‫ث‬Λֶशͤ͞Δ. ͖͘Լ͛Δ͕ɼΦʔόʔϔου͕ඇৗʹେ͖͍ɽ. ͜ͱ͕Ͱ͖Δɽͭ·ΓɼΫϥΠΞϯτͷ OS ΍ωοτ ϫʔΫ઀ଓɼTor ϒϥ΢βͷόʔδϣϯͳͲΛಉ༷ʹ ͨ͠͏͑Ͱ߈ܸΛߦ͏͜ͱ͕Ͱ͖Δɽ ͜ΕΒͷԾఆ͸໰୊Λ؆୯ʹ͢ΔͨΊʹஔ͔Ε͓ͯΓɼ ߈ܸऀ༏ҐͳԾఆͰ͋Δɽ. 3.2 ߈ܸ Tor ʹର͢Δࢦ໲߈ܸͷॳ‫ظ‬ͷ‫͍͓ͯʹڀݚ‬΋ͬͱ΋Α ͘஌ΒΕ͍ͯΔͷ͸ɼ2009 ೥ͷ Herrmann Βͷ‫͋Ͱڀݚ‬ Δ [9]ɽ൴Β͸༷ʑͳϓϥΠόγอ‫ٕޢ‬ज़ʹର͠୯७ϕΠ. ࢦ໲߈ܸΛ Tor Ͱ੒ޭͤ͞Δͷ͸ɼSSH ΍ VPN tunnel-. ζ෼ྨ‫ث‬Λ༻͍ͨࢦ໲߈ܸΛߦ͕ͬͨɼTor ʹର͢Δ߈ܸ. ing ্Ͱ੒ޭͤ͞Δ͜ͱΑΓ΋೉͍͠ [9]ɽ͜Ε͸ɼTor ͸. ੒ޭ཰͸ඇৗʹখ͔ͬͨ͞ɽ2011 ೥ɼPanchenko Β͸ Tor. c 2015 Information Processing Society of Japan . 4.

(5) Vol.2015-CSEC-70 No.19 Vol.2015-SPT-14 No.19 2015/7/2. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. ΢ΣϒαΠτͷൃ‫૷ِͼٴݟ‬ͷ‫ڀݚ‬ΛਐΊΔ͜ͱʹΑΓɼ ௨৴ྔͷΦʔόʔϔουΛ࠷খ‫ʹݶ‬཈͑ͨ··ࢦ໲߈ܸͷ ੒ޭ཰Λେ͖͘௿Լͤ͞Δ͜ͱ͕Ͱ͖Δͱߟ͑Δɽ. 5. ‫ݧ࣮ૅج‬ ຊষͰ͸ɼ΢ϧϑ΢ΣϒαΠτͷఏҊʹ޲͚ͯߦͬͨ‫ج‬ ૅ࣮‫ه͍ͯͭʹݧ‬ड़͢Δɽओʹड़΂Δͷ͸੩తͳ࣮‫͋Ͱݧ‬ Δɽͭ·Γɼ௨৴ͷ్தͰϊΠζΛՃ͑ΔͳͲ͢ΔͷͰ͸ ͳ͘ɼ͋Β͔͡Ίऩूͨ͠ύέοτྻʹର͠ϊΠζΛՃ͑ ධՁΛߦ͏ɽͨͩ͠ɼ͜ͷγφϦΦ͸ Tor ʹద༻͢Δʹ͸ ਤ 3. ΢ϧϑ΢ΣϒαΠτͷΠϝʔδ. ෆద੾Ͱ͋ΔɽTor ͸௿ϨΠςϯγΛಛ௃ͱ͢Δ࣮‫ڥ؀‬γ εςϜͰ͋Γɼ஗Ԇͷ‫ݪ‬ҼͱͳΔΑ͏ͳύέοτόοϑΝ. ্Ͱ΢ΣϒαΠτʹΞΫηε͢ΔΫϥΠΞϯτʹର͠߈ܸ. Ϧϯά͸ߦΘͳ͍ɽ͕ͨͬͯ͠ Tor ্Ͱಇ͘๷‫ޚ‬ख๏Λߟ. Λ੒ޭͤͨ͞ [13]ɽ൴Β͸෼ྨ‫ ʹث‬SVM Λ༻͍ɼHTTP. ͑Δࡍʹ͸ɼͦͷख๏͸ಈతʹಈ࡞ͤ͞Δඞཁ͕͋Δɽ͠. υΩϡϝϯτͷେ͖͞΍ૹड৴ύέοτͷׂ߹ͳͲΛಛ௃. ͔͠ͳ͕Βɼ࣮‫ݧ‬ͷॳ‫ظ‬ஈ֊ͱͯ͠ɼຊߘͰ͸ಈతͳख๏. ྔͱͯ͠༻͍ͨɽ2012 ೥ɼCai Β͸ Tor ʹ͓͚Δࢦ໲߈ܸ. ΛఏҊ͢Δ଍ֻ͔Γͱͯ͠੩తͳख๏Λߟ͑Δɽ. ੒ޭ཰Λେ͖͘޲্ͤͨ͞ [3]ɽͦ͜Ͱ͸ɼύέοτྻΛൺ. ຊ࣮‫ݧ‬γεςϜͷ֓‫؍‬Λਤ 4 ʹࣔ͢ɽ࣮‫Ͱݧ‬͸·͢΢Σ. ֱ͢ΔͨΊʹฤू‫͍༻͕཭ڑ‬ΒΕͨɽ2013 ೥ɼWang ‫ͼٴ‬. ϒτϥϑΟοΫΛऩू͠ɼՃ޻ΛՃ͑Δɽͦͷ‫֤ޙ‬ύέο. Goldberg ͸ฤू‫཭ڑ‬Λ‫͢ࢉܭ‬ΔΞϧΰϦζϜΛมߋ͢Δ. τྻʹ͍ͭͯ๷‫ޚ‬Λࢪͨ͠ύέοτྻΛ༻ҙ͢Δɽͦͯ͠. ͜ͱͰ߈ܸਫ਼౓Λ͞Βʹ޲্ͤͨ͞ [20]ɽ2014 ೥ɼWang. ಛ௃ྔΛநग़͠ɼͦΕΛଟΫϥε෼ྨ‫͚͔ʹث‬Δ͜ͱͰɼ. Β͸‫ߴ࠷ࡏݱ‬ͷ߈ܸ੒ޭ཰Λ΋ͭख๏ΛఏҊͨ͠ [19]ɽઌ. ߈ܸ੒ޭ཰Λग़͢ɽ͜͜Ͱɼ߈ܸ੒ޭ཰ (Accuracy) ͸Ҏ. ߦ‫͍༻Ͱڀݚ‬ΒΕͨಛ௃ྔΛ΄ͱΜͲ͢΂ͯநग़͠ɼͦΕ. ԼͷࣜͰ͋ΒΘ͞ΕΔɽ. ΒʹࣗಈతʹॏΈ͚ͮΛߦ͏͜ͱͰ࠷దͳΫϥε෼ྨΛ໨ ࢦͨ͠ɽ෼ྨʹ͸ k ۙ๣๏Λ༻͍͍ͯΔɽଟ͘ͷಛ௃ྔΛ ༻͍ࣗಈతʹॏΈ͚ͮΛߦ͏͜ͱͰɼ֤๷‫ޚ‬ख๏͕कΔ͜. Accuracy = Success/All. (1). ͜͜Ͱ All ͸ɼ߈ܸऀ͕ࢦ໲߈ܸΛߦͬͨ૯਺Ͱ͋ΔɽҰ. ͱ͕Ͱ͖ͳ͍෦෼Λ෼ྨʹ࢖͏͜ͱ͕Ͱ͖Δͱ͠ɼ͜ͷख. ౓ͷࢦ໲߈ܸͰ͸ɼ߈ܸऀ͸ 1 ͭͷ΢ΣϒτϥϑΟοΫʹ. ๏ͷ‫݈ؤ‬ੑΛओு͍ͯ͠Δɽ. ରͯ͠ 1 ͭͷ URL Λਪఆ͢Δɽ͜ͷਪఆ݁Ռ͕ਖ਼͔ͬ͠. 4. ΢ϧϑ΢ΣϒαΠτ ຊ‫Ͱڀݚ‬͸ɼࢦ໲߈ܸ΁ͷޮՌతͳ๷‫ޚ‬ͷࢳ‫ͯ͠ͱޱ‬ɼ. ͨࢦ໲߈ܸͷ૯਺͕ Success Ͱ͋Δɽ. 5.1 ධՁʹ༻͍Δࢦ໲߈ܸ. ΢ϧϑ΢ΣϒαΠτΛఏҊ͢Δɽ΢ϧϑͱ͸ɼଟ͘ͷొ࿥. ఏҊ͢Δ๷‫ޚ‬ख๏ΛධՁ͢ΔͨΊͷࢦ໲߈ܸͱͯ͠༻͍. ςϯϓϨʔτʹର͠‫ͯͬޡ‬ड͚ೖΕΒΕΔೖྗ৘ใͷ͜ͱ. Δͷ͸ɼ2014 ೥ͷ Wang Βͷࢦ໲߈ܸͰ͋Δ [19]ɽTor ʹ. Ͱ͋Δɻզʑ͸ɼ΢ϧϑ΢ΣϒαΠτΛʮࢦ໲߈ܸͷ๦͛. ର͢Δࢦ໲߈ܸͷதͰ‫ߴ࠷ࡏݱ‬ͷ߈ܸ੒ޭ཰Λ‫ތ‬Δ͜ͷ߈. ͱͳΔ΄Ͳɺଟ͘ͷ΢ΣϒαΠτͱࣅͨࢦ໲ʹͳΔ΢Σϒ. ܸ͸ɼա‫ڈ‬ͷࢦ໲߈ܸ‫͍༻Ͱڀݚ‬ΒΕͨಛ௃ྔΛඇৗʹଟ. αΠτʯͱఆٛ͢Δɽ. ͘࠾༻͍ͯ͠Δɽ౰ख๏Ͱ͸ɼ֤τϥϑΟοΫ͔Β 3736. ͜ͷΠϝʔδΛਤ 3 ʹࣔ͢ɽొ࿥৘ใʹෳ਺ͷ΢Σϒα. ‫ݸ‬ͷಛ௃ྔΛநग़͠ɼͦΕΒʹࣗಈతʹॏΈ͚ͮΛ͢Δ͜. Πτ A,B,C, ... ͕ଘࡏͨ͠ͱ͠ɼ͜ͷ͏ͪ΢ΣϒαΠτ C. ͱͰ࠷దͳΫϥε෼ྨΛߦ͏ɽ֤๷‫ޚ‬ख๏ʹର͠कΒΕͯ. ͕΢ϧϑ΢ΣϒαΠτͰ͋ͬͨͱԾఆ͢Δɽ͜ͷͱ͖ɼτ. ͍ͳ͍෦෼ʹࣗಈతʹूத͢ΔͨΊɼ஌ΒΕ͍ͯΔ͢΂ͯ. ϥϑΟοΫΛ‫ऀܸ߈ͨ͠࡯؍‬͸ɼ΢ΣϒαΠτ A ͷτϥ. ͷ๷‫ޚ‬ख๏ʹ༗ޮͰ͋Δͱͯ͠ख๏ͷ‫݈ؤ‬ੑΛචऀΒ͸ओ. ϑΟοΫʹ͍ͭͯ͸ߴ֬཰ͰͦͷτϥϑΟοΫ͕ A ͷ΋. ு͍ͯ͠Δɽ. ͷͰ͋Δͱ൑ผ͢Δ͜ͱ͕Ͱ͖Δ͕ɼ΢ΣϒαΠτ C ͱ ͍͏΢ϧϑ΢ΣϒαΠτͷτϥϑΟοΫʹ͍ͭͯ͸ͦͷτ. ຊ‫Ͱڀݚ‬͸ɼ߈ܸͷ‫݈ؤ‬ੑʹ஫໨͠ɼ͜ͷࢦ໲߈ܸʹ Αͬͯ๷‫ޚ‬ख๏ͷධՁΛߦ͏ɽ. ϥϑΟοΫ͕ͲͷαΠτͷ΋ͷͰ͋Δ͔൑ผ͢Δͷ͕೉͠ ͍ɼͱ͍͏͜ͱʹͳΔɽ. 5.2 σʔληοτ. ࣮ੈքʹ΢ϧϑ΢ΣϒαΠτ͸ଘࡏ͢Δͷ͔ɼ΢ϧϑ. ࣮‫͍༻ʹݧ‬Δσʔληοτ͸ɼWang Β͕ࢦ໲߈ܸΛධ. ΢ΣϒαΠτ͕‫͖ͱ͔ͨͬͭݟ‬ɼ͋Δ΢ΣϒαΠτΛ΢ϧ. Ձ͢Δࡍʹ༻͍ΒΕͨσʔληοτͰ͋Δ [19]ɽ͜ͷσʔ. ϑ΢ΣϒαΠτʹِ૷ͤ͞Δํ๏ʹͲͷΑ͏ͳํ๏͕͋. ληοτ͸࣮‫ݧ‬ͷ࠶‫ݱ‬ੑͷͨΊʹࢦ໲߈ܸͷίʔυͱͱ΋. Δ͔ɼͱ͍ͬͨ͜ͱΛ୳Δͷ͕‫ڀݚ‬ͷ໨తͰ͋Δɽ΢ϧϑ. ʹஶऀΒʹΑͬͯެ։͞Ε͓ͯΓɼ100 ͷ΢ΣϒαΠτ΁. c 2015 Information Processing Society of Japan . 5.

(6) Vol.2015-CSEC-70 No.19 Vol.2015-SPT-14 No.19 2015/7/2. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. ਤ 4 ද 1. ࣮‫ݧ‬ͷ֓‫؍‬. ࣮‫ ݧ‬1 ͷ݁Ռ. ૹ৴ηϧૠೖ. ड৴ηϧૠೖ. Φʔόʔϔου. ૠೖͳ͠. 0.9053. 0.9053. 0. 5 ηϧຖʹૠೖ. 0.9003. 0.9033. 20%. 3 ηϧຖʹૠೖ. 0.8937. 0.9041. 33%. 1 ηϧຖʹૠೖ. 0.8708. 0.9047. 100%. ͷෳ਺ճΞΫηεΛΩϟϓνϟ͠ɼՃ޻ͨ͠΋ͷͰ͋Δɽ. 100 ͷ΢ΣϒαΠτͱͯ͠બ͹Εͨͷ͸தࠃ΍ӳࠃɼα΢ δΞϥϏΞͰϒϩοΫ͞Ε͍ͯΔαΠτ‫Ͱ܈‬ɼ͜͜Ͱ͸Ξ μϧτίϯςϯπ΍τϨϯτɼफ‫ڭ‬తɼ੓࣏త࿩୊ͱ͍ͬ ͨ΋ͷ͕औΓѻΘΕ͍ͯΔɽͦΕͧΕͷαΠτʹ͍ͭͯ. 90 ճͷΞΫηεΛΩϟϓνϟ͠ɼηϧΛऔΓग़͢Ճ޻Λߦ ͍σʔληοτͱ͢ΔɽՃ޻ͷํ๏͸ҎԼͰ͋Δɽ·֤ͣ. TCP/IP ύέοτʹ͍ͭͯૹ৴ύέοτΛ 1ɼड৴ύέο ද 2. τΛ-1 ͱఆΊΔɽͦͯ͠ϖΠϩʔυͷ௕͞Λ 512 ͰׂΓɼ. ࣮‫ ݧ‬2 ͷ݁Ռ. ͦͷ঎Ληϧͷ਺ͱͯ͠ 1 ΋͘͠͸-1 ͱՃ޻͢Δɽ֤αΠ. ૠೖͳ͠. 0.9053. τͷ 90 ͷΠϯελϯε͸ 60 ‫ ͕ݸ‬k ۙ๣๏ͷֶशʹ༻͍Β. ௚‫͖޲ٯʹޙ‬ηϧૠೖ. 0.6301. Εɼ࢒Γ 30 ‫ ͕ݸ‬Accuracy ͷ‫͍༻ʹࢉܭ‬ΒΕΔɽ. ௚લʹ‫͖޲ٯ‬ηϧૠೖ. 0.6301. ૹ৴ͱड৴͕ަ‫ͳʹޓ‬ΔΑ͏ૠೖ. 0.3630. 5.3 ࣮‫ํݧ‬๏ ΢ϧϑ΢ΣϒαΠτൃ‫ج͚ͯ޲ʹݟ‬ຊతͳ࣮‫ݧ‬Λओʹ 2 ͭߦͬͨɽ͜͜Ͱ͸ɼ߈ܸऀ͸๷‫ޚ‬ख๏Λ஌͍ͬͯΔͱԾ ఆ͢Δɼͭ·Γ߈ܸऀ͸ηϧ͕ૠೖ͞Εͨ‫ޙ‬ͷσʔλΛֶ शσʔλͱͯ͠༻͍Δɽ࣮‫݁ݧ‬Ռͱͯࣔ͢͠஋͸͢΂ͯ. Accuracy Ͱ͋Δɽ ࣮‫ ݧ‬1 ͸ɼఆ‫ظ‬తͳηϧͷૠೖͰ͋ΔɽΩϟϓνϟ͠ ͨૹ৴ɼड৴ηϧΛ଍͠߹Θͤͨ਺͕ 5ɼ3ɼ1 ͷഒ਺ɼͱ ͳͬͨͱ͖ʹૹ৴ηϧΛૠೖͨ͠ɽड৴ηϧͷૠೖ΋ಉ༷ ʹߦͬͨɽ ࣮‫ ݧ‬2 ͸ɼૹड৴ηϧͷฒͼ΍ස౓Λফ͢ૠೖͰ͋Δɽ ड৴ηϧͷ௚‫ૹʹޙ‬৴ηϧΛૠೖ͠ɼૹ৴ηϧͷ௚‫ʹޙ‬ड ৴ηϧΛૠೖ͢Δͱ͍͏ૢ࡞΍ɼड৴ηϧͷ௚લʹૹ৴η ϧΛૠೖ͠ɼૹ৴ηϧͷ௚‫ʹޙ‬ड৴ηϧΛૠೖ͢Δͱ͍͏ ૢ࡞Λߦͬͨɽ·ͨɼηϧͷॱংΛ‫׬‬શʹফͨ͢Ίɼड৴ ηϧͷ௚લʹૹ৴ηϧΛૠೖ͠ɼૹ৴ηϧͷ௚‫ʹޙ‬ड৴η ϧΛૠೖ͢Δͱ͍͏ૢ࡞΋ߦͬͨɽ. c 2015 Information Processing Society of Japan . 6.

(7) Vol.2015-CSEC-70 No.19 Vol.2015-SPT-14 No.19 2015/7/2. ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. 5.4 ࣮‫݁ݧ‬Ռ. σʔλͰಉ͡ Tor αʔΩοτ͕༻͍ΒΕͳ͍Α͏͢Δɽ. ࣮‫ ݧ‬1ɼ࣮‫ ݧ‬2 ͷ݁ՌΛͦΕͧΕද 1ɼ2 ʹࣔ͢ɽ͜ͷ஋ ͸ɼ֤৔߹ຖʹ 5 ճࢦ໲߈ܸΛߦ͍ɼͦͷ Accuracy ͷฏ ‫ۉ‬Λͱͬͨ΋ͷͰ͋Δɽ. 6.2 ಛ௃ྔͷ෼෍ ΢ϧϑ͸ొ࿥ςϯϓϨʔτͷಛ௃ྔ෼෍͕ภΔ͜ͱʹ. ࣮‫ ݧ‬1 Ͱ͸ఆ‫ظ‬తͳηϧͷૠೖΛߦͬͨɽड৴ηϧΛૠ. Αͬͯੜ͡ΔɽͦͷͨΊࠓ‫ޙ‬ಛ௃ྔͷ෼෍Λௐ΂Δ͜ͱʹ. ೖͨ͠৔߹ɼૠೖ͠ͳ͔ͬͨ৔߹ͱൺ΂ࢦ໲߈ܸʹର͠΄. ͳΔ͕ɼ5 ষͷ࣮‫͔ݧ‬ΒΘ͔ΔΑ͏ʹɼ͋Δఔ౓ࣅͨ૯௨. ͱΜͲޮՌΛൃ‫͕ͱ͍͜ͳ͍ͯ͠ش‬Θ͔Δɽૹ৴ηϧΛૠ. ৴ྔΛ΋ͭσʔλؒͰ෼෍ΛूΊΔඞཁ͕͋Δɽ૯௨৴ྔ. ೖͨ͠৔߹ɼड৴ηϧૠೖʹൺ΂ࢦ໲߈ܸʹର͠ޮՌΛൃ. ͱ͍͏ಛ௃ΛࣅͤΑ͏ͱ͢Δͱɼେ͖ͳΦʔόʔϔου͕. ‫͍ͯ͠ش‬Δɽ͔͠͠ૠೖʹΑͬͯ௨৴ྔΛೋഒʹͨ͠ͱ͖. ඞཁͱͳΓ‫ڀݚ‬ͷ໨త͔Β֎ΕΔͨΊͰ͋Δɽ͜͜Ͱɼಛ. Ͱ΋໿ 87%ͷ߈ܸ੒ޭ཰ͱͳ͓ͬͯΓɼఆ‫ظ‬తͳηϧૠೖ. ௃ྔͱͯ͠ͷ૯௨৴ྔΛͲ͏۠෼͚Δ͔ͱ͍͏ͷ͸େ͖ͳ. ͷޮՌͷ௿͕͞‫ݱ‬Ε͍ͯΔɽ͜Ε͸ɼࢦ໲߈ܸͰ༻͍Δ‫د‬. ՝୊ͩͱߟ͑Δɽ. ༩ͷେ͖͍ಛ௃ྔͷ͏ͪɼ௨৴ྔ΍ηϧͷॱংͱ͍ͬͨಛ ௃͕͋·ΓมԽ͍ͯ͠ͳ͍͜ͱʹґΔͱߟ͑ΒΕΔɽ ࣮‫ ݧ‬2 Ͱ͸ɼ࣮‫ ݧ‬1 ͷ݁ՌΛ౿·͑ɼηϧͷॱংΛେ͖. 6.3 ΢ϧϑ΢ΣϒαΠτͷධՁํ๏ߟҊ ຊߘͰ͸ɼ‫ݧ࣮ૅج‬ͷ݁ՌΛදͨ͢Ίʹ Accuracy Λ༻. ͘ཚ͢Α͏ʹૠೖΛՃ͑ͨɽ͜ͷͱ͖࣮‫ݧ‬ͷͲͷ৔߹Ͱ΋ɼ. ͍͕ͨɼ͜ΕΛ௚઀΢ϧϑ΢ΣϒαΠτͷධՁʹ༻͍Δ. 1 ͭͷηϧʹର͠ 1 ͭͷηϧΛૠೖ͍ͯ͠ΔͷͰɼ௨৴ྔ. ͜ͱ͸Ͱ͖ͳ͍ɽ·ͨɼੜମೝূͷ෼໺ʹ͓͍ͯ΢ϧϑ. ͷΦʔόʔϔου͸ 100%Ͱ͋ΔɽΩϟϓνϟͨ͠શͯͷ. ͷධՁʹྑ͘༻͍ΒΕ͍ͯΔࢦඪʹ WAP (Wolf Attack. ηϧʹର͠ɼͦΕͧΕͷ௚લ·ͨ͸௚‫ʹޙ‬ɼํ޲͕‫ͳͱٯ‬. Probability) ͕͋Δ͕ɼ͜Ε΋΢ϧϑ΢ΣϒαΠτͷධՁ. ΔηϧΛૠೖͨ͠ɽಛʹɼ3 ͭΊͷ৔߹Ͱ͸ɼड৴ηϧͷ. ʹ༻͍Δ͜ͱ͸Ͱ͖ͳ͍ɽͱ͍͏ͷ΋ɼੜମೝূʹ͓͍ͯ. ௚‫ૹʹޙ‬৴ηϧΛɼૹ৴ηϧͷ௚લʹड৴ηϧΛૠೖ͢Δ. ΢ϧϑͷධՁΛ͢Δࡍͦͷೝূ͸ҰରҰೝূͰ͋Δͷʹର. ͜ͱʹΑΓɼૹ৴ηϧͱड৴ηϧ͕‫׬‬શʹަ‫ʹޓ‬ฒͿΑ͏. ͠ɼ΢ϧϑ΢ΣϒαΠτͷධՁΛ͢Δࡍͦͷೝূ͸Ұରଟ. ʹͨ͠ɽ࣮‫ ݧ‬1 ͷ݁Ռͱൺ΂Δ͜ͱͰɼಉ͡Φʔόʔϔο. ೝূͰ͋ΓҟͳΔೝূ͕͞Ε͍ͯΔͨΊͰ͋Δɽैͬͯ΢. υ͕ 100%ͱͳΔૠೖͰ΋ɼ࣮‫ ݧ‬2 Ͱߦͬͨૠೖͷ΄͏͕. ϧϑ΢ΣϒαΠτͷධՁʹ޲͚ͯ৽ͨͳධՁ‫ج‬४ΛߟҊ͢. ޮՌతͰ͋Δ͜ͱ͕Θ͔Δɽ·ͨɼ࣮‫ ݧ‬1 ͷ݁Ռ΍ɼ1 ͭ. Δඞཁ͕͋Γɼ͜Ε͸ࠓ‫ޙ‬ͷ՝୊Ͱ͋Δɽ. ໨ɼ2 ͭ໨ͷ৔߹ͷ݁Ռɼ‫׬‬શʹηϧͷॱং৘ใΛফͨ͠. 3 ͭ໨ͷ৔߹ͷ݁ՌΛൺ΂Δͱɼηϧͷॱং͕ඇৗʹେ͖. ࢀߟจ‫ݙ‬. ͳಛ௃ͱͳ͍ͬͯΔ͜ͱ͕Θ͔Δɽ͞Βʹ 3 ͭ໨ͷ݁Ռ͔. [1] [2] [3]. Βɼ૯௨৴ྔͱ࣌ؒ৘ใͷΈ͔Βɼ໿ 36%ͷਫ਼౓Ͱ߈ܸ͕ ੒ޭ͢Δ͜ͱ͕Θ͔Δɽ. 6. ࠓ‫ޙ‬ͷ՝୊ ୈ 5 ষͰड़΂ͨ‫ݧ࣮ૅج‬Λ౿·͑ɼ΢ϧϑ΢ΣϒαΠτ. [4]. ͷੑ࣭Λ୳ΔͨΊࠓ‫ޙ‬ҎԼͷ఺͕՝୊ͱͯ͠‫͛ڍ‬ΒΕΔɽ. 6.1 σʔλऩू. [5]. ຊߘͰ༻͍ͨσʔληοτ͸ Wang Β͕ա‫ʹڈ‬ऩू͠Ճ ޻Λߦͬͨ΋ͷͰ͋Δɽࠓ‫ޙ‬΢ϧϑͷ‫ڀݚ‬ΛਐΊΔʹ͋ͨ. [6]. Γɼಛ௃ͷภΓΛൃ‫͢ݟ‬ΔͨΊʹΑΓଟ͘ͷ΢ΣϒαΠτ Λର৅ͱ͢Δඞཁੑ͕ߟ͑ΒΕΔɽ͔͠͠ Tor ͷόʔδϣ ϯ΍ωοτϫʔΫ‫ڥ؀‬ͷҧ͍͔Βɼެ։͞Ε͍ͯΔσʔλ. [7]. ʹ௚઀৽ͨͳτϥϑΟοΫΛ૿΍͢͜ͱ͸೉͍͠ɽͦ͜Ͱ ಠࣗʹσʔληοτΛऔΔඞཁ͕͋Δͱߟ͑Δɽ͜ͷͱ͖. [8]. σʔληοτ͸ҎԼͷΑ͏ʹ࡞੒͢Δɽର৅ͱ͢ΔαΠτ ‫܈‬͸ɼAlexa Top sites[1] ͱ͢Δɽ͜Εʹ͸ઌߦ‫͠Ͱڀݚ‬ ͹͠͹༻͍ΒΕ͓ͯΓɼൺֱ‫ݕ‬౼͕͠΍͍͢ͱ͍͏ར఺͕ ͋Δɽ·ͨɼαΠτ಺༰ͷେ͖ͳมԽΛ๷͙ͨΊɼͦΕͧ ΕͷαΠτͷτϥϑΟοΫऩू͸ 12 ࣌ؒҎ্͚͓͋ͯ͜ ͳ͏͜ͱ͕ͳ͍Α͏ʹ͢Δɽ͞Βʹɼֶशσʔλͱςετ. c 2015 Information Processing Society of Japan . [9]. Alexa. http://www.alexa.com/. Tor metrics. https://metrics.torproject.org/. Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 605–616. ACM, 2012. David L Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84–90, 1981. Roger Dingledine. Tor and circumvention: Lessons learned. In Advances in Cryptology–CRYPTO 2011, pages 485–486. Springer, 2011. Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. In In Proceedings of the 13th USENIX Security Symposium, pages 303–320. USENIX Association, Aug. 2004. John R Douceur. The sybil attack. In Peer-to-peer Systems, pages 251–260. Springer, 2002. Kevin P Dyer, Scott E Coull, Thomas Ristenpart, and Thomas Shrimpton. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 332–346. IEEE, 2012. Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na¨ıve-bayes classifier. In Proceedings of the 2009. 7.

(8) ৘ใॲཧֶձ‫ڀݚ‬ใࠂ IPSJ SIG Technical Report. [10]. [11]. [12]. [13]. [14]. [15]. [16]. [17]. [18]. [19]. [20]. [21]. [22]. Vol.2015-CSEC-70 No.19 Vol.2015-SPT-14 No.19 2015/7/2. ACM workshop on Cloud computing security, pages 31–42. ACM, 2009. Nicholas Hopper, Eugene Y Vasserman, and Eric Chan-Tin. How much anonymity does network latency leak? ACM Transactions on Information and System Security (TISSEC), 13(2):13, 2010. Brian N Levine, Michael K Reiter, Chenxi Wang, and Matthew Wright. Timing attacks in low-latency mix systems. In Financial Cryptography, pages 251–265. Springer, 2004. Xiapu Luo, Peng Zhou, Edmond WW Chan, Wenke Lee, Rocky KC Chang, and Roberto Perdisci. Httpos: Sealing information leaks with browser-side obfuscation of encrypted flows. In NDSS, 2011. Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, pages 103–114. ACM, 2011. M. Perry. Experimental defense for website traffic fingerprinting. https://blog.torproject.org/blog/experimentaldefensewebsitetrafficfingerprinting. Andreas Pfitzmann and Michael Waidner. Networks without user observability – design options. In In Proceedings of a workshop on the theory and application of cryptographic techniques on Advances in cryptology-EUROCRYPT, pages 245–253. SpringerVerlag New York, Inc, 1986. Ryan Pries, Wei Yu, Xinwen Fu, and Wei Zhao. A new replay attack against anonymous communication networks. In Communications, 2008. ICC’08. IEEE International Conference on, pages 1578–1582. IEEE, 2008. M.G. Reed, P.F. Syverson, and D.M. Goldschlag. Onion routing network for securely moving data through communication networks, July 24 2001. US Patent 6,266,704. Yi Shi and Kanta Matsuura. Fingerprinting attack on the tor anonymity system. In Information and Communications Security, pages 425–438. Springer, 2009. Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. Effective attacks and provable defenses for website fingerprinting. In Proceedings of 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, August 2014. USENIX Association. Tao Wang and Ian Goldberg. Improved website fingerprinting on tor. In Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, pages 201–212. ACM, 2013. Charles V Wright, Scott E Coull, and Fabian Monrose. Traffic morphing: An efficient defense against statistical traffic analysis. In Proceedings of the 16th Network and Distributed Security Symposium, pages 237–250, 2009. Matthew K Wright, Micah Adler, Brian Neil Levine, and Clay Shields. The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Transactions on Information and System Security (TISSEC), 7(4):489–522, 2004.. c 2015 Information Processing Society of Japan . 8.

(9)