Critical Traffic Analysis on the Tor Network
Keywords:Tor, traffic analysis, hidden services, deanonymization
Tor is a widely-used anonymity network with more than two million daily users. A prominent feature of Tor is the hidden service architecture. Hidden services are a popular method for communicating anonymously or sharing web contents anonymously. For security reasons, in Tor all data packets to be send over the network are structured completely identical. They are encrypted using the TLS protocol and its size is fixed to exactly 512 bytes. In this work we describe a method to deanonymize any hidden service on Tor based on traffic analysis. This method allows an attacker with modest resources to deanonymize any hidden services in less than 12.5 days. This poses a threat to anonymity online.
Alex Biryukov and Ivan Pustogarov. Bitcoin over tor isn’t a good idea. In 2015 IEEE Symposium on Security and Privacy, pages 122–134. IEEE, 2015.
Alex Biryukov, Ivan Pustogarov, Fabrice Thill, and Ralf-Philipp Weinmann. Content and popularity analysis of tor hidden services. In 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW), pages 188–193. IEEE, 2014.
Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. Trawling for tor hidden services: Detection, measurement, deanonymization. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 80–94. IEEE, 2013.
Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, and Ian Goldberg. A systematic approach to developing and evaluating website fingerprinting defenses. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 227–238. ACM, 2014.
Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 605–616. ACM, 2012.
Nicolas Christin. Traveling the silk road: A measurement analysis of a large anonymous online marketplace. In Proceedings of the 22nd international conference on World Wide Web, pages 213–224. ACM, 2013.
Tariq Elahi, Kevin Bauer, Mashael AlSabah, Roger Dingledine, and Ian Goldberg. Changing of the guards: A framework for understanding and improving entry guard selection in tor. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, pages 43–54. ACM, 2012.
Centre for International Goverance Innovation. Global Commission on Internet Goverance, 2020 (accessed April 03, 2020). https://www.cigionline.org/initiatives/global-commission-internet-governance.
Ian Avrum Goldberg and Eric Brewer. A pseudonymous communications infrastructure for the internet. University of California, Berkeley, 2000.
David M Goldschlag, Michael G Reed, and Paul F Syverson. Hiding routing information. In International Workshop on Information Hiding, pages 137–150. Springer, 1996.
Rob Jansen, Marc Juarez, Rafa Gálvez, Tariq Elahi, and Claudia Diaz. Inside job: Applying traffic analysis to measure tor from within. In NDSS, 2018.
Aaron Johnson, Rob Jansen, Nicholas Hopper, Aaron Segal, and Paul Syverson. Peerflow: Secure load balancing in tor. Proceedings on Privacy Enhancing Technologies, 2017(2):74–94, 2017.
Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier, and Srinivas Devadas. Circuit fingerprinting attacks: Passive deanonymization of tor hidden services. In 24th USENIX Security Symposium (USENIX Security 15), 2015.
Zhen Ling, Junzhou Luo, Kui Wu, and Xinwen Fu. Protocol-level hidden server discovery. In INFOCOM, 2013 Proceedings IEEE, pages 1043–1051. IEEE, 2013.
Karsten Loesing, Werner Sandmann, Christian Wilms, and Guido Wirtz. Performance measurements and statistics of tor hidden services. In Applications and the Internet, 2008. SAINT 2008. International Symposium on, pages 1–7. IEEE, 2008.
Lasse Overlier and Paul Syverson. Locating hidden servers. In Security and Privacy, 2006 IEEE Symposium on, pages 15–pp. IEEE, 2006.
Gareth Owen and Nick Savage. The tor dark net. 2015.
Gareth Owen and Nick Savage. Empirical analysis of tor hidden services. IET Information Security, 10(3):113–118, 2016.
The Tor Project. Configuring Onion Services for Tor, 2019 (accessed Mai 06, 2019). https://2019.www.torproject.org/docs/tor-onion-service.html.en.
The Tor Project. New release: Tor 0.4.1.5, 2020 (accessed April 03, 2020). https://blog.torproject.org/new-release-tor-0415.
The Tor Project. Tor metrics portal, 2020 (accessed December 01, 2020). https://metrics.torproject.org.
Paul Syverson, R Dingledine, and N Mathewson. Tor: The secondgeneration onion router. In Usenix Security, 2004.
Tao Wang. Website fingerprinting: Attacks and defenses. 2016.
Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. Effective attacks and provable defenses for website fingerprinting. In USENIX Security Symposium, pages 143–157, 2014.
Tao Wang and Ian Goldberg. Improved website fingerprinting on tor. In Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, pages 201–212. ACM, 2013.
Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields. Defending anonymous communications against passive logging attacks. In 2003 Symposium on Security and Privacy, 2003., pages 28–41. IEEE, 2003.
Matthew K Wright, Micah Adler, Brian Neil Levine, and Clay Shields. The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Transactions on Information and System Security (TISSEC), 7(4):489–522, 2004.