Quangang Li,Peipeng Liu,Zhiguang Qin

DOI: https://doi.org/10.14257/ijsia.2015.9.11.36

2015-01-01

International Journal of Security and Its Applications

Abstract:Tor is a popular low-latency anonymous communication system which could provide anonymity and anti-censorship. Based on previous researches on de-anonymization of Tor, this paper proposes a novel approach to attack users' guard selection which can pose great threat against Tor users' anonymity. Under the current design of Tor, once entry guards are compromised, the probability that an attacker observes both ends of a Tor circuit will be highly improved. Actual and simulated experiments both show that an attacker (e.g., a local or national government which have the power to monitor a Tor user's internet connection) can successfully compromise a specific Tor user's entry guard in about 30 minutes, and this can further help de-anonymize the user's anonymous communication.

Yixin Sun,Anne Edmundson,Laurent Vanbever,Oscar Li,Jennifer Rexford,Mung Chiang,Prateek Mittal

DOI: https://doi.org/10.48550/arXiv.1503.03940

2015-03-13

Abstract:The Tor network is a widely used system for anonymous communication. However, Tor is known to be vulnerable to attackers who can observe traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip of the iceberg. We present a suite of new attacks, called Raptor, that can be launched by Autonomous Systems (ASes) to compromise user anonymity. First, AS-level adversaries can exploit the asymmetric nature of Internet routing to increase the chance of observing at least one direction of user traffic at both ends of the communication. Second, AS-level adversaries can exploit natural churn in Internet routing to lie on the BGP paths for more users over time. Third, strategic adversaries can manipulate Internet routing via BGP hijacks (to discover the users using specific Tor guard nodes) and interceptions (to perform traffic analysis). We demonstrate the feasibility of Raptor attacks by analyzing historical BGP data and Traceroute data as well as performing real-world attacks on the live Tor network, while ensuring that we do not harm real users. In addition, we outline the design of two monitoring frameworks to counter these attacks: BGP monitoring to detect control-plane attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our work motivates the design of anonymity systems that are aware of the dynamics of Internet routing.

Networking and Internet Architecture,Cryptography and Security

Jing Tian,Gaopeng Gou,Yangyang Guan,Wei Xia,Gang Xiong,Chang Liu

DOI: https://doi.org/10.1109/milcom52596.2021.9653038

2021-01-01

Abstract:Tor is an important tool for anonymous communication. However, due to its popularity, Tor is also concerned by censors or other malicious attackers. A large body of existing work examines Tor's susceptibility to flow correlation attacks, which are a form of deanonymization attack. Currently, a variety of traffic obfuscation plugs are deployed on Tor to defeat flow correlation attacks. However, whether plug-based defense can effectively resist those attacks has not been tested and verified. This paper focuses on how to effectively defeat the threat of flow correlation attacks on Tor. We first conduct experiments to illustrate the actual defense effect of obfuscation plugs against flow correlation attacks, and the results show their effectiveness. However, the obfuscation-based defense also faces many other problems such as censorship. So we explore the techniques used in differential privacy ($FPA_{k}$ and $d^{\ast}$-private) to apply a tiny perturbation on Tor traffic. Our findings on differential privacy suggest that the perturbations generated by the two mechanisms can successfully flaw the existing flow correlation attacks on Tor.

Karwan Mustafa Kareem

2024-05-12

Abstract:Onion routing networks, also known as darknets, are private networks that enable anonymous communication over the Internet. They are used by individuals and organizations to protect their privacy, but they also attract cybercriminals who exploit the anonymity provided by these networks for illegal activities. This paper comprehensively analyzes cybercrime threats and countermeasures in onion routing networks. We review the various types of cybercrime that occur in these networks, including drug trafficking, fraud, hacking, and other illicit activities. We then discuss the challenges associated with detecting and mitigating cybercrime in onion routing networks, such as the difficulty of tracing illegal activities back to their source due to the strong anonymity guarantees provided by these networks. We also explore the countermeasures that have been proposed and implemented to combat cybercrime in onion routing networks, including law enforcement efforts, technological solutions, and policy interventions. Finally, we highlight the limitations of existing countermeasures and identify potential directions for future research in this area, including the need for interdisciplinary approaches that combine technical, legal, and social perspectives to effectively combat cybercrime in onion routing networks.

Cryptography and Security,Networking and Internet Architecture

Philipp Winter,Anne Edmundson,Laura M. Roberts,Agnieszka Dutkowska-Zuk,Marshini Chetty,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1806.11278

2018-06-29

Abstract:Onion services are anonymous network services that are exposed over the Tor network. In contrast to conventional Internet services, onion services are private, generally not indexed by search engines, and use self-certifying domain names that are long and difficult for humans to read. In this paper, we study how people perceive, understand, and use onion services based on data from 17 semi-structured interviews and an online survey of 517 users. We find that users have an incomplete mental model of onion services, use these services for anonymity and have varying trust in onion services in general. Users also have difficulty discovering and tracking onion sites and authenticating them. Finally, users want technical improvements to onion services and better information on how to use them. Our findings suggest various improvements for the security and usability of Tor onion services, including ways to automatically detect phishing of onion services, more clear security indicators, and ways to manage onion domain names that are difficult to remember.

Cryptography and Security

Amirali Sanatinia,Guevara Noubir

DOI: https://doi.org/10.48550/arXiv.1501.03378

2015-01-14

Abstract:Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots achieve a low diameter and a low degree and are robust to partitioning under node deletions. We developed a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and discuss a set of techniques that can enable subsequent waves of Super OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.

Cryptography and Security

Rebekah Overdorf,Marc Juarez,Gunes Acar,Rachel Greenstadt,Claudia Diaz

DOI: https://doi.org/10.1145/3133956.3134005

2017-09-21

Abstract:Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website fingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site fingerprintability, considering three state-of-the-art website fingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website fingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to fingerprinting and which features make them so. We find that there is a high variability in the rate at which sites are classified (and misclassified) by these attacks, implying that average performance figures may not be informative of the risks that website fingerprinting attacks pose to particular sites. We analyze the features exploited by the different website fingerprinting methods and discuss what makes onion service sites more or less easily identifiable, both in terms of their traffic traces as well as their webpage design. We study misclassifications to understand how onion service sites can be redesigned to be less vulnerable to website fingerprinting attacks. Our results also inform the design of website fingerprinting countermeasures and their evaluation considering disparate impact across sites.

Cryptography and Security

Benjamin Güldenring,Volker Roth

2024-08-15

Abstract:Phishing websites are a common phenomenon among Tor onion services, and phishers exploit that it is tremendously difficult to distinguish phishing from authentic onion domain names. Operators of onion services devised several strategies to protect their users against phishing. But as we show in this work, none protect users against phishing without producing traces about visited services - something that particularly vulnerable users might want to avoid. In search of a solution we review prior research addressing this problem, and find that only two known approaches, hash visualization and PAKE, are capable of solving this problem. Hash visualization requires users to recognize large hash values. In order to make hash visualization more practical we design a novel mechanism called recognizer, which substantially reduces the amount of information that users must recognize. We analyze the security and privacy properties of our system formally, and report on our prototype implementation as a browser extension for the Tor web browser.

Cryptography and Security,Human-Computer Interaction

George Kadianakis,Theodoros Polyzos,Mike Perry,Kostas Chatzikokolakis

DOI: https://doi.org/10.48550/arXiv.2103.03831

2022-01-12

Abstract:Online anonymity and privacy has been based on confusing the adversary by creating indistinguishable network elements. Tor is the largest and most widely deployed anonymity system, designed against realistic modern adversaries. Recently, researchers have managed to fingerprint Tor's circuits -- and hence the type of underlying traffic -- simply by capturing and analyzing traffic traces. In this work, we study the circuit fingerprinting problem, isolating it from website fingerprinting, and revisit previous findings in this model, showing that accurate attacks are possible even when the application-layer traffic is identical. We then proceed to incrementally create defenses against circuit fingerprinting, using a generic adaptive padding framework for Tor based on WTF-PAD. We present a simple defense which delays a fraction of the traffic, as well as a more advanced one which can effectively hide onion service circuits with zero delays. We thoroughly evaluate both defenses, both analytically and experimentally, discovering new subtle fingerprints, but also showing the effectiveness of our defenses.

Cryptography and Security

Pere Manils,Chaabane Abdelberri,Stevens Le Blond,Mohamed Ali Kaafar,Claude Castelluccia,Arnaud Legout,Walid Dabbous

DOI: https://doi.org/10.48550/arXiv.1004.1461

2010-04-09

Networking and Internet Architecture

Abstract:Privacy of users in P2P networks goes far beyond their current usage and is a fundamental requirement to the adoption of P2P protocols for legal usage. In a climate of cold war between these users and anti-piracy groups, more and more users are moving to anonymizing networks in an attempt to hide their identity. However, when not designed to protect users information, a P2P protocol would leak information that may compromise the identity of its users. In this paper, we first present three attacks targeting BitTorrent users on top of Tor that reveal their real IP addresses. In a second step, we analyze the Tor usage by BitTorrent users and compare it to its usage outside of Tor. Finally, we depict the risks induced by this de-anonymization and show that users' privacy violation goes beyond BitTorrent traffic and contaminates other protocols such as HTTP.

Yossi Gilad,Amir Herzberg

DOI: https://doi.org/10.48550/arXiv.1204.6623

2012-04-30

Abstract:We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server and circumventing known defenses. Attacker can also launch devastating denial of service (DoS) attacks, even when the connection between the client and the server is secured with SSL/TLS. The attacks are practical and require a puppet (malicious script in browser sandbox) running on a the victim client machine, and attacker capable of IP-spoofing on the Internet. Our attacks use a technique allowing an off-path attacker to learn the sequence numbers of both client and server in a TCP connection. The technique exploits the fact that many computers, in particular those running Windows, use a global IP-ID counter, which provides a side channel allowing efficient exposure of the connection sequence numbers. We present results of experiments evaluating the learning technique and the attacks that exploit it. Finally, we present practical defenses that can be deployed at the firewall level; no changes to existing TCP/IP stacks are required.

Cryptography and Security

Alejandro Buitrago López,Javier Pastor-Galindo,Félix Gómez Mármol,Buitrago López, Alejandro,Pastor-Galindo, Javier,Gómez Mármol, Félix

DOI: https://doi.org/10.1007/s11276-024-03679-4

IF: 2.701

2024-02-25

Wireless Networks

Abstract:The Tor network is known for its opaque characteristics and involvement in illicit activities, motivating to shed light on the exposure, lifetime, and functionalities of onion services. This study focuses on the appearance of Tor links in online advertising and monitors the connectivity status and protocols of the collected onion domains through the Tor network over 105 days. Out of 54,602 onion addresses gathered, it was found that 38% of Tor links were advertised only once, 43% between two and five times, and 19% more than five times. Furthermore, 50% of the addresses were exclusively advertised on the surface web, 6% on the dark web, and 44% on both portions. The temporal analysis revealed that 67% of the addresses were predominantly active, 7% were intermittent, and 26% were mostly inactive. The study examined fifteen protocols used by onion services, concluding that 94% employed a single protocol, while 6% utilized between two and eight protocols. Among active sites, HTTP was present in 99.75% of cases, followed by SSH (4.95%) and HTTPS (0.64%). Additionally, onion services without web services often deploy cryptocurrency or instant messaging servers. This study offers a comprehensive and current understanding of the dark web, surpassing previous research in its scope.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sambuddho Chakravarty,Georgios Portokalidis,Michalis Polychronakis,Angelos D. Keromytis

DOI: https://doi.org/10.1007/s10207-014-0256-7

2014-08-18

International Journal of Information Security

Abstract:Anonymous communication networks, like Tor, partially protect the confidentiality of user traffic by encrypting all communications within the overlay network. However, when the relayed traffic reaches the boundaries of the network, toward its destination, the original user traffic is inevitably exposed to the final node on the path. As a result, users transmitting sensitive data, like authentication credentials, over such networks, risk having their data intercepted and exposed, unless end-to-end encryption is used. Eavesdropping can be performed by malicious or compromised relay nodes, as well as any rogue network entity on the path toward the actual destination. Furthermore, end-to-end encryption does not assure defense against man-in-the-middle attacks. In this work, we explore the use of decoys at multiple levels for the detection of traffic interception by malicious nodes of proxy-based anonymous communication systems. Our approach relies on the injection of traffic that exposes bait credentials for decoy services requiring user authentication, and URLs to seemingly sensitive decoy documents which, when opened, invoke scripts alerting about being accessed. Our aim was to entice prospective eavesdroppers to access our decoy servers and decoy documents, using the snooped credentials and URLs. We have deployed our prototype implementation in the Tor network using decoy IMAP, SMTP, and HTTP servers. During the course of over 30 months, our system has detected 18 cases of traffic eavesdropping that involved 14 different Tor exit nodes.

computer science, information systems, theory & methods, software engineering

Xun Gong,Negar Kiyavash,Nabíl Schear,Nikita Borisov

DOI: https://doi.org/10.48550/arXiv.1109.0097

2011-09-01

Abstract:Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point that exploits a queuing side channel in routers. To demonstrate the threat of such remote traffic analysis, we study a remote website detection attack that works against home broadband users. Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to detecting fingerprints from the same website. As a new twist on website fingerprinting, we consider a website detection attack, where the attacker aims to find out whether a user browses a particular web site, and its privacy implications. We show experimentally that, although the success of the attack is highly variable, depending on the target site, for some sites very low error rates. We also show how such website detection can be used to deanonymize message board users.

Cryptography and Security

Paul Syverson,Matthew Finkel,Saba Eskandarian,Dan Boneh

DOI: https://doi.org/10.1145/3463676.3485610

2021-11-15

Abstract:Onion addresses encode their own public key. They are thus self-authenticating, one of the security and privacy advantages of onion services, which are typically accessed via Tor Browser. Because of the mostly random-looking appearance of onion addresses, a number of onion discovery mechanisms have been created to permit routing to an onion address associated with a more meaningful URL, such as a registered domain name. We describe novel vulnerabilities engendered by onion discovery mechanisms recently introduced by Tor Browser that facilitate hijack and tracking of user connections. We also recall previously known hijack and tracking vulnerabilities engendered by use of alternative services that are facilitated and rendered harder to detect if the alternative service is at an onion address. Self-authenticating traditional addresses (SATAs) are valid DNS addresses or URLs that also contain a commitment to an onion public key. We describe how the use of SATAs in onion discovery counters these vulnerabilities. SATAs also expand the value of onion discovery by facilitating self-authenticated access from browsers that do not connect to services via the Tor network.

Zhenbo Xu,Wei Yang,Yang Xu,Ajin Meng,Jianhua Liu,Qijian He,Liusheng Huang

DOI: https://doi.org/10.1109/SAHCN.2018.8397144

2018-01-01

Abstract:For online conversations with top privacy, we often need to erase the existing contact behavior. Thus we want communications in which adversaries can not link you to the person you contact, namely communications with unlinkability. However, most current communication systems including variations of Mix networks fail to maintain unlinkability against global active adversaries (GAA) who can monitor global traffic and easily compromise clients and infrastructures. Therefore, designing an unlinkable communication system against GAA is challenging. By analyzing limitations of current communication systems, we propose two other features to assure unlinkability: covertness and deniability. In this paper, we design HTor, a novel and practical communication system with unlinkability, via a single web server. HTor interpolates the server to cut off the direct connection between two people in one communication and exploits covert channels (CCs) to hide communications between clients and the server. Considering servers might be corrupted, HTor utilizes a group mechanism to protect the receiver for each message. By extensive large-scale evaluations, we show that communications over HTor are robust and difficult to detect. Besides, HTor is easily implemented and, with multiple servers, it can provide enough bandwidth and relatively low latency for chatting.

Travis Cuvelier,Sean Ha,Maretta Morovitz

2024-10-18

Abstract:We consider the case where an adversary is conducting a surveillance campaign against a networked control system (NCS), and take the perspective of a defender/control system operator who has successfully isolated the cyber intruder. To better understand the adversary's intentions and to drive up their operating costs, the defender directs the adversary towards a ``honeypot" that emulates a real control system and without actual connections to a physical plant. We propose a strategy for adversary engagement within the ``honey" control system to increase the adversary's costs of information processing. We assume that, based on an understanding of the adversary's control theoretic goals, cyber threat intelligence (CTI) provides the defender knowledge of the adversary's preferences for information acquisition. We use this knowledge to spoof sensor readings to maximize the amount of information the adversary consumes while making it (information theoretically) difficult for the adversary to detect that they are being spoofed. We discuss the case of imperfect versus perfect threat intelligence and perform a numerical comparison.

Systems and Control,Cryptography and Security,Information Theory,Optimization and Control

Sergio Castillo-Perez,Joaquin Garcia-Alfaro

DOI: https://doi.org/10.48550/arXiv.1208.3730

2012-08-18

Cryptography and Security

Abstract:The use of anonymity-based infrastructures and anonymisers is a plausible solution to mitigate privacy problems on the Internet. Tor (short for The onion router) is a popular low-latency anonymity system that can be installed as an end-user application on a wide range of operating systems to redirect the traffic through a series of anonymising proxy circuits. The construction of these circuits determines both the latency and the anonymity degree of the Tor anonymity system. While some circuit construction strategies lead to delays which are tolerated for activities like Web browsing, they can make the system vulnerable to linking attacks. We evaluate in this paper three classical strategies for the construction of Tor circuits, with respect to their de-anonymisation risk and latency performance. We then develop a new circuit selection algorithm that considerably reduces the success probability of linking attacks while keeping a good degree of performance. We finally conduct experiments on a real-world Tor deployment over PlanetLab. Our experimental results confirm the validity of our strategy and its performance increase for Web browsing.

Adam Back,Ulf Möller,Anton Stiglic

DOI: https://doi.org/10.1007/3-540-45496-9_18

2001-01-01

Abstract:We discuss problems and trade-offs with systems providing anonymity for web browsing (or more generally any communication system that requires low latency interaction). We focus on two main systems: the Freedom network [12] and PipeNet [8]. Although Freedom is efficient and reasonably secure against denial of service attacks, it is vulnerable to some generic traffic analysis attacks, which we describe. On the other hand, we look at PipeNet, a simple theoretical model which protects against the traffic analysis attacks we point out, but is vulnerable to denial of services attacks and has efficiency problems. In light of these observations, we discuss the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity.

Q Misell

2023-12-01

Abstract:Tor Onion Services are a way to host websites and other internet services anonymously. Onion Services are often used to bypass internet censorship and provide information services to users in oppressive regimes. This paper presents an analysis of the security defences deployed on these Onion Services. Onion Services tend to have better security policy than sites on the clear web. However they lag behind in the deployment of HTTPS, a key defence to ensuring the security of users of such services.

Cryptography and Security,Networking and Internet Architecture