A Novel Protocol-Feature Attack against Tor's Hidden Service
Summary :
Tor is the most popular and well-researched low-latency anonymous communication network provides sender privacy to Internet users. It also provides recipient privacy by making TCP services available through “hidden service”, which allowing users not only to access information anonymously but also to publish information anonymously. However, based on our analysis of the hidden service protocol, we found a special combination of cells, which is the basic transmission unit over Tor, transmitted during the circuit creation procedure that could be used to degrade the anonymity. In this paper, we investigate a novel protocol-feature based attack against Tor's hidden service. The main idea resides in fact that an attacker could monitor traffic and manipulate cells at the client side entry router, and an adversary at the hidden server side could cooperate to reveal the communication relationship. Compared with other existing attacks, our attack reveals the client of a hidden service and does not rely on traffic analysis or watermarking techniques. We manipulate Tor cells at the entry router to generate the protocol-feature. Once our controlled entry onion routers detect such a feature, we can confirm the IP address of the client. We implemented this attack against hidden service and conducted extensive theoretical analysis and experiments over Tor network. The experiment results validate that our attack can achieve high rate of detection rate with low false positive rate.
- Publication
- IEICE TRANSACTIONS on Information Vol.E99-D No.4 pp.839-849
- Publication Date
- 2016/04/01
- Publicized
- 2016/01/13
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2015ICP0001
- Type of Manuscript
- Special Section PAPER (Special Section on Information and Communication System Security)
- Category
- Network security
Authors
Rui WANG
Beijing University of Posts and Telecommunications
Qiaoyan WEN
Beijing University of Posts and Telecommunications
Hua ZHANG
Beijing University of Posts and Telecommunications
Xuelei LI
Beijing University of Posts and Telecommunications
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Rui WANG, Qiaoyan WEN, Hua ZHANG, Xuelei LI, "A Novel Protocol-Feature Attack against Tor's Hidden Service" in IEICE TRANSACTIONS on Information,
vol. E99-D, no. 4, pp. 839-849, April 2016, doi: 10.1587/transinf.2015ICP0001.
Abstract: Tor is the most popular and well-researched low-latency anonymous communication network provides sender privacy to Internet users. It also provides recipient privacy by making TCP services available through “hidden service”, which allowing users not only to access information anonymously but also to publish information anonymously. However, based on our analysis of the hidden service protocol, we found a special combination of cells, which is the basic transmission unit over Tor, transmitted during the circuit creation procedure that could be used to degrade the anonymity. In this paper, we investigate a novel protocol-feature based attack against Tor's hidden service. The main idea resides in fact that an attacker could monitor traffic and manipulate cells at the client side entry router, and an adversary at the hidden server side could cooperate to reveal the communication relationship. Compared with other existing attacks, our attack reveals the client of a hidden service and does not rely on traffic analysis or watermarking techniques. We manipulate Tor cells at the entry router to generate the protocol-feature. Once our controlled entry onion routers detect such a feature, we can confirm the IP address of the client. We implemented this attack against hidden service and conducted extensive theoretical analysis and experiments over Tor network. The experiment results validate that our attack can achieve high rate of detection rate with low false positive rate.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2015ICP0001/_p
Copy
@ARTICLE{e99-d_4_839,
author={Rui WANG, Qiaoyan WEN, Hua ZHANG, Xuelei LI, },
journal={IEICE TRANSACTIONS on Information},
title={A Novel Protocol-Feature Attack against Tor's Hidden Service},
year={2016},
volume={E99-D},
number={4},
pages={839-849},
abstract={Tor is the most popular and well-researched low-latency anonymous communication network provides sender privacy to Internet users. It also provides recipient privacy by making TCP services available through “hidden service”, which allowing users not only to access information anonymously but also to publish information anonymously. However, based on our analysis of the hidden service protocol, we found a special combination of cells, which is the basic transmission unit over Tor, transmitted during the circuit creation procedure that could be used to degrade the anonymity. In this paper, we investigate a novel protocol-feature based attack against Tor's hidden service. The main idea resides in fact that an attacker could monitor traffic and manipulate cells at the client side entry router, and an adversary at the hidden server side could cooperate to reveal the communication relationship. Compared with other existing attacks, our attack reveals the client of a hidden service and does not rely on traffic analysis or watermarking techniques. We manipulate Tor cells at the entry router to generate the protocol-feature. Once our controlled entry onion routers detect such a feature, we can confirm the IP address of the client. We implemented this attack against hidden service and conducted extensive theoretical analysis and experiments over Tor network. The experiment results validate that our attack can achieve high rate of detection rate with low false positive rate.},
keywords={},
doi={10.1587/transinf.2015ICP0001},
ISSN={1745-1361},
month={April},}
Copy
TY - JOUR
TI - A Novel Protocol-Feature Attack against Tor's Hidden Service
T2 - IEICE TRANSACTIONS on Information
SP - 839
EP - 849
AU - Rui WANG
AU - Qiaoyan WEN
AU - Hua ZHANG
AU - Xuelei LI
PY - 2016
DO - 10.1587/transinf.2015ICP0001
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E99-D
IS - 4
JA - IEICE TRANSACTIONS on Information
Y1 - April 2016
AB - Tor is the most popular and well-researched low-latency anonymous communication network provides sender privacy to Internet users. It also provides recipient privacy by making TCP services available through “hidden service”, which allowing users not only to access information anonymously but also to publish information anonymously. However, based on our analysis of the hidden service protocol, we found a special combination of cells, which is the basic transmission unit over Tor, transmitted during the circuit creation procedure that could be used to degrade the anonymity. In this paper, we investigate a novel protocol-feature based attack against Tor's hidden service. The main idea resides in fact that an attacker could monitor traffic and manipulate cells at the client side entry router, and an adversary at the hidden server side could cooperate to reveal the communication relationship. Compared with other existing attacks, our attack reveals the client of a hidden service and does not rely on traffic analysis or watermarking techniques. We manipulate Tor cells at the entry router to generate the protocol-feature. Once our controlled entry onion routers detect such a feature, we can confirm the IP address of the client. We implemented this attack against hidden service and conducted extensive theoretical analysis and experiments over Tor network. The experiment results validate that our attack can achieve high rate of detection rate with low false positive rate.
ER -
English
