From “Onion Not Found” to Guard Discovery
We present a novel web-based attack that identifies a Tor user’s guard in a matter of seconds. Our attack is low-cost, fast, and stealthy. It requires only a moderate amount of resources and can be deployed by website owners, third-party script providers, and malicious exits—if the website traffic i...
Guardado en:
Autores principales: | , , |
---|---|
Formato: | article |
Lenguaje: | EN |
Publicado: |
Sciendo
2022
|
Materias: | |
Acceso en línea: | https://doaj.org/article/f739fe0bc24b4a4694f11dc6cdfa266d |
Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
id |
oai:doaj.org-article:f739fe0bc24b4a4694f11dc6cdfa266d |
---|---|
record_format |
dspace |
spelling |
oai:doaj.org-article:f739fe0bc24b4a4694f11dc6cdfa266d2021-12-05T14:11:10ZFrom “Onion Not Found” to Guard Discovery2299-098410.2478/popets-2022-0026https://doaj.org/article/f739fe0bc24b4a4694f11dc6cdfa266d2022-01-01T00:00:00Zhttps://doi.org/10.2478/popets-2022-0026https://doaj.org/toc/2299-0984We present a novel web-based attack that identifies a Tor user’s guard in a matter of seconds. Our attack is low-cost, fast, and stealthy. It requires only a moderate amount of resources and can be deployed by website owners, third-party script providers, and malicious exits—if the website traffic is unencrypted. The attack works by injecting resources from non-existing onion service addresses into a webpage. Upon visiting the attack webpage with Tor Browser, the victim’s Tor client creates many circuits to look up the non-existing addresses. This allows middle relays controlled by the adversary to detect the distinctive traffic pattern of the “404 Not Found” lookups and identify the victim’s guard. We evaluate our attack with extensive simulations and live Tor network measurements, taking a range of victim machine, network, and geolocation configurations into account. We find that an adversary running a small number of HSDirs and providing 5 % of Tor’s relay bandwidth needs 12.06 seconds to identify the guards of 50 % of the victims, while it takes 22.01 seconds to discover 90 % of the victims’ guards. Finally, we evaluate a set of countermeasures against our attack including a defense that we develop based on a token bucket and the recently proposed Vanguards-lite defense in Tor.Oldenburg LennartAcar GunesDiaz ClaudiaSciendoarticletoranonymous communicationsguard discovery attackonion servicesweb-based attackEthicsBJ1-1725Electronic computers. Computer scienceQA75.5-76.95ENProceedings on Privacy Enhancing Technologies, Vol 2022, Iss 1, Pp 522-543 (2022) |
institution |
DOAJ |
collection |
DOAJ |
language |
EN |
topic |
tor anonymous communications guard discovery attack onion services web-based attack Ethics BJ1-1725 Electronic computers. Computer science QA75.5-76.95 |
spellingShingle |
tor anonymous communications guard discovery attack onion services web-based attack Ethics BJ1-1725 Electronic computers. Computer science QA75.5-76.95 Oldenburg Lennart Acar Gunes Diaz Claudia From “Onion Not Found” to Guard Discovery |
description |
We present a novel web-based attack that identifies a Tor user’s guard in a matter of seconds. Our attack is low-cost, fast, and stealthy. It requires only a moderate amount of resources and can be deployed by website owners, third-party script providers, and malicious exits—if the website traffic is unencrypted. The attack works by injecting resources from non-existing onion service addresses into a webpage. Upon visiting the attack webpage with Tor Browser, the victim’s Tor client creates many circuits to look up the non-existing addresses. This allows middle relays controlled by the adversary to detect the distinctive traffic pattern of the “404 Not Found” lookups and identify the victim’s guard. We evaluate our attack with extensive simulations and live Tor network measurements, taking a range of victim machine, network, and geolocation configurations into account. We find that an adversary running a small number of HSDirs and providing 5 % of Tor’s relay bandwidth needs 12.06 seconds to identify the guards of 50 % of the victims, while it takes 22.01 seconds to discover 90 % of the victims’ guards. Finally, we evaluate a set of countermeasures against our attack including a defense that we develop based on a token bucket and the recently proposed Vanguards-lite defense in Tor. |
format |
article |
author |
Oldenburg Lennart Acar Gunes Diaz Claudia |
author_facet |
Oldenburg Lennart Acar Gunes Diaz Claudia |
author_sort |
Oldenburg Lennart |
title |
From “Onion Not Found” to Guard Discovery |
title_short |
From “Onion Not Found” to Guard Discovery |
title_full |
From “Onion Not Found” to Guard Discovery |
title_fullStr |
From “Onion Not Found” to Guard Discovery |
title_full_unstemmed |
From “Onion Not Found” to Guard Discovery |
title_sort |
from “onion not found” to guard discovery |
publisher |
Sciendo |
publishDate |
2022 |
url |
https://doaj.org/article/f739fe0bc24b4a4694f11dc6cdfa266d |
work_keys_str_mv |
AT oldenburglennart fromonionnotfoundtoguarddiscovery AT acargunes fromonionnotfoundtoguarddiscovery AT diazclaudia fromonionnotfoundtoguarddiscovery |
_version_ |
1718371334368526336 |