Paper Info
Title
Poster: User Sessions on Tor Onion Services: Can Colluding ISPs Deanonymize Them at Scale?
Abstract
ABSTRACTTor is the most popular anonymity network in the world. It relies on advanced security and obfuscation techniques to ensure the privacy of its users and free access to the Internet. However, the investigation of traffic correlation attacks against Tor Onion Services (OSes) has been relatively overlooked in the literature. In particular, determining whether it is possible to emulate a global passive adversary capable of deanonymizing the IP addresses of both the Tor OSes and of the clients accessing them has remained, so far, an open question. In this paper, we present ongoing work toward addressing this question and reveal some preliminary results on a scalable traffic correlation attack that can potentially be used to deanonymize Tor OS sessions. Our attack is based on a distributed architecture involving a group of colluding ISPs from across the world. After collecting Tor traffic samples at multiple vantage points, ISPs can run them through a pipeline where several stages of traffic classifiers employ complementary techniques that result in the deanonymization of OS sessions with high confidence (i.e., low false positives). We have responsibly disclosed our early results with the Tor Project team and are currently working not only on improving the effectiveness of our attack but also on developing countermeasures to preserve Tor users' privacy.
Year
DOI
Venue
2022
10.1145/3548606.3563520
Computer and Communications Security
DocType
Citations 
PageRank 
Conference
0
0.34
References 
Authors
0
9
Name
Order
Citations
PageRank
Daniela Lopes100.34
pedro h a medeiros231.05
Jin-Dong Dong361.74
Diogo Barradas431.77
Bernardo Portela5383.90
João Vinagre6578.56
Bernardo Ferreira711.72
Nicolas Christin82133126.02
Nuno Santos900.34