Poster : Fingerprinting Hidden Service Circuits from a Tor Middle Relay

Kwon et al. recently showed that circuit fingerprinting attacks could be used to identify hidden service circuits, which is a key step towards linking Tor users and their activity online. In this paper, we explore an improvement to their attack that uses random forests, which achieves similar accuracy while being more robust to simple countermeasures against it. Additionally, we perform our attack from a middle node, for which an attacker needs less resources and can leverage guard fingerprinting to deanonymize users. Our evaluation shows the attack can be effectively deployed at the middle with 99.98% accuracy.

[1]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[2]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[3]  Nicholas Hopper,et al.  How much anonymity does network latency leak? , 2010, ACM Trans. Inf. Syst. Secur..

[4]  Prateek Mittal,et al.  Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting , 2011, CCS '11.

[5]  Tao Wang,et al.  Improved website fingerprinting on Tor , 2013, WPES.

[6]  Rachel Greenstadt,et al.  A Critical Evaluation of Website Fingerprinting Attacks , 2014, CCS.

[7]  Marc Dacier,et al.  Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services , 2015, USENIX Security Symposium.

[8]  Klaus Wehrle,et al.  Website Fingerprinting at Internet Scale , 2016, NDSS.

[9]  Giovanni Cherubin,et al.  Website Fingerprinting Defenses at the Application Layer , 2017, Proc. Priv. Enhancing Technol..