Tor traffic identification

Today anonymity and privacy are the major concerns of Internet users. There are several types and implementations of anonymizing services available on the Internet. Tor is one of the services among those services. Tor networks are based on onion routing concept, and is now very popular. Surprisingly, very few research has been done on such an anonymizing network. Activist, journalist and writers use this tool for their freedom of speech, but it is also mis-used by malware, distributed denial of service attacks, hidden services that sells illegal things, spams, and many more. This paper will explain Tor usage detection by analysing the TLS connection that is used to make the connection secure and using the characteristics found during analysis to detect and block the Tor traffic originated from Tor browser.

[1]  Mohamed Ali Kâafar,et al.  Digging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network , 2010, 2010 Fourth International Conference on Network and System Security.

[2]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[3]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[4]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[5]  Ian Goldberg,et al.  Improving Tor using a TCP-over-DTLS Tunnel , 2009, USENIX Security Symposium.

[6]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part II - certificate-based key management , 1987, RFC.

[7]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[8]  Ming Yang,et al.  A novel active website fingerprinting attack against Tor anonymous system , 2014, Proceedings of the 2014 IEEE 18th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

[9]  Rohit Khare,et al.  Upgrading to TLS Within HTTP/1.1 , 2000, RFC.

[10]  Isbat Uzzin Nadhori,et al.  Detecting and blocking onion router traffic using deep packet inspection , 2016, 2016 International Electronics Symposium (IES).

[11]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[12]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .