Application-level attack against Tor's hidden service

Tor has become one of the most popular overlay networks for anonymizing TCP traffic. Hidden service provided by Tor allows users to run a TCP server under a pseudonym, and its resources can be accessed without the operator's real identity being revealed. In this paper, we propose a novel HTTP based application-level attack against Tor's hidden web service. Under the assumption that the entry of the suspected hidden server's circuit is occupied, we evaluate the time correlation between the web accessing and the generated traffic in the malicious onion router. Furthermore, we analyze the probability that the malicious onion routers occupy the entry of the hidden server's circuit when advertise high bandwidth, which is the foundation of our attack. We conducted real-world experiments to evaluate our attack method. The empirical results demonstrate that the hidden service can be effectively and efficiently located.

[1]  Weijia Jia,et al.  Blind Detection of Spread Spectrum Flow Watermarks , 2009, IEEE INFOCOM 2009.

[2]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[3]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[4]  Sushil Jajodia,et al.  Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[5]  Zhen Ling,et al.  Cyber Crime Scene Investigations (C²SI) through Cloud Computing , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops.

[6]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[7]  Weijia Jia,et al.  A new cell counter based attack against tor , 2009, CCS.

[8]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[9]  Eric C. Price,et al.  Browser-Based Attacks on Tor , 2007, Privacy Enhancing Technologies.

[10]  Walid Dabbous,et al.  Compromising Tor Anonymity Exploiting P2P Information Leakage , 2010, ArXiv.

[11]  Riccardo Bettati,et al.  On Flow Correlation Attacks and Countermeasures in Mix Networks , 2004, Privacy Enhancing Technologies.

[12]  Xinwen Fu,et al.  Long PN code based DSSS watermarking , 2011, 2011 Proceedings IEEE INFOCOM.

[13]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[14]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[15]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[16]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[17]  Steven J. Murdoch,et al.  Hot or not: revealing hidden services by their clock skew , 2006, CCS '06.

[18]  Xinwen Fu,et al.  DSSS-Based Flow Marking Technique for Invisible Traceback , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[19]  Xinwen Fu,et al.  A New Replay Attack Against Anonymous Communication Networks , 2008, 2008 IEEE International Conference on Communications.

[20]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[21]  Sebastian Zander,et al.  An Improved Clock-skew Measurement Technique for Revealing Hidden Services , 2008, USENIX Security Symposium.