Hashing it out in public: common failure modes of DHT-based anonymity schemes
Proceedings of the 8th ACM workshop on Privacy in the electronic society
Traffic analysis against low-latency anonymity networks using available bandwidth estimation
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Fingerprinting attack on the tor anonymity system
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Website detection using remote traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Dissent in numbers: making strong anonymity scale
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
| Hi-index | 0.00 |
We present a novel, practical, and effective mechanism that exposes the identity of Tor relays participating in a given circuit. Such an attack can be used by malicious or compromised nodes to identify the rest of the circuit, or as the first step in a follow-on trace-back attack. Our intuition is that by modulating the bandwidth of an anonymous connection ({\it e.g.,} when the destination server, its router, or an entry point is under our control), we create observable fluctuations that propagate through the Tor network and the Internet to the end-user's host. To that end, we employ {\it LinkWidth}, a novel bandwidth-estimation technique. LinkWidth enables network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peerhost, router, or ISP. Our approach also does not require compromise of {\bf any} Tor nodes. In a series of experiments against the Tor network, we show that we can accurately identify the network location of most participating Tor relays.