Anonymous Web transactions with Crowds
Communications of the ACM
Privacy protection and anonymity services for the World Wide Web
Future Generation Computer Systems - Special issue on security on the Web
WWW security and trusted third party services
Future Generation Computer Systems - Special issue on security on the Web
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Tarzan: a peer-to-peer anonymizing network layer
Proceedings of the 9th ACM conference on Computer and communications security
Mixminion: Design of a Type III Anonymous Remailer Protocol
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
Fingerprinting Relational Databases: Schemes and Specialties
IEEE Transactions on Dependable and Secure Computing
Low-Cost Traffic Analysis of Tor
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
On Flow Marking Attacks in Wireless Anonymous Communication Networks
ICDCS '05 Proceedings of the 25th IEEE International Conference on Distributed Computing Systems
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Inferring the source of encrypted HTTP connections
Proceedings of the 13th ACM conference on Computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DSSS-Based Flow Marking Technique for Invisible Traceback
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Low-resource routing attacks against tor
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Covert channels in privacy-preserving identification systems
Proceedings of the 14th ACM conference on Computer and communications security
Passive-Logging Attacks Against Anonymous Communications Systems
ACM Transactions on Information and System Security (TISSEC)
Discovering phishing target based on semantic link network
Future Generation Computer Systems
The schema theory for semantic link network
Future Generation Computer Systems
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
On flow correlation attacks and countermeasures in mix networks
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
A secure broadcasting cryptosystem and its application to grid computing
Future Generation Computer Systems
StegoTorus: a camouflage proxy for the Tor anonymity system
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
Tor has become one of the most popular overlay networks for anonymizing TCP traffic, however, the anonymity of Tor clients is threatened by various attacks exploiting traffic analysis or Tor's design features. Although considerable effort has been made to secure and improve Tor networks, little attention has been paid to various application-level attacks against Tor. In this paper, we present a potential HTTP-based application-level attack against Tor, which exploits both Tor's design features and HTTP's vulnerability to man-in-the-middle attacks. Such an application-level attack can efficiently and effectively compromise the anonymity of clients without using invasive plugins like Java or any other active content systems in a web browser, posing a serious threat to Tor. Our analytical and empirical results validate the feasibility and effectiveness of the attack. Based on our analysis of the potential attack mechanism, we propose corresponding countermeasures to thwart such potential application-level attacks against Tor, thereby effectively securing and improving Tor networks. Since the fundamental vulnerability exposed by this paper is not specific to web browsing via Tor but rather to the problem of other low-latency applications based on TCP streams, our study is critical for securing and improving low-latency anonymous communication systems.