Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
SilentKnock: practical, provably undetectable authentication
International Journal of Information Security
On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design
Proceedings of the 8th ACM workshop on Privacy in the electronic society
Covert messaging through TCP timestamps
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Embedding covert channels into TCP/IP
IH'05 Proceedings of the 7th international conference on Information Hiding
Ignoring the great firewall of china
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Proceedings of the 27th Annual Computer Security Applications Conference
SkypeMorph: protocol obfuscation for Tor bridges
Proceedings of the 2012 ACM conference on Computer and communications security
Dissent in numbers: making strong anonymity scale
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Users get routed: traffic correlation on tor by realistic adversaries
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Protocol misidentification made easy with format-transforming encryption
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Cover your ACKs: pitfalls of covert channel censorship circumvention
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
ScrambleSuit: a polymorphic network protocol to circumvent censorship
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Hi-index | 0.00 |
Tor is a network designed for low-latency anonymous communications. Tor clients form circuits through relays that are listed in a public directory, and then relay their encrypted traffic through these circuits. This indirection makes it difficult for a local adversary to determine with whom a particular Tor user is communicating. In response, some local adversaries restrict access to Tor by blocking each of the publicly listed relays. To deal with such an adversary, Tor uses bridges, which are unlisted relays that can be used as alternative entry points into the Tor network. Unfortunately, issues with Tor's bridge implementation make it easy to discover large numbers of bridges. An adversary that hoards this information may use it to determine when each bridge is online over time. If a bridge operator also browses with Tor on the same machine, this information may be sufficient to deanonymize him. We present BridgeSPA as a method to mitigate this issue. A client using BridgeSPA relies on innocuous single packet authorization (SPA) to present a time-limited key to a bridge. Before this authorization takes place, the bridge will not reveal whether it is online. We have implemented BridgeSPA as a working proof-of-concept, which is available under an open-source licence.