Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Embedding an SQL database with SQLite
Linux Journal
Low-Cost Traffic Analysis of Tor
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DSSS-Based Flow Marking Technique for Invisible Traceback
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Low-resource routing attacks against tor
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Shining Light in Dark Places: Understanding the Tor Network
PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
A novel flow multiplication attack against Tor
CSCWD '09 Proceedings of the 2009 13th International Conference on Computer Supported Cooperative Work in Design
Fingerprinting websites using traffic analysis
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
On flow correlation attacks and countermeasures in mix networks
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Hi-index | 0.00 |
Attacking anonymous communication networks is very tempting, and many types of attacks have already been observed. In the case for Tor, a widely used anonymous overlay network is considered. Despite the deployment of several protection mechanisms, an attack originated by just one rogue exit node is proposed. The attack is composed of two elements. The first is an active tag injection scheme. The malicious exit node injects image tags into all HTTP replies, which will be cached for upcoming requests and allow different users to be distinguished. The second element is an inference attack that leverages a semi-supervised learning algorithm to reconstruct browsing sessions. Captured traffic flows are clustered into sessions, such that one session is most probably associated to a specific user. The clustering algorithm uses HTTP headers and logical dependencies encountered in a browsing session. A prototype has been implemented and its performance evaluated on the Tor network. The article also describes several countermeasures and advanced attacks, modeled in a game theoretical framework, and their effectiveness assessed with reference to the Nash equilibrium. Copyright © 2011 John Wiley & Sons, Ltd.