Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Proceedings of the 10th ACM conference on Computer and communications security
How to achieve blocking resistance for existing systems enabling anonymous web surfing
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Low-Cost Traffic Analysis of Tor
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DSSS-Based Flow Marking Technique for Invisible Traceback
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Low-resource routing attacks against tor
Proceedings of the 2007 ACM workshop on Privacy in electronic society
How to Bypass Two Anonymity Revocation Schemes
PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
An improved clock-skew measurement technique for revealing hidden services
SS'08 Proceedings of the 17th conference on Security symposium
A new cell counter based attack against tor
Proceedings of the 16th ACM conference on Computer and communications security
On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design
Proceedings of the 8th ACM workshop on Privacy in the electronic society
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
A practical congestion attack on tor using long paths
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
On flow correlation attacks and countermeasures in mix networks
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
| Hi-index | 0.00 |
Tor network has been widely used for protecting the privacy of users while accessing various online services. Since Tor can be easily blocked by blacklisting the publicly published Tor relays, the hidden bridges-based blocking-resistance mechanism is designed and implemented in the current Tor network. Any user can subscribe a tuple of three bridges via email, https, twitter etc. However, we have found that there exist high correlations among those published tuples, which can be exploited to effectively detect hidden bridges by monitoring the outbound traffic from a controlled network. When Tor clients try to connect chosen hidden bridges, multiple SYN packets with consecutive source ports will be sent almost simultaneously, destining for different hosts. If any destination IP contained among such packets belongs to a known bridge, all others can then be inferred to be of bridges too. By recording and analyzing a series of traffic segments satisfying the above packet features, the hidden bridges used in a controlled network can be detected and further blocked. According to different available computing and storage resources, we proposed both online and offline detecting methods. Both analytical and simulation results verify the high correlation among published bridge tuples, validating the feasibility of our methods. By configuring optimized detecting parameters in the real-world experiments, we can achieve a detection rate of 86.7 % with a 0.85 % false-positive rate for online detection, and a 98.4 % detection rate with a 0.62 % false-positive rate for offline detection. To make up the flaws in Tor's current blocking-resistance mechanism, we also provide some countermeasures from the perspective of Tor network and users, respectively.