Paper 2012/432
TorScan: Tracing Long-lived Connections and Differential Scanning Attacks
Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann
Abstract
Tor is a widely used anonymity network providing low-latency communication capabilities. Around 400,000 users per day use Tor to route TCP traffic through a sequence of relays; three hops are selected from a pool of currently almost 3000 volunteer-operated Tor relays to comprise a route through the network for a limited time. In comparison to single-hop proxies, forwarding TCP streams through multiple relays increases the anonymity of the users significantly: each hop along the route only knows its successor and predecessor. The anonymity provided by Tor heavily relies on the hardness of linking a user's entry and exit nodes. If an attacker gains access to the topological information about the Tor network instead of having to consider the network as a fully connected graph, this anonymity may be reduced. In fact, we have found ways to probe the connectivity of a Tor relay. We demonstrate how the resulting leakage of the Tor network topology can be used and present attacks to trace back a user from an exit relay to a small set of potential entry nodes.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Published elsewhere. Unknown where it was published
- Contact author(s)
- ivan pustogarov @ uni lu
- History
- 2012-08-05: received
- Short URL
- https://ia.cr/2012/432
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2012/432,
author = {Alex Biryukov and Ivan Pustogarov and Ralf-Philipp Weinmann},
title = {TorScan: Tracing Long-lived Connections and Differential Scanning Attacks},
howpublished = {Cryptology ePrint Archive, Paper 2012/432},
year = {2012},
note = {\url{https://eprint.iacr.org/2012/432}},
url = {https://eprint.iacr.org/2012/432}
}
