Cryptology ePrint Archive: Report 2012/432
TorScan: Tracing Long-lived Connections and Differential Scanning Attacks
Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann
Abstract: Tor is a widely used anonymity network providing low-latency communication capabilities. Around 400,000 users per day use Tor to route TCP traffic through a sequence of relays; three hops are selected from a pool of currently almost 3000 volunteer-operated Tor relays to comprise a route through the network for a limited time. In comparison to single-hop proxies, forwarding TCP streams through multiple relays increases the anonymity of the users significantly: each hop along the route only knows its successor and predecessor.
The anonymity provided by Tor heavily relies on the hardness of linking a user's entry and exit nodes. If an attacker gains access to the topological information about the Tor network instead of having to consider the network as a fully connected graph, this anonymity may be reduced. In fact, we have found ways to probe the connectivity of a Tor relay. We demonstrate how the resulting leakage of the Tor network topology can be used and present attacks to trace back a user from an exit relay to a small set of potential entry nodes.
Category / Keywords: applications /
Date: received 31 Jul 2012
Contact author: ivan pustogarov at uni lu
Available formats: PDF | BibTeX Citation
Version: 20120805:145655 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]