Paper 2012/432

TorScan: Tracing Long-lived Connections and Differential Scanning Attacks

Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann

Abstract

Tor is a widely used anonymity network providing low-latency communication capabilities. Around 400,000 users per day use Tor to route TCP traffic through a sequence of relays; three hops are selected from a pool of currently almost 3000 volunteer-operated Tor relays to comprise a route through the network for a limited time. In comparison to single-hop proxies, forwarding TCP streams through multiple relays increases the anonymity of the users significantly: each hop along the route only knows its successor and predecessor. The anonymity provided by Tor heavily relies on the hardness of linking a user's entry and exit nodes. If an attacker gains access to the topological information about the Tor network instead of having to consider the network as a fully connected graph, this anonymity may be reduced. In fact, we have found ways to probe the connectivity of a Tor relay. We demonstrate how the resulting leakage of the Tor network topology can be used and present attacks to trace back a user from an exit relay to a small set of potential entry nodes.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
ivan pustogarov @ uni lu
History
2012-08-05: received
Short URL
https://ia.cr/2012/432
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2012/432,
      author = {Alex Biryukov and Ivan Pustogarov and Ralf-Philipp Weinmann},
      title = {{TorScan}: Tracing Long-lived Connections and Differential Scanning Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/432},
      year = {2012},
      url = {https://eprint.iacr.org/2012/432}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.