Paper 2022/407

Improving the Privacy of Tor Onion Services

Edward Eaton, Sajin Sasy, and Ian Goldberg

Abstract

Onion services enable bidirectional anonymity for parties that communicate over the Tor network, thus providing improved privacy properties compared to standard TLS connections. Since these services are designed to support server-side anonymity, the entry points for these services shuffle across the Tor network periodically. In order to connect to an onion service at a given time, the client has to resolve the .onion address for the service, which requires querying volunteer Tor nodes called Hidden Service Directories (HSDirs). However, previous work has shown that these nodes may be untrustworthy, and can learn or leak the metadata about which onion services are being accessed. In this paper, we present a new class of attacks that can be performed by malicious HSDirs against the current generation (v3) of onion services. These attacks target the unlinkability of onion services, allowing some services to be tracked over time. To restore unlinkability, we propose a number of concrete designs that use Private Information Retrieval (PIR) to hide information about which service is being queried, even from the HSDirs themselves. We examine the three major classes of PIR schemes, and analyze their performance, security, and how they fit into Tor in this context. We provide and evaluate implementations and end-to-end integrations, and make concrete suggestions to show how these schemes could be used in Tor to minimize the negative impact on performance while providing the most security.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Major revision. ACNS 2022
Keywords
TorOnion ServicesUnlinkabilityPIR
Contact author(s)
eeaton @ uwaterloo ca
ssasy @ uwaterloo ca
iang @ uwaterloo ca
History
2022-03-31: received
Short URL
https://ia.cr/2022/407
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/407,
      author = {Edward Eaton and Sajin Sasy and Ian Goldberg},
      title = {Improving the Privacy of Tor Onion Services},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/407},
      year = {2022},
      url = {https://eprint.iacr.org/2022/407}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.