G. Mani, P. Srinivas, G. Rao, Chitturi Prasad, Donepudi Priyanka, Naresh Cherukuri
{"title":"Traffic Analysis of High Throughput Traffic on Tor","authors":"G. Mani, P. Srinivas, G. Rao, Chitturi Prasad, Donepudi Priyanka, Naresh Cherukuri","doi":"10.1109/I-SMAC52330.2021.9640934","DOIUrl":null,"url":null,"abstract":"Tor is a popular anonymity network used by millions to access internet services while maintaining their privacy. The main concept behind Tor is that a user can build a \"circuit\" of routers called relays, where each relay carries the client’s traffic to the next relay, without any single relay knowing the full extent of the path. Thus, anonymity is achieved, because no single relay can trace the client to the destination.However, a paper written in 2005 titled \"Low-Cost Traffic Analysis of Tor\" by Steven J. Murdoch and George Danez is demonstrated that a traffic analysis attack was possible against the Tor network. Any attacker could monitor the load on a relay in the Tor network by calculating the round trip time (RTT) to the relay, and when the RTT spiked, it was clear that the relay was being used. With this information, attackers could trace the path of a client in the Tor network and de-anonymize them.This paper was written in 2005, when Tor was still young. At the time of Murdoch and Danezis’ paper, the entire Tor network consisted of just fifty relays. As of the time of writing, there were well over 7,000 relays in the network, so the ecosystem of Tor is radically different. With all of the increased traffic, it is highly required to determine if this type of attack was still valid, and would not be masked by other traffic.Our results indicate that if a victim is downloading or streaming a large file as fast as Tor will allow them to, a decrease in bandwidth and an increase in round trip time (RTT) is usually observable on each relay in the circuit. This research work has also discovered the Tor guard relays, a special subset of relays that clients will pick as the first hop in their circuit are very susceptible to this kind of attack.","PeriodicalId":178783,"journal":{"name":"2021 Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)","volume":"439 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I-SMAC52330.2021.9640934","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Tor is a popular anonymity network used by millions to access internet services while maintaining their privacy. The main concept behind Tor is that a user can build a "circuit" of routers called relays, where each relay carries the client’s traffic to the next relay, without any single relay knowing the full extent of the path. Thus, anonymity is achieved, because no single relay can trace the client to the destination.However, a paper written in 2005 titled "Low-Cost Traffic Analysis of Tor" by Steven J. Murdoch and George Danez is demonstrated that a traffic analysis attack was possible against the Tor network. Any attacker could monitor the load on a relay in the Tor network by calculating the round trip time (RTT) to the relay, and when the RTT spiked, it was clear that the relay was being used. With this information, attackers could trace the path of a client in the Tor network and de-anonymize them.This paper was written in 2005, when Tor was still young. At the time of Murdoch and Danezis’ paper, the entire Tor network consisted of just fifty relays. As of the time of writing, there were well over 7,000 relays in the network, so the ecosystem of Tor is radically different. With all of the increased traffic, it is highly required to determine if this type of attack was still valid, and would not be masked by other traffic.Our results indicate that if a victim is downloading or streaming a large file as fast as Tor will allow them to, a decrease in bandwidth and an increase in round trip time (RTT) is usually observable on each relay in the circuit. This research work has also discovered the Tor guard relays, a special subset of relays that clients will pick as the first hop in their circuit are very susceptible to this kind of attack.
Tor是一个受欢迎的匿名网络,数百万人使用它来访问互联网服务,同时保护他们的隐私。Tor背后的主要概念是,用户可以建立一个称为中继的路由器“电路”,其中每个中继将客户端的流量传递给下一个中继,而无需任何一个中继知道路径的全部范围。这样就实现了匿名性,因为没有一个中继可以跟踪客户端到目的地。然而,2005年由Steven J. Murdoch和George Danez撰写的一篇题为“Tor的低成本流量分析”的论文证明了流量分析攻击是可能针对Tor网络的。任何攻击者都可以通过计算到中继的往返时间(RTT)来监视Tor网络中中继上的负载,当RTT达到峰值时,很明显该中继正在被使用。有了这些信息,攻击者就可以追踪Tor网络中客户端的路径,并将其去匿名化。这篇论文写于2005年,当时Tor还很年轻。在默多克和达内齐斯发表论文的时候,整个Tor网络只有50个中继。在撰写本文时,网络中有超过7,000个中继,因此Tor的生态系统完全不同。随着流量的增加,非常需要确定这种类型的攻击是否仍然有效,并且不会被其他流量掩盖。我们的结果表明,如果受害者下载或流式传输大文件的速度达到Tor允许的速度,则通常可以在电路中的每个中继上观察到带宽的减少和往返时间(RTT)的增加。这项研究工作还发现了Tor保护中继,这是一个特殊的中继子集,客户端将选择作为其电路中的第一跳,非常容易受到这种攻击。