We built this circuit: Exploring threat vectors in circuit establishment in tor

Theodor Schnitzler, Christina Popper, Markus Durmuth, Katharina Kohls

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Traffic analysis attacks against the Tor network are a persisting threat to the anonymity of its users. The technical capabilities of attacks against encrypted Internet traffic have come a long way. Although the current state-of-the-art predicts high precision and accuracy for website fingerprinting and end-to-end confirmation, the concepts of these attacks often solely focus on their technical capabilities and ignore the operational requirements that are mandatory to get access to transmissions. In this work, we introduce three novel stepping-stone attacks that enable an adversary to (i) gain additional information about monitored connections, (ii) manipulate the Tor connection build-up, and (iii) conduct a targeted Denial-of-Service attack within the Tor infrastructure. All attacks exploit core defensive features of Tor and, consequently, are hard to patch. At the same time, our attacks are in line with standard attacker models for traffic analysis attacks. We demonstrate the feasibility of all three attacks in simulations and empirical case studies and emphasize their pivotal role in preparing a realistic setting for end-to-end confirmation attacks.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE European Symposium on Security and Privacy, Euro S and P 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages319-336
Number of pages18
ISBN (Electronic)9781665414913
DOIs
StatePublished - Sep 2021
Event6th IEEE European Symposium on Security and Privacy, Euro S and P 2021 - Virtual, Online, Austria
Duration: Sep 6 2021Sep 10 2021

Publication series

NameProceedings - 2021 IEEE European Symposium on Security and Privacy, Euro S and P 2021

Conference

Conference6th IEEE European Symposium on Security and Privacy, Euro S and P 2021
Country/TerritoryAustria
CityVirtual, Online
Period9/6/219/10/21

Keywords

  • Anonymity
  • Privacy
  • Tor
  • Traffic

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'We built this circuit: Exploring threat vectors in circuit establishment in tor'. Together they form a unique fingerprint.

Cite this