A closer look at Eclipse attacks against Tor hidden services

Tan, Qingfeng; Gao, Yue; Shi, Jinqiao; Wang, Xuebin; Fang, Binxing

doi:10.1109/icc.2017.7996832

Cited by 17 publications

(9 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security [39], [40], [41], [42], [43], [44], [45], [46], [47], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57], [21], [58], [59], [60], [61], [62], [63], [64], [19] 28…”

Section: Research Fieldmentioning

confidence: 99%

“…Research papers N. of papers Attacks to THS [40], [41], [42], [43], [44], [45], [47], [48], [50], [51], [52], [53], [54], [56], [57], [21], [58], [63], [49], [19] 20…”

Section: Focus Of the Researchmentioning

confidence: 99%

Section: Securitymentioning

confidence: 99%

“…Some authors [41,58] point out that if an attacker manages to position itself as a false HSDir, it can cause an eclipse attack for denial of service. In general terms, an eclipse attack is a mean of attacking decentralised networks, isolating and hiding a specific target, rather than attacking the entire network [58]. In the case of Tor, if an opponent can control a routing table, he/she can monopolise all the incoming and outgoing extensions of the victims, so the victim will be completely hidden.…”

Section: Securitymentioning

confidence: 99%

See 3 more Smart Citations

Tor Hidden Services: A Systematic Literature Review

Trujillo¹,

Ruiz‐Martínez²

2021

Preprint

View full text Add to dashboard Cite

Anonymous communications networks were born to protect the privacy of our communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features, among them, we can mention user’s IP location or Tor Hidden Services (THS) as a mechanism to conceal the location of servers, mainly, web servers. THS is an important research field in Tor. However, there is a lack of reviews that sump up main findings and research challenges. In this article we present a systematic literature review that aims to offer a comprehensive view on the research made on Tor Hidden services presenting the state of the art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and present main findings and advances regarding Tor Hidden Services, limitations found, and future issues to be investigated.

show abstract

“…Security [39], [40], [41], [42], [43], [44], [45], [46], [47], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57], [21], [58], [59], [60], [61], [62], [63], [64], [19] 28…”

Section: Research Fieldmentioning

confidence: 99%

“…Research papers N. of papers Attacks to THS [40], [41], [42], [43], [44], [45], [47], [48], [50], [51], [52], [53], [54], [56], [57], [21], [58], [63], [49], [19] 20…”

Section: Focus Of the Researchmentioning

confidence: 99%

Section: Securitymentioning

confidence: 99%

Section: Securitymentioning

confidence: 99%

See 2 more Smart Citations

Tor Hidden Services: A Systematic Literature Review

Trujillo¹,

Ruiz‐Martínez²

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…In 2015, Matic et al [6] designed the detection tool CARONTE to locate the actual server IP address by detecting the unique string and certificate chain leaked in the content of the hidden service. Tan et al [25] used the Eclipse attack to destroy the DHT structure of the hidden service directory server, which could cover any hidden service under a small amount of IP resources.…”

Section: Hidden Service Attackmentioning

confidence: 99%

Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature

Meng¹,

Fei²

2020

Security and Communication Networks

View full text Add to dashboard Cite

It has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend to focus on active attacks; therefore, the reliability of attack conditions and validity of test results cannot be fully verified. Hence, it is necessary to reexamine hidden service attacks from the perspective of fingerprinting attacks. In this paper, we propose a novel Website Response Fingerprinting (WRFP) Attack based on response time feature and extremely randomized tree algorithm to analyze the hidden information of the response fingerprint. The objective is to monitor hidden service website pages, service types, and mounted servers. WRFP relies on the hidden service response fingerprinting dataset. In addition to simulated website mirroring, two different mounting modes are taken into account, the same-source server and multisource server. A total of 300,000 page instances within 30,000 domain sites are collected, and we comprehensively evaluate the classification performance of the proposed WRFP. Our results show that the TPR of webpages and server classification remain greater than 93% in the small-scale closed-world performance test, and it is capable of tolerating up to 10% fluctuations in response time. WRFP also provides a higher accuracy and computational efficiency than traditional website fingerprinting classifiers in the challenging open-world performance test. This also indicates the importance of response time feature. Our results also suggest that monitoring website types improves the judgment effect of the classifier on subpages.

show abstract