Detecting Traffic Snooping in Tor Using Decoys

Chakravarty, Sambuddho; Portokalidis, Georgios; Polychronakis, Michalis; Keromytis, Angelos D.

doi:10.1007/978-3-642-23644-0_12

Cited by 48 publications

(19 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2011, Chakravarty et al [3] attempted to detect exit relays sniffing Tor users' traffic by systematically transmitting decoy credentials over all active exit relays. Over a period of ten months, the authors uncovered ten relays engaging in traffic snooping.…”

Section: Related Workmentioning

confidence: 99%

“…Our work is the first to give a comprehensive overview of active attacks. We further publish our code under a free license 3 . By doing so, we enable and encourage continuous and crowd-sourced measurements rather than one-time scans.…”

Section: Related Workmentioning

confidence: 99%

“…Often, relay operators choose to not forward traffic to well-known file sharing ports in order to avoid copyright infringement. 3 hope to discover and remove all "spoiled onions" which might be part of the Tor network.…”

Section: Probing Exit Relaysmentioning

confidence: 99%

See 2 more Smart Citations

Spoiled Onions: Exposing Malicious Tor Exit Relays

Winter

Lindskog

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Several hundred Tor exit relays together push more than 1 GiB/s of network traffic. However, it is easy for exit relays to snoop and tamper with anonymised network traffic and as all relays are run by independent volunteers, not all of them are innocuous. In this paper, we seek to expose malicious exit relays and document their actions. First, we monitored the Tor network after developing a fast and modular exit relay scanner. We implemented several scanning modules for detecting common attacks and used them to probe all exit relays over a period of four months. We discovered numerous malicious exit relays engaging in different attacks. To reduce the attack surface users are exposed to, we further discuss the design and implementation of a browser extension patch which fetches and compares suspicious X.509 certificates over independent Tor circuits. Our work makes it possible to continuously monitor Tor exit relays. We are able to detect and thwart many man-in-the-middle attacks which makes the network safer for its users. All our code is available under a free license. 1 Contact information can be useful to get in touch with relay operators, e.g., if they misconfigured their relay.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Spoiled Onions: Exposing Malicious Tor Exit Relays

Winter

Lindskog

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Using Decoy Traffic: Chakravarty et al [68] used decoy traffic on anonymous networks to detect traffic interception. The proposed strategy is based on the idea of injecting traffic containing bait credentials for decoy services requiring user authentication.…”

Section: Tor Attacksmentioning

confidence: 99%

Shedding Light on the Dark Corners of the Internet: A Survey of Tor Research

Saleh

Qadir

Ilyas

2018

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Anonymity services have seen high growth rates with increased usage in the past few years. Among various services, Tor is one of the most popular peer-to-peer anonymizing service. In this survey paper, we summarize, analyze, classify and quantify 26 years of research on the Tor network. Our research shows that 'security' and 'anonymity' are the most frequent keywords associated with Tor research studies. Quantitative analysis shows that the majority of research studies on Tor focus on 'deanonymization' the design of a breaching strategy. The second most frequent topic is analysis of path selection algorithms to select more resilient paths. Analysis shows that the majority of experimental studies derived their results by deploying private testbeds while others performed simulations by developing custom simulators. No consistent parameters have been used for Tor performance analysis. The majority of authors performed throughput and latency analysis.

show abstract

“…One of these services is VPN Gate, an open and free service analyzed by Nobori et al [23]. Sporadic evidence so far has shown that traffic manipulation and monitoring also happens in other types of network relays, including open HTTP proxies [36] and even anonymity networks [5,43]. The work by Tsirantonakis et al studied header manipulation performed by over 65,000 open HTTP Proxies [36]: 5% of the tested proxies were found to perform malicious or unwanted modification.…”

Section: Vpn-based Measurementsmentioning

confidence: 99%

An Empirical Analysis of the Commercial VPN Ecosystem

Khan¹,

DeBlasio

Voelker

et al. 2018

Proceedings of the Internet Measurement Conference 2018

View full text Add to dashboard Cite

Global Internet users increasingly rely on virtual private network (VPN) services to preserve their privacy, circumvent censorship, and access geo-filtered content. Due to their own lack of technical sophistication and the opaque nature of VPN clients, however, the vast majority of users have limited means to verify a given VPN service's claims along any of these dimensions. We design an active measurement system to test various infrastructural and privacy aspects of VPN services and evaluate 62 commercial providers. Our results suggest that while commercial VPN services seem, on the whole, less likely to intercept or tamper with user traffic than other, previously studied forms of traffic proxying, many VPNs do leak user traffic-perhaps inadvertently-through a variety of means. We also find that a non-trivial fraction of VPN providers transparently proxy traffic, and many misrepresent the physical location of their vantage points: 5-30% of the vantage points, associated with 10% of the providers we study, appear to be hosted on servers located in countries other than those advertised to users.

show abstract

Detecting Traffic Snooping in Tor Using Decoys

Cited by 48 publications

References 22 publications

Spoiled Onions: Exposing Malicious Tor Exit Relays

Spoiled Onions: Exposing Malicious Tor Exit Relays

Shedding Light on the Dark Corners of the Internet: A Survey of Tor Research

An Empirical Analysis of the Commercial VPN Ecosystem

Contact Info

Product

Resources

About