Leaving timing-channel fingerprints in hidden service log files

Shebaro, Bilal; Pérez-González, Fernando; Crandall, Jedidiah R.

doi:10.1016/j.diin.2010.05.013

Cited by 14 publications

(12 citation statements)

References 19 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The forensic problem of placing identifiable fingerprints in the log files of a machine running a hidden service trough service queries is considered in [24], [10]. This fingerprint is then used to prove that the confiscated machine in fact hosted a particular content, assuming that requests are logged.…”

Section: Related Workmentioning

confidence: 99%

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

Biryukov¹,

Pustogarov²,

Weinmann³

2013

2013 IEEE Symposium on Security and Privacy

177

157

View full text Add to dashboard Cite

Tor is the most popular volunteer-based anonymity network consisting of over 3000 volunteer-operated relays. Apart from making connections to servers hard to trace to their origin it can also provide receiver privacy for Internet services through a feature called "hidden services".In this paper we expose flaws both in the design and implementation of Tor's hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services. We give a practical evaluation of our techniques by studying: (1) a recent case of a botnet using Tor hidden services for command and control channels; (2) Silk Road, a hidden service used to sell drugs and other contraband; (3) the hidden service of the DuckDuckGo search engine.

show abstract

Section: Related Workmentioning

confidence: 99%

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

Biryukov¹,

Pustogarov²,

Weinmann³

2013

2013 IEEE Symposium on Security and Privacy

177

157

View full text Add to dashboard Cite

show abstract

“…While a determined adversary, given enough measurements, may be able to roughly estimate the location of a hidden service, pinpointing its exact location, and then being able to prove that the machine is in fact hosting the hidden content is considerably more challenging if, as we expect, operators of the hidden service suspect they are being monitored [35]. For instance, the hidden service could merely act as a proxy to another machine hosted somewhere else.…”

Section: Potential Intervention Strategiesmentioning

confidence: 99%

Traveling the Silk Road: A Measurement of a Large Anonymous Online Marketplace

Christin¹

2012

247

376

View full text Add to dashboard Cite

We perform a comprehensive measurement analysis of Silk Road, an anonymous, international online marketplace that operates as a Tor hidden service and uses Bitcoin as its exchange currency. We gather and analyze data over eight months between the end of 2011 and 2012, including daily crawls of the marketplace for nearly six months in 2012. We obtain a detailed picture of the type of goods being sold on Silk Road, and of the revenues made both by sellers and Silk Road operators. Through examining over 24,400 separate items sold on the site, we show that Silk Road is overwhelmingly used as a market for controlled substances and narcotics, and that most items sold are available for less than three weeks. The majority of sellers disappears within roughly three months of their arrival, but a core of 112 sellers has been present throughout our measurement interval. We evaluate the total revenue made by all sellers, from public listings, to slightly over USD 1.2 million per month; this corresponds to about USD 92,000 per month in commissions for the Silk Road operators. We further show that the marketplace has been operating steadily, with daily sales and number of sellers overall increasing over our measurement interval. We discuss economic and policy implications of our analysis and results, including ethical considerations for future research in this area.

show abstract

“…Shebaro et al proposed the problem of finding the fingerprints in the hidden service log files on the “tor” network of an Apache web server . They used Reed Solomon code for encoding the input bits for the fast recovery of the additive channel.…”

Section: Related Workmentioning

confidence: 99%

“…Shebaro et al proposed the problem of finding the fingerprints in the hidden service log files on the ''tor'' network of an Apache web server. 18 They used Reed Solomon code for encoding the input bits for the fast recovery of the additive channel. The existing HTTP GET request for a web service and the delay of these requests in the tor network are used for determining the timeline analysis of the user request.…”

Section: Related Workmentioning

confidence: 99%

Secure logging scheme for forensic analysis in cloud

Sree

Bhanu

2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary Cloud computing has emerged as a prominent technology that provides reliable on‐demand cloud services to users. Among the various kind of attacks, Distributed Denial of Service (DDoS) attack is one of the major application layer attacks that target the resources and services running in the cloud. Due to the distributed nature of attacks or crimes in the cloud, the evidence are collected from various components such as the router, switches, hard disk, log traces, and virtual machines. An attacker may collude with the cloud provider or investigators to tamper the log files or by inserting false information or by deleting the malicious activity logs altogether by leaving no trace. Hence, security is the major concern in cloud wherein investigation of crimes and attacks are very difficult. Collecting logs from the cloud providers is very hard since many users share the same network resources and the investigators rely on the providers to access the information. Therefore, in order to preserve the confidentiality, integrity, and authentication of logs, secure logging scheme is proposed to preserve the logs for forensic investigation. This paper highlights the secure logging scheme by extracting the features from logs of all virtual machine instances by double encryption scheme and also deals the integrity of the logs using hashing and verifies the signatures using Bloom filter–based R tree (BR tree). Furthermore, the verification is performed using Shamir Secret Sharing (SSS) scheme, and it is responsible for sharing the secret (private) keys to all the three parties, ie, user, investigator, and cloud providers. It is inferred from the experimental results that the proposed scheme requires minimal log processing time, minimal verification time for inserting logs, stores logs in time, and space efficient manner and scalable than existing methods.

show abstract

Leaving timing-channel fingerprints in hidden service log files

Cited by 14 publications

References 19 publications

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

Traveling the Silk Road: A Measurement of a Large Anonymous Online Marketplace

Secure logging scheme for forensic analysis in cloud

Contact Info

Product

Resources

About