The DUSTER attack: Tor onion service attribution based on flow watermarking with track hiding

Alfonso Iacovazzi, Daniel Frassinelli, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

Tor is a distributed network composed of volunteer relays which is designed to preserve the sender-receiver anonymity of communications on the Internet. Despite the use of the onion routing paradigm, Tor is vulnerable to traffic analysis attacks. In this paper we present DUSTER, an active traffic analysis attack based on flow watermarking that exploits a vulnerability in Tor’s congestion control mechanism in order to link a Tor onion service with its real IP address. The proposed watermarking system embeds a watermark at the destination of a Tor circuit which is propagated throughout the Tor network and can be detected by our modified Tor relays in the proximity of the onion service. Furthermore, upon detection the watermark is cancelled so that the target onion service remains unaware of its presence. We performed a set of experiments over the real Tor network in order to evaluate the feasibility of this attack. Our results show that true positive rates above 94% and false positive rates below 0.05% can be easily obtained. Finally we discuss a solution to mitigate this and other traffic analysis attacks which exploit Tor’s congestion control.

Original languageEnglish
Title of host publicationRAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses
PublisherUSENIX Association
Pages213-225
Number of pages13
ISBN (Electronic)9781939133076
StatePublished - 1 Jan 2019
Event22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019 - Beijing, China
Duration: 23 Sep 201925 Sep 2019

Publication series

NameRAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses

Conference

Conference22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019
Country/TerritoryChina
CityBeijing
Period23/09/1925/09/19

ASJC Scopus subject areas

  • Computer Science (all)
  • Safety, Risk, Reliability and Quality
  • Law
  • Safety Research

Fingerprint

Dive into the research topics of 'The DUSTER attack: Tor onion service attribution based on flow watermarking with track hiding'. Together they form a unique fingerprint.

Cite this