TY - GEN
T1 - Circuit fingerprinting attacks
T2 - 24th USENIX Security Symposium
AU - Kwon, Albert
AU - AlSabah, Mashael
AU - Lazar, David
AU - Dacier, Marc
AU - Devadas, Srinivas
N1 - Publisher Copyright:
© 2015 Proceedings of the 24th USENIX Security Symposium. All rights reserved.
PY - 2015
Y1 - 2015
N2 - This paper sheds light on crucial weaknesses in the design of hidden services that allow us to break the anonymity of hidden service clients and operators passively. In particular, we show that the circuits, paths established through the Tor network, used to communicate with hidden services exhibit a very different behavior compared to a general circuit. We propose two attacks, under two slightly different threat models, that could identify a hidden service client or operator using these weaknesses. We found that we can identify the users’ involvement with hidden services with more than 98% true positive rate and less than 0.1% false positive rate with the first attack, and 99% true positive rate and 0.07% false positive rate with the second. We then revisit the threat model of previous website fingerprinting attacks, and show that previous results are directly applicable, with greater efficiency, in the realm of hidden services. Indeed, we show that we can correctly determine which of the 50 monitored pages the client is visiting with 88% true positive rate and false positive rate as low as 2.9%, and correctly deanonymize 50 monitored hidden service servers with true positive rate of 88% and false positive rate of 7.8% in an open world setting.
AB - This paper sheds light on crucial weaknesses in the design of hidden services that allow us to break the anonymity of hidden service clients and operators passively. In particular, we show that the circuits, paths established through the Tor network, used to communicate with hidden services exhibit a very different behavior compared to a general circuit. We propose two attacks, under two slightly different threat models, that could identify a hidden service client or operator using these weaknesses. We found that we can identify the users’ involvement with hidden services with more than 98% true positive rate and less than 0.1% false positive rate with the first attack, and 99% true positive rate and 0.07% false positive rate with the second. We then revisit the threat model of previous website fingerprinting attacks, and show that previous results are directly applicable, with greater efficiency, in the realm of hidden services. Indeed, we show that we can correctly determine which of the 50 monitored pages the client is visiting with 88% true positive rate and false positive rate as low as 2.9%, and correctly deanonymize 50 monitored hidden service servers with true positive rate of 88% and false positive rate of 7.8% in an open world setting.
UR - http://www.scopus.com/inward/record.url?scp=85076218571&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85076218571
T3 - Proceedings of the 24th USENIX Security Symposium
SP - 287
EP - 302
BT - Proceedings of the 24th USENIX Security Symposium
PB - USENIX Association
Y2 - 12 August 2015 through 14 August 2015
ER -