research-article

Analysis of Fingerprinting Techniques for Tor Hidden Services

Authors:

Andriy Panchenko,

Thomas EngelAuthors Info & Claims

WPES '17: Proceedings of the 2017 on Workshop on Privacy in the Electronic Society

Pages 165 - 175

https://doi.org/10.1145/3139550.3139564

Published: 30 October 2017 Publication History

Abstract

The website fingerprinting attack aims to infer the content of encrypted and anonymized connections by analyzing traffic patterns such as packet sizes, their order, and direction. Although it has been shown that no existing fingerprinting method scales in Tor when applied in realistic settings, the case of Tor hidden (onion) services has not yet been considered in such scenarios. Recent works claim the feasibility of the attack in the context of hidden services using limited datasets.

In this work, we propose a novel two-phase approach for fingerprinting hidden services that does not rely on malicious Tor nodes. In our attack, the adversary merely needs to be on the link between the client and the first anonymization node. In the first phase, we detect a connection to a hidden service. Once a hidden service communication is detected, we determine the visited hidden service (phase two) within the hidden service universe. To estimate the scalability of our and other existing methods, we constructed the most extensive and realistic dataset of existing hidden services. Using this dataset, we show the feasibility of phase one of the attack and establish that phase two does not scale using existing classifiers. We present a comprehensive comparison of the performance and limits of the state-of-the-art website fingerprinting attacks with respect to Tor hidden services.

References

[1]

2014. Better, fairer circuit OOM handling. https://trac.torproject.org/projects/tor/ticket/9093. (2014).

[2]

2014. Thoughts and Concerns about Operation Onymous. https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous. (2014).

[3]

2015. Getting the HSDir flag should require the Stable flag. https://github.com/DonnchaC/torspec/blob/master/proposals/243-hsdir-flag-need-stable.txt. (2015).

[4]

2015. Load Balancing/High Availability Hidden Services. http://archives.seul.org/or/talk/Mar-2015/msg00218.html. (2015).

[5]

2015. Possible Solutions for Increasing the Capacity of a Hidden Service. https://lists.torproject.org/pipermail/tor-talk/2015-March/037173.html. (2015).

[6]

2017. Tor Rendezvous Specification. https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt. (2017).

[7]

Alex Biryukov, Ivan Pustogarov, Fabrice Thill, and Ralf-Philipp Weinmann. 2014. Content and Popularity Analysis of Tor Hidden Services. In 34th International Conference on Distributed Computing Systems Workshops. IEEE, Madrid, Spain, 188--193.

Digital Library

[8]

Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. 2013. Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization. In Symposium on Security and Privacy (S&P). IEEE, Berkeley, CA, USA, 80--94.

Digital Library

[9]

Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. 2012. Touching from a distance: website fingerprinting attacks and defenses. In ACM conference on Computer and communications security (CCS). ACM, Raleigh, NC, USA, 605--616.

Digital Library

[10]

Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2 (April 2011). Issue 3. Available: http://www.csie.ntu.edu.tw/~cjlin/libsvm.

Digital Library

[11]

Roger Dingledine and Nick Mathewson. 2017. Tor directory protocol, Version 3. https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt. (2017).

[12]

Roger Dingledine and Nick Mathewson. 2017. Tor Protocol Specification. https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt. (2017).

[13]

Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-generation Onion Router. In 13th conference on USENIX Security Symposium. USENIX Association.

[14]

Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In Symposium on Security and Privacy (S&P). IEEE, San Francisco, CA, USA, 332--346.

Digital Library

[15]

Rafael Gálvez, Marc Juarez, and Claudia Diaz. 2016. Profiling Tor Users with Unsupervised Learning Techniques. In International Workshop on Inference and Privacy in a Hyperconnected World (INFER). DE GRUYTER, Darmstadt, Germany.

[16]

Jamie Hayes and George Danezis. 2016. k-fingerprinting: a Robust Scalable Website Fingerprinting Technique. In 25th USENIX Security Symposium. USENIX Association, Austin, TX, 1187--1204.

[17]

Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. 2009. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier. In ACM workshop on Cloud computing security. ACM, Chicago, IL, USA, 31--42.

Digital Library

[18]

Rob Jansen, Florian Tschorsch, Aaron Johnson, and Bjorn Scheuermann. 2014. The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. In 21st Internet Society (ISOC) Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego, CA, USA.

[19]

Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, and Rachel Greenstadt. 2014. A Critical Evaluation of Website Fingerprinting Attacks. In 21st ACM Conference on Computer and Communications Security (CCS). ACM, Scottsdale, Arizona, USA, 263--274.

Digital Library

[20]

Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier, and Srinivas Devadas. 2015. Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services. In 24th USENIX Security Symposium. USENIX Association, Washington, D.C., 287--302.

[21]

Nick Mathewson. 2015. Next-Generation Hidden Services in Tor. https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt. (2015).

[22]

Srdjan Matic, Platon Kotzias, and Juan Caballero. 2015. Caronte: Detecting Location Leaks for Deanonymizing Tor Hidden Services. In 22nd ACM SIGSAC conference on Computer and communications security (CCS). ACM, Denver, Colorado, USA, 1455--1466.

Digital Library

[23]

Asya Mitseva, Andriy Panchenko, Fabian Lanze, Martin Henze, Klaus Wehrle, and Thomas Engel. 2016. POSTER: Fingerprinting Tor Hidden Services. In ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, Vienna, Austria, 1766--1768.

Digital Library

[24]

Steven Murdoch. 2006. Hot or not: Revealing hidden services by their clock skew. In ACM Conference on Computer and Communications Security (CCS). ACM, Alexandria, VA, USA, 27--36.

Digital Library

[25]

Juha Nurmi. 2015. Warning: 255 fake and booby trapped onion sites. (2015). https://lists.torproject.org/pipermail/tor-talk/2015-July/038318.html

[26]

Donncha O'Cearbhaill. 2017. OnionBalance. https://onionbalance.readthedocs.org/en/latest/. (2017).

[27]

Lasse Øverlier and Paul Syverson. 2006. Locating Hidden Servers. In Symposium on Security and Privacy (S&P). IEEE, Oakland, CA, USA, 99--114.

Digital Library

[28]

Andriy Panchenko, Fabian Lanze, Andreas Zinnen, Martin Henze, Jan Pennekamp, Klaus Wehrle, and Thomas Engel. 2016. Website Fingerprinting at Internet Scale. In the 23rd Internet Society (ISOC) Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego, CA, USA.

[29]

Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. 2011. Website Fingerprinting in Onion Routing Based Anonymization Networks. In 10th ACM Computer and Communications Security Workshop on Privacy in the Electronic Society. ACM, Chicago, Illinois, USA, 103--114.

Digital Library

[30]

Mike Perry. 2015. Notes and Action Items from Hidden Service Fingerprinting Session. https://lists.torproject.org/pipermail/tor-dev/2015-October/009632.html. (2015).

[31]

Sandeep Tata and Jignesh M. Patel. 2007. Estimating the Selectivity of tf-idf Based Cosine Similarity Predicates. Newsletter ACM SIGMOD Record 36 (June 2007), 7--12. Issue 2.

[32]

Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting. In 23rd USENIX conference on Security Symposium. USENIX Association, 1--15.

[33]

Tao Wang and Ian Goldberg. 2013. Improved website fingerprinting on Tor. In 12th ACM Computer and Communications Security Workshop on Privacy in the Electronic Society. ACM, Berlin, Germany, 201--212.

Digital Library

[34]

Tao Wang and Ian Goldberg. 2016. On Realistically Attacking Tor with Website Fingerprinting. In Privacy Enhancing Technologies (PETS). DE GRUYTER, Darmstadt, Germany, 21--36.

[35]

Chih wei Hsu, Chih-Chung Chang, and Chih-Jen Lin. 2010. A Practical Guide to Support Vector Classification. http://www.csie.ntu.edu.tw/~cjlin/papers/guide/guide.pdf. (2010).

[36]

Matthew Wright, Micah Adler, Brian Levine, and Clay Shields. 2003. Defending Anonymous Communication Against Passive Logging Attacks. In Symposium on Security and Privacy (S&P). IEEE, Oakland, CA, USA, 28--43.

[37]

Sebastian Zander and Steven Murdoch. 2008. An Improved Clock-skew Measurement Technique for Revealing Hidden Services. In 17th conference on USENIX Security symposium. USENIX Association, Berkeley, CA, USA, 211--225.

Cited By

Huang WWu HLi ZXie XZhang QWang XZhao JShi J(2025)K8s-enhanced lightweight simulation method for the Tor networkSecurity and Safety10.1051/sands/20240244(2024024)Online publication date: 5-Mar-2025
https://doi.org/10.1051/sands/2024024
von Arx TTran MVanbever L(2023)Revelio: A Network-Level Privacy Attack in the Lightning Network2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00060(942-957)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00060
Liu PHe LLi Z(2023)A Survey on Deep Learning for Website Fingerprinting Attacks and DefensesIEEE Access10.1109/ACCESS.2023.325355911(26033-26047)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3253559
Show More Cited By

Index Terms

Analysis of Fingerprinting Techniques for Tor Hidden Services
1. Networks
  1. Network properties
    1. Network privacy and anonymity
    2. Network security
2. Security and privacy
  1. Security services
    1. Privacy-preserving protocols
    2. Pseudonymity, anonymity and untraceability

Recommendations

TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Website fingerprinting (WFP) aims to infer information about the content of encrypted and anonymized connections by observing patterns of data flows based on the size and direction of packets. By collecting traffic traces at a malicious Tor entry node --...
Website fingerprinting in onion routing based anonymization networks
WPES '11: Proceedings of the 10th annual ACM workshop on Privacy in the electronic society

Low-latency anonymization networks such as Tor and JAP claim to hide the recipient and the content of communications from a local observer, i.e., an entity that can eavesdrop the traffic between the user and the first anonymization node. Especially ...
Improving the Privacy of Tor Onion Services
Applied Cryptography and Network Security
Abstract
Onion services enable bidirectional anonymity for parties that communicate over the Tor network, thus providing improved privacy properties compared to standard TLS connections. Since these services are designed to support server-side anonymity, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '17: Proceedings of the 2017 on Workshop on Privacy in the Electronic Society

October 2017

184 pages

ISBN:9781450351751

DOI:10.1145/3139550

General Chair:
Bhavani Thuraisingham
The University of Texas at Dallas, USA
,
Program Chair:
Adam J. Lee
University of Pittsburgh, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Fonds National de la Recherche Luxembourg

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

October 30, 2017

Texas, Dallas, USA

Acceptance Rates

WPES '17 Paper Acceptance Rate 14 of 56 submissions, 25%;

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
516
Total Downloads

Downloads (Last 12 months)74
Downloads (Last 6 weeks)8

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Huang WWu HLi ZXie XZhang QWang XZhao JShi J(2025)K8s-enhanced lightweight simulation method for the Tor networkSecurity and Safety10.1051/sands/20240244(2024024)Online publication date: 5-Mar-2025
https://doi.org/10.1051/sands/2024024
von Arx TTran MVanbever L(2023)Revelio: A Network-Level Privacy Attack in the Lightning Network2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00060(942-957)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00060
Liu PHe LLi Z(2023)A Survey on Deep Learning for Website Fingerprinting Attacks and DefensesIEEE Access10.1109/ACCESS.2023.325355911(26033-26047)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3253559
Mohd Aminuddin MZaaba ZSamsudin AZaki FAnuar N(2023)The rise of website fingerprinting on TorJournal of Network and Computer Applications10.1016/j.jnca.2023.103582212:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103582
Pastor-Galindo JGómez Mármol FMartínez Pérez G(2023)On the gathering of Tor onion addressesFuture Generation Computer Systems10.1016/j.future.2023.02.024145:C(12-26)Online publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.future.2023.02.024
Sönmez ESeçkin Codal K(2022)Terrorism in Cyberspace : A Critical Review of Dark Web Studies under the Terrorism LandscapeSakarya University Journal of Computer and Information Sciences10.35377/saucis...9507465:1(1-21)Online publication date: 30-Apr-2022
https://doi.org/10.35377/saucis...950746
Wang XWang MShi JLi ZZou KFang B(2022)Efficient Classification of Darknet Access Activity with Partial TrafficCyber Security10.1007/978-981-16-9229-1_7(113-128)Online publication date: 21-Jan-2022
https://doi.org/10.1007/978-981-16-9229-1_7
Wang XChen ZLi ZHuang WWang MPan SShi J(2022)Identification of MEEK-Based TOR Hidden Service Access Using the Key Packet SequenceComputational Science – ICCS 202210.1007/978-3-031-08751-6_40(554-568)Online publication date: 15-Jun-2022
https://doi.org/10.1007/978-3-031-08751-6_40
Huete Trujillo DRuiz-Martínez A(2021)Tor Hidden Services: A Systematic Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp10300251:3(496-518)Online publication date: 8-Sep-2021
https://doi.org/10.3390/jcp1030025
Wang XLi ZHuang WWang MShi JYang Y(2021)Towards Comprehensive Analysis of Tor Hidden Service Access Behavior Identification Under Obfs4 ScenarioProceedings of the 2021 ACM International Conference on Intelligent Computing and its Emerging Applications10.1145/3491396.3506532(205-210)Online publication date: 28-Dec-2021
https://dl.acm.org/doi/10.1145/3491396.3506532
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten