Abstract
Tor Hidden Service is a widely used tool designed to protect the anonymity of both client and server. In order to prevent the predecessor attacks, Tor introduces the guard selection algorithms. While the long-term binding relation between hidden service and guard relay increases the cost of existing predecessor attacks, it also gives us a new perspective to analyze the security of hidden services.
We utilize a novel method which can reveal guard relays for multiple hidden services. The method helps us to reveal guard relays for 13604 hidden services, and observe their binding relations for 7 months. Based on the binding relations, we conduct the first protocol-level measurement and family analysis of hidden services, and discover two types of families about hidden services, named onion family and onion-node family.
Our measurement reveals 263 onion families in Tor network, and the analysis shows that onion addresses in these families tend to use common prefixes or meaningful prefixes. By analyzing the webpage of these hidden services, we surprisingly find a super onion family that contains 121 hidden services, most of which runs a fraudulent website of bitcoin. Additionally, we also discover 49 onion-node families which have abnormal binding relations between hidden services and their guard relays, including expire bindings, bridge bindings and middle node bindings.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Change history
27 November 2020
In the version of this paper that was originally published, the affiliation of Muqian Chen, Xuebin Wang, Yue Gao, and Can Zhao has been changed to: ‘School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China’.
Notes
- 1.
drop cells are long-range paddings, the OR or OP must drop it when receiving such a cell.
References
https://gitweb.torproject.org/torspec.git/tree/guard-spec.txt
Tor specification. https://gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt
Barratt, M.J., Ferris, J.A., Winstock, A.R.: Use of silk road, the online drug marketplace, in the United Kingdom, Australia and the United States. Addiction 109(5), 774–783 (2014)
Bergman, M.K.: White paper: the deep web: surfacing hidden value. J. Electron. Publishing 7(1) (2001)
Biryukov, A., Pustogarov, I., Thill, F., Weinmann, R.P.: Content and popularity analysis of tor hidden services. In: IEEE International Conference on Distributed Computing Systems Workshops, pp. 188–193 (2014)
Biryukov, A., Pustogarov, I., Weinmann, R.P.: Trawling for tor hidden services: detection, measurement, deanonymization. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 80–94. IEEE (2013)
Chen, M., Wang, X., Liu, T., Shi, J., Yin, Z., Fang, B.: Signalcookie: discovering guard relays of hidden services in parallel. In: 2019 IEEE Symposium on Computers and Communications (ISCC). IEEE (2019)
Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. Arch. Neurol. 2(3), 293 (2012)
Danner, N., Defabbia-Kane, S., Krizanc, D., Liberatore, M.: Effectiveness and detection of denial-of-service attacks in Tor. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(3), 11 (2012)
Hout, M.C.V., Bingham, T.: ‘Silk road’, the virtual drug marketplace: a single case study of user experiences. Int. J. Drug Policy 24(5), 385–391 (2013)
Ling, Z., Luo, J., Wu, K., Fu, X.: Protocol-level hidden server discovery. In: International Conference on Computer Communications, pp. 1043–1051 (2013)
Ling, Z., Luo, J., Wu, K., Yu, W., Fu, X.: TorWard: discovery of malicious traffic over Tor. In: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp. 1402–1410. IEEE (2014)
Ling, Z., Luo, J., Wu, K., Yu, W., Fu, X.: TorWard: discovery, blocking, and traceback of malicious traffic over Tor. IEEE Trans. Inf. Forensics Secur. 10(12), 2515–2530 (2015)
Matic, S., Troncoso, C., Caballero, J.: Dissecting tor bridges: a security evaluation of their private and public infrastructures. In: Network and Distributed Systems Security Symposium, pp. 1–15. The Internet Society (2017)
Matic, S., et al.: Dissecting tor bridges: a security evaluation of their private and public infrastructures. In: Network and Distributed System Security Symposium (2017)
McLachlan, J., Hopper, N.: On the risks of serving whenever you surf: vulnerabilities in Tor’s blocking resistance design. In: Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society, pp. 31–40. ACM (2009)
Overlier, L., Syverson, P.F.: Locating hidden servers. In: IEEE Symposium on Security and Privacy, pp. 100–114 (2006)
Owen, G., Savage, N.: Empirical analysis of tor hidden services. IET Inf. Secur. 10(3), 113–118 (2016)
Sanchez-Rola, I., Balzarotti, D., Santos, I.: The onions have eyes: a comprehensive structure and privacy analysis of tor hidden services. In: Proceedings of the 26th International Conference on World Wide Web, pp. 1251–1260. International World Wide Web Conferences Steering Committee (2017)
Soska, K., Christin, N.: Measuring the longitudinal evolution of the online anonymous marketplace ecosystem. In: USENIX Conference on Security Symposium, pp. 33–48 (2015)
Sun, Y., Edmundson, A., Vanbever, L., Li, O.: RAPTOR: routing attacks on privacy in Tor. In: USENIX Security Symposium, pp. 271–286 (2015)
Winter, P., Ensafi, R., Loesing, K., Feamster, N.: Identifying and characterizing Sybils in the Tor network. In: USENIX Security Symposium, pp. 1169–1185 (2016)
Acknowledgments
This work was supported by the National Key Research and Development Program of China (Grant No. 2017YFC0820700) and National Defense Science and Technology Innovation Special Zone Project.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Appendix A. Onion Families in a Vector Graph
Appendix A. Onion Families in a Vector Graph
The structure of onion families in Tor is shown in the following figure. For some reason, the previous figure (Fig. 3) is not a vector graph. So we put a vector graph here (Fig. 6). The graph do not have any annotations, but it could see the address of hidden services clearly. We can find onion families with common prefixes and meaningful prefixes through enlarging the graph.
Onion families in Tor
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, M., Wang, X., Shi, J., Gao, Y., Zhao, C., Sun, W. (2020). Towards Comprehensive Security Analysis of Hidden Services Using Binding Guard Relays. In: Zhou, J., Luo, X., Shen, Q., Xu, Z. (eds) Information and Communications Security. ICICS 2019. Lecture Notes in Computer Science(), vol 11999. Springer, Cham. https://doi.org/10.1007/978-3-030-41579-2_30
Download citation
DOI: https://doi.org/10.1007/978-3-030-41579-2_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41578-5
Online ISBN: 978-3-030-41579-2
eBook Packages: Computer ScienceComputer Science (R0)