Identifying Proxy Nodes in a Tor Anonymization Circuit

Chakravarty, Sambuddho; Stavrou, Angelos; Keromytis, Angelos D.

We present a novel, practical, and effective mechanism that exposes the identity of Tor relays participating in a given circuit. Such an attack can be used by malicious or compromised nodes to identify the rest of the circuit, or as the first step in a follow-on trace-back attack. Our intuition is that by modulating the bandwidth of an anonymous connection (e.g. when the destination server, its router, or an entry point is under our control), we create observable fluctuations that propagate through the Tor network and the Internet to the end-user's host. To that end, we employ LinkWidth, a novel bandwidth-estimation technique. LinkWidth enables network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peer host, router, or ISP. Our approach also does not require compromise of any Tor nodes. In a series of experiments against the Tor network, we show that we can accurately identify the network location of most participating Tor relays.



Also Published In

Proceedings: 4th International Conference on Signal Image Technologies and Internet Based Systems: SITIS 2008: November 30-December 3, 2008, Dynasty Resort, Bali, Indonesia

More About This Work

Academic Units
Computer Science
Published Here
July 11, 2012