References of "Weinmann, Ralf-Philipp 40020596"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailContent and popularity analysis of Tor hidden services
Biryukov, Alex UL; Pustogarov, Ivan UL; Thill, Fabrice et al

in proceedings of the 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (2014, June)

Tor hidden services allow running Internet services while protecting the location of the servers. Their main purpose is to enable freedom of speech even in situations in which powerful adversaries try to ... [more ▼]

Tor hidden services allow running Internet services while protecting the location of the servers. Their main purpose is to enable freedom of speech even in situations in which powerful adversaries try to suppress it. However, providing location privacy and client anonymity also makes Tor hidden services an attractive platform for every kind of imaginable shady service. The ease with which Tor hidden services can be set up has spurred a huge growth of anonymously provided Internet services of both types. In this paper we analyse the landscape of Tor hidden services. We have studied 39824 hidden service descriptors collected on 4th of Feb 2013: we scanned them for open ports; in the case of 3050 HTTP services, we analysed and classified their content. We also estimated the popularity of hidden services by looking at the request rate for hidden service descriptors by clients. We found that while the content of Tor hidden services is rather varied, the most popular hidden services are related to botnets.We also propose a method for opportunistic deanonymisation of Tor Hidden Service clients. In addtiton, we identify past attempts to track “Silkroad” by consensus history analysis. [less ▲]

Detailed reference viewed: 327 (12 UL)
Full Text
Peer Reviewed
See detailTrawling for tor hidden services: Detection, measurement, deanonymization
Biryukov, Alex UL; Pustogarov, Ivan UL; Weinmann, Ralf-Philipp UL

in 2013 IEEE Symposium on Security and Privacy (SP) (2013, May 19)

Tor is the most popular volunteer-based anonymity network consisting of over 3000 volunteer-operated relays. Apart from making connections to servers hard to trace to their origin it can also provide ... [more ▼]

Tor is the most popular volunteer-based anonymity network consisting of over 3000 volunteer-operated relays. Apart from making connections to servers hard to trace to their origin it can also provide receiver privacy for Internet services through a feature called "hidden services". In this paper we expose flaws both in the design and implementation of Tor's hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services. We give a practical evaluation of our techniques by studying: (1) a recent case of a botnet using Tor hidden services for command and control channels; (2) Silk Road, a hidden service used to sell drugs and other contraband; (3) the hidden service of the DuckDuckGo search engine. [less ▲]

Detailed reference viewed: 397 (3 UL)
Full Text
Peer Reviewed
See detailTorScan: Tracing Long-Lived Connections and Differential Scanning Attacks
Biryukov, Alex UL; Pustogarov, Ivan UL; Weinmann, Ralf-Philipp UL

in Computer Security - ESORICS 2012 - 17th European Symposium on Research in Computer Security (2012)

Tor is a widely used anonymity network providing low-latency communication capabilities. The anonymity provided by Tor heavily relies on the hardness of linking a user’s entry and exit nodes. If an ... [more ▼]

Tor is a widely used anonymity network providing low-latency communication capabilities. The anonymity provided by Tor heavily relies on the hardness of linking a user’s entry and exit nodes. If an attacker gains access to the topological information about the Tor network instead of having to consider the network as a fully connected graph, this anonymity may be reduced. In fact, we have found ways to probe the connectivity of a Tor relay. We demonstrate how the resulting leakage of the Tor network topology can be used in attacks which trace back a user from an exit relay to a small set of potential entry nodes. [less ▲]

Detailed reference viewed: 112 (2 UL)
Full Text
Peer Reviewed
See detailTorScan: Deanonymizing Connections Using Topology Leaks
Biryukov, Alex UL; Pustogarov, Ivan UL; Weinmann, Ralf-Philipp UL

in ERCIM News (2012), (90), 29-29

Tor is one of the most widely used tools for providing anonymity on the Internet. We have devised novel attacks against the Tor network that can compromise the anonymity of users accessing services that ... [more ▼]

Tor is one of the most widely used tools for providing anonymity on the Internet. We have devised novel attacks against the Tor network that can compromise the anonymity of users accessing services that exhibit frequent and predictable communication patterns and users establishing long-lived connections. [less ▲]

Detailed reference viewed: 155 (6 UL)
Full Text
Peer Reviewed
See detailPractical Cryptanalysis of ISO/IEC 9796-2 and EMV Signatures
Coron, Jean-Sébastien UL; Naccache, David; Tibouchi, Mehdi UL et al

in Proceedings of CRYPTO 2009 (2009)

In 1999, Coron, Naccache and Stern discovered an existential signature forgery for two popular RSA signature standards, ISO/IEC 9796-1 and 2. Following this attack ISO/IEC 9796-1 was withdrawn. ISO/IEC ... [more ▼]

In 1999, Coron, Naccache and Stern discovered an existential signature forgery for two popular RSA signature standards, ISO/IEC 9796-1 and 2. Following this attack ISO/IEC 9796-1 was withdrawn. ISO/IEC 9796-2 was amended by increasing the message digest to at least 160 bits. Attacking this amended version required at least 2^{61} operations. In this paper, we exhibit algorithmic refinements allowing to attack the amended (currently valid) version of ISO/IEC 9796-2 for all modulus sizes. A practical forgery was computed in only two days using 19 servers on the Amazon EC2 grid for a total cost of $\simeq$ US$800. The forgery was implemented for e?= 2 but attacking odd exponents will not take longer. The forgery was computed for the RSA-2048 challenge modulus, whose factorization is still unknown. The new attack blends several theoretical tools. These do not change the asymptotic complexity of Coron et al.’s technique but significantly accelerate it for parameter values previously considered beyond reach. While less efficient (US$45,000), the acceleration also extends to EMV signatures. EMV is an ISO/IEC 9796-2-compliant format with extra redundancy. Luckily, this attack does not threaten any of the 730 million EMV payment cards in circulation for operational reasons. Costs are per modulus: after a first forgery for a given modulus, obtaining more forgeries is virtually immediate. [less ▲]

Detailed reference viewed: 103 (9 UL)