Trawling for tor hidden services: Detection, measurement, deanonymization
English
Biryukov, Alex[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) > ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)]
Pustogarov, Ivan[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Weinmann, Ralf-Philipp[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
19-May-2013
2013 IEEE Symposium on Security and Privacy (SP)
IEEE Computer Society
Yes
International
978-1-4673-6166-8
USA
2013 IEEE Symposium on Security and Privacy (SP)
19-05-2013
IEEE
Berkeley, CA
USA
[en] Tor ; hidden service ; privacy ; anonymity network
[en] Tor is the most popular volunteer-based anonymity network consisting of over 3000 volunteer-operated relays. Apart from making connections to servers hard to trace to their origin it can also provide receiver privacy for Internet services through a feature called "hidden services". In this paper we expose flaws both in the design and implementation of Tor's hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services. We give a practical evaluation of our techniques by studying: (1) a recent case of a botnet using Tor hidden services for command and control channels; (2) Silk Road, a hidden service used to sell drugs and other contraband; (3) the hidden service of the DuckDuckGo search engine.