An international team of security researchers has received the prestigious (ISOC.pt). The researchers were recognized for their paper, 鈥淔low Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum,鈥 work that uncovered critical vulnerabilities in the Tor network.
The goal of the Tor network, one of the world鈥檚 most widely used anonymity networks, is to provide users a way to access the Internet as privately and anonymously as possible by routing encrypted traffic through multiple servers. Expectations are that this eliminates the possibility of tracing the origin of traffic, allowing Tor users to circumvent surveillance imposed by censorship agencies and national authorities.
Professor Diogo Barradas, from the Cheriton School of Computer Science, is among the paper鈥檚 co-authors. Their work was selected by the ISOC.pt because it exposed vulnerabilities in the Tor network that could be exploited by third parties to enable the tracking of presumed anonymous communications.
鈥淭he jury highlights the contribution of this paper to the protection of citizens鈥 rights online and against abusive surveillance and censorship on political or racial grounds, both goals of the Internet Society,鈥 wrote Professor Hugo Miranda on behalf of the jury and ISOC.pt board. 鈥淭he ISOC.pt congratulates Daniela Lopes, Jin-Dong Dong, Pedro Medeiros, Daniel Castro, Diogo Barradas, Bernardo Portela, Jo茫o Vinagre, Bernardo Ferreira, Nicolas Christin and Nuno Santos for this work.鈥
is an Assistant Professor at the Cheriton School of Computer Science, a member of the , and the interim Associate Director of the 蓝莓视频 Cybersecurity and Privacy Institute. His research focuses on network security and privacy, with particular emphasis on statistical traffic analysis, Internet censorship circumvention and digital forensics.
About this award-winning research
Tor is a widely recognized low-latency anonymity network that allows users to circumvent surveillance, eavesdropping and censorship. Its ability to defend against flow correlation attacks is essential to provide strong anonymity guarantees. However, the feasibility of flow correlation attacks against Tor onion services has remained an open challenge.
In their award-winning paper, the researchers present an effective flow correlation attack that can deanonymize onion service sessions in the Tor network. Their attack is based on a novel distributed technique named Sliding Subset Sum (SUMo), which can be deployed by a group of colluding ISPs worldwide in a federated fashion. These ISPs collect Tor traffic at multiple vantage points in the network and analyze it through a pipelined architecture based on machine learning classifiers and a novel similarity function based on the classic subset sum decision problem. These classifiers enable SUMo to deanonymize onion service sessions effectively and efficiently. The researchers also analyzed possible countermeasures the Tor community can adopt to hinder the efficacy of these attacks.
Key contributions of the research
- A novel classification algorithm that enables efficient and accurate flow correlation for Tor onion service sessions
- Improved circuit fingerprinting classifiers, capable of by-passing the circuit padding defences implemented in the latest versions of Tor
- A robust classification pipeline, demonstrating the practical application and effectiveness of deploying SUMo attacks on Tor onion service sessions
- A large dataset for enabling flow correlation on Tor, encompassing both clearnet and onion service websites; this dataset represents a valuable resource for in-depth study and analysis of the Tor network
- A comprehensive evaluation of the described techniques, showing that SUMo attacks are feasible and effective
To learn more about the research on which this article is based, please see Daniela Lopes, Jin-Dong Dong, Pedro Medeiros, Daniel Castro, Diogo Barradas, Bernardo Portela, Jo茫o Vinagre, Bernardo Ferreira, Nicolas Christin, Nuno Santos. . Proceedings of the 31st Network and Distributed System Security Symposium, San Diego, CA, USA.