Browser-Based Attacks on Tor

12 years 8 months ago
Browser-Based Attacks on Tor
This paper describes a new attack on the anonymity of web browsing with Tor. The attack tricks a user’s web browser into sending a distinctive signal over the Tor network that can be detected using traffic analysis. It is delivered by a malicious exit node using a man-in-themiddle attack on HTTP. Both the attack and the traffic analysis can be performed by an adversary with limited resources. While the attack can only succeed if the attacker controls one of the victim’s entry guards, the method reduces the time required for a traffic analysis attack on Tor from O(nk) to O(n + k), where n is the number of exit nodes and k is the number of entry guards. This paper presents techniques that exploit the Tor exit policy system to greatly simplify the traffic analysis. The fundamental vulnerability exposed by this paper is not specific to Tor but rather to the problem of anonymous web browsing itself. This paper also describes a related attack on users who toggle the use of Tor with the ...
Timothy G. Abbott, Katherine J. Lai, Michael R. Li
Added 09 Jun 2010
Updated 09 Jun 2010
Type Conference
Year 2007
Where PET
Authors Timothy G. Abbott, Katherine J. Lai, Michael R. Lieberman, Eric C. Price
Comments (0)