Abstract
Tor [Dingledine et al. 2004] is the most widely used anonymity network today, serving millions of users on a daily basis using a growing number of volunteer-run routers. Since its deployment in 2003, there have been more than three dozen proposals that aim to improve its performance, security, and unobservability. Given the significance of this research area, our goal is to provide the reader with the state of current research directions and challenges in anonymous communication systems, focusing on the Tor network. We shed light on the design weaknesses and challenges facing the network and point out unresolved issues.
- Masoud Akhoondi, Curtis Yu, and Harsha V. Madhyastha. 2012. LASTor: A low-latency as-aware tor client. In IEEE Symposium on Security and Privacy, SP 2012, 21--23 May 2012, San Francisco, California, USA. IEEE Computer Society, Washington, DC, 476--490. Google ScholarDigital Library
- Mashael AlSabah, Kevin Bauer, and Ian Goldberg. 2012. Enhancing tor’s performance using real-time traffic classification. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). ACM, New York, NY, 73--84. Google ScholarDigital Library
- Mashael AlSabah, Kevin S. Bauer, Tariq Elahi, and Ian Goldberg. 2013. The path less travelled: Overcoming tor’s bottlenecks with traffic splitting. In Privacy Enhancing Technologies - 13th International Symposium, PETS 2013, Bloomington, IN, USA, July 10--12, 2013. Proceedings. Springer, Berlin, 143--163.Google Scholar
- Mashael AlSabah, Kevin S. Bauer, Ian Goldberg, Dirk Grunwald, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker. 2011. DefenestraTor: Throwing out windows in tor. In Privacy Enhancing Technologies - 11th International Symposium, PETS 2011, Waterloo, ON, Canada, July 27--29, 2011. Proceedings. Springer, Berlin, 134--154. Google ScholarDigital Library
- Mashael AlSabah and Ian Goldberg. 2013. PCTCP: Per-circuit tcp-over-ipsec transport for anonymous communication overlay networks. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4--8, 2013. ACM, New York, NY, 349--360. Google ScholarDigital Library
- Mashael AlSabah and Ian Goldberg. 2016. Performance and Security Improvements for Tor: A Survey. Cryptology ePrint Archive, Report 2015/235. (2016). http://eprint.iacr.org/.Google Scholar
- Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster. 2010. Building a dynamic reputation system for DNS. In 19th USENIX Security Symposium, Washington, DC, USA, August 11--13, 2010, Proceedings. USENIX Association, Berkeley, CA, 273--290. Google ScholarDigital Library
- Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou II, Saeed Abu-Nimeh, Wenke Lee, and David Dagon. 2012. From throw-away traffic to bots: Detecting the rise of DGA-based malware. In Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8--10, 2012. USENIX Association, Berkeley, CA, 491--506. Google ScholarDigital Library
- Michael Backes, Aniket Kate, and Esfandiar Mohammadi. 2012. Ace: An efficient key-exchange protocol for onion routing. In Proceedings of the 11th Annual ACM Workshop on Privacy in the Electronic Society, WPES 2012, Raleigh, NC, USA, October 15, 2012. ACM, New York, NY, 55--64. Google ScholarDigital Library
- Kevin S. Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas C. Sicker. 2007. Low-resource routing attacks against tor. In Proceedings of the 2007 ACM Workshop on Privacy in the Electronic Society, WPES 2007, Alexandria, VA, USA, October 29, 2007. ACM, New York, NY, 11--20. Google ScholarDigital Library
- BBC News. 2007. Data disaster: Your Queries Answered. http://news.bbc.co.uk/2/hi/business/7105592.stm. (November 2007). Accessed March 2015.Google Scholar
- Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized anonymous payments from bitcoin. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18--21, 2014. IEEE Computer Society, Washington, DC, 459--474. Google ScholarDigital Library
- Leyla Bilge, Sevil Sen, Davide Balzarotti, Engin Kirda, and Christopher Kruegel. 2014. Exposure: A passive DNS analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. 16, 4 (2014), 14. Google ScholarDigital Library
- Alex Biryukov, Ivan Pustogarov, Fabrice Thill, and Ralf-Philipp Weinmann. 2014. Content and popularity analysis of tor hidden services. In 34th International Conference on Distributed Computing Systems Workshops (ICDCS 2014 Workshops), Madrid, Spain, June 30--July 3, 2014. IEEE Computer Society, Washington, DC, 188--193. Google ScholarDigital Library
- Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. 2013. Trawling for tor hidden services: Detection, measurement, deanonymization. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE Computer Society, Washington, DC, 80--94. Google ScholarDigital Library
- Henry Blodget. 2007. Compete CEO: ISPs Sell Clickstreams For $5 A Month. http://seekingalpha.com/article/29449-compete-ceo-isps-sell-clickstreams-for-5-a-month. (March 2007). Accessed March 2015.Google Scholar
- Nikita Borisov, George Danezis, Prateek Mittal, and Parisa Tabriz. 2007. Denial of service or denial of security?. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28--31, 2007. ACM, New York, NY, 92--102. Google ScholarDigital Library
- Torsten Braun, Christophe Diot, Anna Hoglander, and Vincent Roca. 1995. An Experimental User Level Implementation of TCP. Technical Report RR-2650. INRIA. http://hal.inria.fr/inria-00074040.Google Scholar
- Xiang Cai, Rishab Nithyanand, and Rob Johnson. 2014a. CS-BuFLO: A congestion sensitive website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES’14). ACM, New York, NY, 121--130. Google ScholarDigital Library
- Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, and Ian Goldberg. 2014b. A systematic approach to developing and evaluating website fingerprinting defenses. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS’14). ACM, New York, NY, 227--238. Google ScholarDigital Library
- Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. 2012. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). ACM, New York, NY, 605--616. Google ScholarDigital Library
- Dario Catalano, Dario Fiore, and Rosario Gennaro. 2009. Certificateless onion routing. In Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9--13, 2009. ACM, New York, NY, 151--160. Google ScholarDigital Library
- David Chaum. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 4, 2 (February 1981), 84--90. Google ScholarDigital Library
- Jen Christensen. 2008. FBI Tracked King’s Every Move. http://edition.cnn.com/2008/US/03/31/mlk.fbi.conspiracy/. (December 2008). Accessed March 2015.Google Scholar
- Lucian Constantin. 2012. Tor network used to command Skynet botnet. http://www.techworld.com/news/security/tor-network-used-command-skynet-botnet-3415592/. (December 2012). Accessed March 2015.Google Scholar
- George Danezis, Claudia Díaz, and Carmela Troncoso. 2007. Two-sided statistical disclosure attack. In Privacy Enhancing Technologies, 7th International Symposium, PET 2007 Ottawa, Canada, June 20--22, 2007, Revised Selected Papers. Springer, Berlin, 30--44. Google ScholarDigital Library
- George Danezis, Roger Dingledine, and Nick Mathewson. 2003. Mixminion: Design of a type III anonymous remailer protocol. In 2003 IEEE Symposium on Security and Privacy (S&P 2003), 11--14 May 2003, Berkeley, CA, USA. IEEE Computer Society, Washington, DC, 2--15. Google ScholarCross Ref
- Tim Dierks and Eric Rescorla. 2008. RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2. http://www.ietf.org/rfc/rfc5246.txt. (August 2008). Accessed March 2015.Google Scholar
- Roger Dingledine. 2011. Research Problems: Ten Ways to Discover Tor Bridges. https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges. (October 2011). Accessed March 2015.Google Scholar
- Roger Dingledine. 2013. Getting the HSDir flag should require more effort. https://trac.torproject.org/projects/tor/ticket/8243. (2013). Accessed March 2015.Google Scholar
- Roger Dingledine, Nicholas Hopper, George Kadianakis, and Nick Mathewson. 2014. One Fast Guard for Life (or 9 Months). https://www.petsymposium.org/2014/papers/Dingledine.pdf. (July 2014). Accessed March 2015.Google Scholar
- Roger Dingledine and Nick Mathewson. 2006. Anonymity loves company: Usability and the network effect. In Workshop on the Economics of Information Security. 547--559.Google Scholar
- Roger Dingledine and Nick Mathewson. 2015. Tor Protocol Specification. https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt. (2015). Accessed March 2015.Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul F. Syverson. 2004. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA. USENIX Association, Berkeley, CA, 303--320. Google ScholarDigital Library
- John Dunn. 2013. Mevade botnet miscalculated effect on Tor network, says Damballa. http://www.techworld.com/news/security/mevade-botnet-miscalculated-effect-on-tor-network-says-damballa-3468988/. (Sept-ember 2013). Accessed March 2015.Google Scholar
- Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In IEEE Symposium on Security and Privacy, SP 2012, 21--23 May 2012, San Francisco, California, USA. IEEE Computer Society, Washington, DC, 332--346. Google ScholarDigital Library
- Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. 2013. Protocol misidentification made easy with format-transforming encryption. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4--8, 2013. ACM, New York, NY, 61--72. Google ScholarDigital Library
- Matthew Edman and Paul F. Syverson. 2009. As-awareness in tor path selection. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9--13, 2009. ACM, New York, NY, 380--389. Google ScholarDigital Library
- Aled Edwards and Steve Muir. 1995. Experiences implementing a high performance TCP in user-space. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM’95). ACM, New York, NY, 196--205. Google ScholarDigital Library
- Nathan S. Evans, Roger Dingledine, and Christian Grothoff. 2009. A practical congestion attack on tor using long paths. In 18th USENIX Security Symposium, Montreal, Canada, August 10--14, 2009, Proceedings. USENIX Association, Berkeley, CA, 33--50. Google ScholarDigital Library
- Stephen Farrell and Hannes Tschofenig. 2014. IETF BCP 188: Pervasive Monitoring Is an Attack. (May 2014). Accessed March 2015.Google Scholar
- Nick Feamster and Roger Dingledine. 2004. Location diversity in anonymity networks. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society (WPES’04). ACM, New York, NY, 66--76. Google ScholarDigital Library
- Joan Feigenbaum, Aaron Johnson, and Paul F. Syverson. 2010. Preventing active timing attacks in low-latency anonymous communication. In Privacy Enhancing Technologies, 10th International Symposium, PETS 2010, Berlin, Germany, July 21--23, 2010. Proceedings, Vol. 6205. Springer, Berlin, 166--183. Google ScholarDigital Library
- David Fifield, Nate Hardison, Jonathan Ellithorpe, Emily Stark, Dan Boneh, Roger Dingledine, and Phillip A. Porras. 2012. Evading censorship with browser-based proxies. In Privacy Enhancing Technologies - 12th International Symposium, PETS 2012, Vigo, Spain, July 11-13, 2012. Proceedings, Vol. 7384. Springer, Berlin, 239--258. DOI:http://dx.doi.org/10.1007/978-3-642-31680-7_13 Google ScholarDigital Library
- John Geddes, Rob Jansen, and Nicholas Hopper. 2013. How low can you go: Balancing performance with anonymity in tor. In Privacy Enhancing Technologies, Emiliano De Cristofaro and Matthew Wright (Eds.). Lecture Notes in Computer Science, Vol. 7981. Springer, Berlin, 164--184. DOI:http://dx.doi.org/10.1007/978-3-642-39077-7_9Google Scholar
- John Geddes, Rob Jansen, and Nicholas Hopper. 2014. IMUX: Managing tor connections from two to infinity, and beyond. In Proceedings of the 13th Annual ACM Workshop on Privacy in the Electronic Society (WPES’14). ACM, New York, NY. Google ScholarDigital Library
- Mainak Ghosh, Miles Richardson, Bryan Ford, and Rob Jansen. 2014. A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays. http://www.robgjansen.com/publications/torpath-hotpets2014.pdf. (July 2014). Accessed March 2015.Google Scholar
- Ian Goldberg, Douglas Stebila, and Berkant Ustaoglu. 2011. Anonymity and One-way Authentication in Key Exchange Protocols. University of Waterloo Technical Report CACR 2011-05. (May 2011).Google Scholar
- Deepika Gopal and Nadia Heninger. 2012. Torchestra: Reducing interactive traffic delays over tor. In Proceedings of the 11th Annual ACM Workshop on Privacy in the Electronic Society, WPES 2012, Raleigh, NC, USA, October 15, 2012. ACM, New York, NY, 31--42. Google ScholarDigital Library
- Yotam Gottesman. 2014. RSA Uncovers New POS Malware Operation Stealing Payment Card & Personal Information. https://blogs.rsa.com/rsa-uncovers-new-pos-malware-operation-stealing-payment-card-personal-information/. (January 2014). Accessed March 2015.Google Scholar
- Larry Greenemeier. 2006. VA Secretary Comes Under Fire At House And Senate Data Theft Hearings. http://www.informationweek.com/va-secretary-comes-under-fire-at-house-a/188500312. (May 2006). Accessed March 2015.Google Scholar
- Larry Greenemeier. 2008. Security Breach: Feds Lose Laptop Containing Sensitive Data — Again. http://www.scientificamerican.com/article.cfm?id=security-breach-lost-laptop. (March 2008). Accessed March 2015.Google Scholar
- Ryan Henry and Ian Goldberg. 2011. Formalizing anonymous blacklisting systems. In 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22--25 May 2011, Berkeley, California, USA. 81--95. Google ScholarDigital Library
- Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. 2009. Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naive-bayes classifier. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). ACM, New York, NY, 31--42. Google ScholarDigital Library
- Nicholas Hopper. 2014. Challenges in protecting tor hidden services from botnet abuse. In Proceedings of Financial Cryptography and Data Security (FC’14). Springer, Berlin, 316--325.Google ScholarCross Ref
- Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin. 2010. How much anonymity does network latency leak? ACM Trans. Inf. Syst. Secur. 13, 2, Article 13 (March 2010), 28 pages. Google ScholarDigital Library
- Amir Houmansadr and Nikita Borisov. 2013. The need for flow fingerprints to link correlated network flows. In Privacy Enhancing Technologies - 13th International Symposium, PETS 2013, Bloomington, IN, USA, July 10--12, 2013. Proceedings, Vol. 7981. Springer, Berlin, 205--224.Google Scholar
- Amir Houmansadr, Chad Brubaker, and Vitaly Shmatikov. 2013. The parrot is dead: Observing unobservable network communications. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19--22, 2013. IEEE Computer Society, Washington, DC, 65--79. Google ScholarDigital Library
- Rob Jansen. 2016. New Tor Denial of Service Attacks and Defenses. https://blog.torproject.org/blog/new-tor-denial-service-attacks-and-defenses. (2016). Accessed January 2016.Google Scholar
- Rob Jansen, John Geddes, Chris Wacek, Micah Sherr, and Paul F. Syverson. 2014. Never been KIST: Tor’s congestion management blossoms with kernel-informed socket transport. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20--22, 2014. USENIX Association, Berkeley, CA, 127--142. Google ScholarDigital Library
- Rob Jansen and Nicholas Hopper. 2012. Shadow: Running tor in a box for accurate and efficient experimentation. In 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5--8, 2012. The Internet Society.Google Scholar
- Rob Jansen, Nicholas Hopper, and Yongdae Kim. 2010. Recruiting new tor relays with BRAIDS. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4--8, 2010. ACM, New York, NY, 319--328. Google ScholarDigital Library
- Rob Jansen, Nicholas Hopper, and Paul F. Syverson. 2012. Throttling tor bandwidth parasites. In 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5--8, 2012. The Internet Society.Google Scholar
- Rob Jansen, Aaron Johnson, and Paul F. Syverson. 2013. LIRA: lightweight incentivized routing for anonymity. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24--27, 2013. The Internet Society.Google Scholar
- Rob Jansen, Andrew Miller, Paul Syverson, and Bryan Ford. 2014a. From Onions to Shallots: Rewarding Tor Relays with TEARS. https://petsymposium.org/2014/papers/Jansen.pdf. (July 2014). Accessed April 2015.Google Scholar
- Rob Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann. 2014b. The sniper attack: Anonymously deanonymizing and disabling the tor network. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23--26, 2013. The Internet Society.Google ScholarCross Ref
- Aniket Kate, Gregory M. Zaverucha, and Ian Goldberg. 2007. Pairing-based onion routing. In Privacy Enhancing Technologies, 7th International Symposium, PET 2007 Ottawa, Canada, June 20--22, 2007, Revised Selected Papers. Springer, Berlin, 95--112. Google ScholarDigital Library
- Jeremy Kirk. 2013. Passwords reset after Pony botnet stole 2 million credentials. http://www.pcworld.com/article/2069260/passwords-reset-after-pony-botnet-stole-2-million-credentials.html. (December 2013). Accessed March 2015.Google Scholar
- Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier, and Srinivas Devadas. 2015. Circuit fingerprinting attacks: Passive deanonymization of tor hidden services. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 287--302. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kwon Google ScholarDigital Library
- Zhen Ling, Junzhou Luo, Kui Wu, and Xinwen Fu. 2013a. Protocol-level hidden server discovery. In INFOCOM, 2013 Proceedings IEEE. 1043--1051. DOI:http://dx.doi.org/10.1109/INFCOM.2013.6566894Google ScholarCross Ref
- Zhen Ling, Junzhou Luo, Wei Yu, Xinwen Fu, Weijia Jia, and Wei Zhao. 2013b. Protocol-level attacks against tor. Comput. Netw. 57, 4 (March 2013), 869--886. Google ScholarDigital Library
- Zhen Ling, Junzhou Luo, Wei Yu, Xinwen Fu, Dong Xuan, and Weijia Jia. 2009. A new cell counter based attack against tor. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 578--589. DOI:http://dx.doi.org/10.1145/1653662.1653732 Google ScholarDigital Library
- Zhen Ling, Junzhou Luo, Wei Yu, Ming Yang, and Xinwen Fu. 2012. Extensive analysis and large-scale empirical evaluation of tor bridge discovery. In Proceedings of the IEEE INFOCOM 2012, Orlando, FL, USA, March 25--30, 2012. IEEE Computer Society, Washington, DC, 2381--2389.Google ScholarCross Ref
- Mary Madden. 2014. Public Perceptions of Privacy and Security in the Post-Snowden Era. http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/. (November 2014). Accessed March 2015.Google Scholar
- Nayantara Mallesh and Matthew Wright. 2010. The reverse statistical disclosure attack. In Information Hiding, Rainer Böhme, Philip Fong, and Reihaneh Safavi-Naini (Eds.). Springer, Berlin, 221--234. Google ScholarDigital Library
- Nick Mathewson. 2010. Split relay and link crypto across multiple CPU cores. https://trac.torproject.org/projects/tor/ticket/1749. (2010). Accessed February 2016.Google Scholar
- Damon McCoy, Kevin S. Bauer, Dirk Grunwald, Tadayoshi Kohno, and Douglas C. Sicker. 2008. Shining light in dark places: Understanding the tor network. In Privacy Enhancing Technologies, 8th International Symposium, PETS 2008, Leuven, Belgium, July 23--25, 2008, Proceedings. Springer, Berlin, 63--76. Google ScholarDigital Library
- Jon McLachlan, Andrew Tran, Nicholas Hopper, and Yongdae Kim. 2009. Scalable onion routing with torsk. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9--13, 2009. ACM, New York, NY, 590--599. Google ScholarDigital Library
- Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin. 2013. Zerocoin: Anonymous distributed e-cash from bitcoin. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19--22, 2013. IEEE Computer Society, Washington, DC, 397--411. Google ScholarDigital Library
- Prateek Mittal and Nikita Borisov. 2009. ShadowWalker: Peer-to-peer anonymous communication using redundant structured topologies . In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 161--172. Google ScholarDigital Library
- Prateek Mittal, Ahmed Khurshid, Joshua Juen, Matthew Caesar, and Nikita Borisov. 2011a. Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 215--226. Google ScholarDigital Library
- Prateek Mittal, Femi Olumofin, Carmela Troncoso, Nikita Borisov, and Ian Goldberg. 2011b. PIR-Tor: Scalable anonymous communication using private information retrieval. In Proceedings of the 20th USENIX Conference on Security (SEC’11). USENIX Association, Berkeley, CA, 31--31. http://dl.acm.org/citation.cfm?id=2028067.2028098 Google ScholarDigital Library
- Hooman Mohajeri Moghaddam, Baiyu Li, Mohammad Derakhshani, and Ian Goldberg. 2012. SkypeMorph: Protocol obfuscation for tor bridges. In Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS’12, Raleigh, NC, USA, October 16--18, 2012. ACM, New York, NY, 97--108. Google ScholarDigital Library
- Ulf Möller, Lance Cottrell, Peter Palfrader, and Len Sassaman. 2003. Mixmaster Protocol - Version 3. IETF Internet Draft. (2003). http://www.eskimo.com/rowdenw/crypt/Mix/draft-moeller-v3-01.txt.Google Scholar
- W. Brad Moore, Chris Wacek, and Micah Sherr. 2011. Exploring the potential benefits of expanded rate limiting in tor: Slow and steady wins the race with tortoise. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC). ACM, New York, NY, 207--216. Google ScholarDigital Library
- Steven J. Murdoch and George Danezis. 2005. Low-cost traffic analysis of tor. In 2005 IEEE Symposium on Security and Privacy (S&P 2005), 8--11 May 2005, Oakland, CA, USA. IEEE Computer Society, Washington, DC, 183--195. Google ScholarDigital Library
- Steven J. Murdoch and Robert N. M. Watson. 2008. Metrics for security and performance in low-latency anonymity systems. In Privacy Enhancing Technologies, 8th International Symposium, PETS 2008, Leuven, Belgium, July 23-25, 2008, Proceedings. Springer, Berlin, 115--132. Google ScholarDigital Library
- Steven J. Murdoch and Piotr Zielinski. 2007. Sampled traffic analysis by internet-exchange-level adversaries. In Privacy Enhancing Technologies, 7th International Symposium, PET 2007 Ottawa, Canada, June 20-22, 2007, Revised Selected Papers. Springer, Berlin, 167--183. Google ScholarDigital Library
- Kate Murphy. 2012. How to Muddy Your Tracks on the Internet. http://www.nytimes.com/2012/05/03/technology/personaltech/how-to-muddy-your-tracks-on-the-internet.html?_r=0. (May 2012). Accessed March 2015.Google Scholar
- Tsuen-Wan Ngan, Roger Dingledine, and Dan S. Wallach. 2010. Building incentives into tor. In Financial Cryptography and Data Security, 14th International Conference, FC 2010, Tenerife, Canary Islands, January 25-28, 2010, Revised Selected Papers. Springer, Berlin, 238--256. Google ScholarDigital Library
- Rishab Nithyanand, Xiang Cai, and Rob Johnson. 2014. Glove: A bespoke website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES’14). ACM, New York, NY, 131--134. Google ScholarDigital Library
- Michael F. Nowlan, David Isaac Wolinsky, and Bryan Ford. 2013. Reducing latency in tor circuits with unordered delivery. In Presented as part of the 3rd USENIX Workshop on Free and Open Communications on the Internet. USENIX Association, Berkeley, CA.Google Scholar
- Lasse Øverlier and Paul F. Syverson. 2006. Locating hidden servers. In 2006 IEEE Symposium on Security and Privacy (S&P 2006), 21--24 May 2006, Berkeley, California, USA. IEEE Computer Society, Washington, DC, 100--114. Google ScholarDigital Library
- Lasse Øverlier and Paul F. Syverson. 2007. Improving efficiency and simplicity of tor circuit establishment and hidden services. In Privacy Enhancing Technologies, 7th International Symposium, PET 2007 Ottawa, Canada, June 20--22, 2007, Revised Selected Papers, Vol. 4776. Springer, Berlin, 134--152. Google ScholarDigital Library
- Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. 2011. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society, WPES 2011, Chicago, IL, USA, October 17, 2011. ACM, New York, NY, 103--114. Google ScholarDigital Library
- Mike Perry. 2016. The Trouble with Cloud Flare. https://blog.torproject.org/blog/trouble-cloudflare. (2016). Accessed May 2016.Google Scholar
- Andreas Pfitzmann and Marit Hansen. 2008. Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management — A Consolidated Proposal for Terminology. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.31.pdf. (February 2008). Accessed March 2015.Google Scholar
- Jean-François Raymond. 2000. Traffic analysis: Protocols, attacks, design issues, and open problems. In Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability. Springer-Verlag, LNCS 2009, 10--29. Google ScholarDigital Library
- Joel Reardon and Ian Goldberg. 2009. Improving tor using a TCP-over-DTLS tunnel. In 18th USENIX Security Symposium, Montreal, Canada, August 10--14, 2009, Proceedings. USENIX Association, Berkeley, CA, 119--134. Google ScholarDigital Library
- Michael G. Reed, Paul F. Syverson, and David M. Goldschlag. 1998. Anonymous connections and onion routing. IEEE J. Select. Areas Commun. 16, 4 (1998), 482--494. Google ScholarDigital Library
- Douglas Rushkoff. 2012. Will Your Internet Provider Be Spying on You? http://www.cnn.com/2012/07/06/opinion/rushkoff-online-monitoring/. (July 2012). Accessed March 2015.Google Scholar
- Juha Saarinen. 2014. First Shellshock Botnet Attacks Akamai, US DoD Networks. http://www.itnews.com.au/News/396197,first-shellshock-botnet-attacks-akamai-us-dod-networks.aspx. (September 2014). Accessed March 2015.Google Scholar
- Symantec Security. 2014. Apple IDs Targeted by Kelihos Botnet Phishing Campaign. http://www.symantec.com/connect/blogs/apple-ids-targeted-kelihos-botnet-phishing-campaign. (September 2014). Accessed March 2015.Google Scholar
- Micah Sherr, Matt Blaze, and Boon Thau Loo. 2009. Scalable link-based relay selection for anonymous routing. In Privacy Enhancing Technologies, 9th International Symposium, PETS 2009, Seattle, WA, USA, August 5--7, 2009. Proceedings. Springer, Berlin, 73--93. Google ScholarDigital Library
- Vitaly Shmatikov and Ming-Hsiu Wang. 2006. Timing analysis in low-latency mix networks: Attacks and defenses. In Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings, Vol. 4189. Springer, Berlin, 18--33. Google ScholarDigital Library
- Robin Snader. 2010. Path Selection for Performance- and Security-Improved Onion Routing. Ph.D. Dissertation. University of Illinois at Urbana-Champaign.Google Scholar
- Robin Snader and Nikita Borisov. 2008. A tune-up for tor: Improving security and performance in the tor network. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10th February--13th February 2008. The Internet Society.Google Scholar
- Can Tang and Ian Goldberg. 2010. An improved algorithm for tor circuit scheduling. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4--8, 2010. ACM, New York, NY, 329--339. Google ScholarDigital Library
- The Tor Project. 2015a. Tor Metrics Portal: Network. https://metrics.torproject.org/networksize.html?graph=networksize&start==2014-12-08&end==2015-03-08. (October 2015). Accessed March 2015.Google Scholar
- The Tor Project. 2015b. Tor Metrics Portal: Network. https://metrics.torproject.org/torperf.html. (October 2015). Accessed March 2015.Google Scholar
- Florian Tschorsch and Björn Scheurmann. 2011. Tor is unfair — and what to do about it. In Proceedings of the 36th IEEE Conference on Local Computer Networks (LCN). IEEE Computer Society, Washington, DC, USA, 432--440. Google ScholarDigital Library
- Camilo Viecco. 2008. UDP-OR: A Fair Onion Transport Design. http://www.petsymposium.org/2008/hotpets/udp-tor.pdf. (July 2008). Accessed March 2015.Google Scholar
- Chris Wacek, Henry Tan, Kevin S. Bauer, and Micah Sherr. 2013. An empirical evaluation of relay selection in tor. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24--27, 2013. The Internet Society.Google Scholar
- Qiyan Wang, Prateek Mittal, and Nikita Borisov. 2010. In search of an anonymous and aecure lookup: Attacks on structured peer-to-peer anonymous communication systems. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4--8, 2010. ACM, New York, NY, USA, 308--318. Google ScholarDigital Library
- Tao Wang, Kevin S. Bauer, Clara Forero, and Ian Goldberg. 2012. Congestion-aware path selection for tor. In Financial Cryptography and Data Security - 16th International Conference, FC 2012, Kralendijk, Bonaire, Februray 27--March 2, 2012, Revised Selected Papers, Vol. 7397. Springer, Berlin, 98--113.Google Scholar
- Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective attacks and provable defenses for website fingerprinting. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20--22, 2014. USENIX Association, Berkeley, CA, 143--157. Google ScholarDigital Library
- Tao Wang and Ian Goldberg. 2013. Improved website fingerprinting on tor. In Proceedings of the 12th Annual ACM Workshop on Privacy in the Electronic Society, WPES 2013, Berlin, Germany, November 4, 2013. ACM, New York, NY, 201--212. Google ScholarDigital Library
- Wei Wang, Mehul Motani, and Vikram Srinivasan. 2008. Dependent link padding algorithms for low latency anonymity systems. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, October 27-31, 2008. ACM, New York, NY, 323--332. Google ScholarDigital Library
- Philipp Winter and Stefan Lindskog. 2012. How the great firewall of china is blocking tor. In 2nd USENIX Workshop on Free and Open Communications on the Internet, FOCI’12, Bellevue, WA, USA, August 6, 2012. USENIX Association, Berkeley, CA, USA. https://www.usenix.org/conference/foci12/workshop-program/presentation/winterGoogle Scholar
- Matthew K. Wright, Micah Adler, Brian Neil Levine, and Clay Shields. 2004. The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. 7, 4 (2004), 489--522. Google ScholarDigital Library
Index Terms
- Performance and Security Improvements for Tor: A Survey
Recommendations
Safely Measuring Tor
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityTor is a popular network for anonymous communication. The usage and operation of Tor is not well-understood, however, because its privacy goals make common measurement approaches ineffective or risky. We present PrivCount, a system for measuring the Tor ...
Privacy-enhancing technologies: approaches and development
In this paper, we discuss privacy threats on the Internet and possible solutions to this problem. Examples of privacy threats in the communication networks are identity disclosure, linking data traffic with identity, location disclosure in connection ...
POSTER: Evaluating Privacy Metrics for Graph Anonymization and De-anonymization
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityMany modern communication systems generate graph data, for example social networks and email networks. Such graph data can be used for recommender systems and data mining. However, because graph data contains sensitive information about individuals, ...
Comments