Security Research Of Tor-based Anonymous Communication System

The Onion Router (Tor) is developed based on the Mix ideal which providing relationship anonymous services. As the most popular and security low-latency anonymous system, Tor not only provides sender privacy but also provides responder privacy which circuits are bi-directionally anonymous. Due to the scalability, strong anonymity, ease of use and many other reasons, Tor continues to grow and develop.Although Tor is ideal for low latency interactive network applications,but for the global attacker, Tor anonymity system is not a secure system.Currently, there are some security methods confined to the non-global attack on the security model assumptions, however, the real world attacks are complicated, some of the non-global attackers were also able to launch attacks against Tor. Our purpose is to enhance the security of Tor and find a balance between network performance and security, and then providing users better privacy protection.In this paper, we focus on the security of Tor-based anonymous communication system and do some research as follows:1. There are vulnerabilities can be used to deanonymize Tor's hidden service. Based on analysis of the hidden service protocol, we found a special combination of cells transmitted during the circuit creation procedure that could be used to degrade the anonymity.Then, we investigate a protocol-feature based method for locating Tor's hidden service. The main idea resides in fact that an attacker could monitor traffic and manipulate cells at the client side entry router, and an adversary at the hidden server side could cooperate to reveal the communication relationship. Compared with the existing works, this method can degrade the sender anonymity of hidden service. Through theoretical analysis and experiments over Tor network, the experiment results demonstrate that our attack can achieve high rate of detection rate with low false positive rate.2. Existing passive schemes against hidden services have a common feature that the attackers need to make decryption error and enforce users or hidden services to send the DESTROY cell to make an identified signature, and with the development of the entry guards, these passive methods may suffer a high rate of false positives. This paper proposed a transparent discovery of hidden service. We find a unique cell-count feature with the cell padding mechanism of Tor. An attacker can manipulate an onion router into Tor network and monitor traffic passing through it. Once the cell-count feature is discovered, the attacker confirms the controlled router is chosen as the entry router, and the adjacent node is the client. Compared with the existing works, our approach does not disturb the normal communication of the hidden service.3. The Denial of Service attacks are considered as the major threat to the current network which aim to make the target services invalidation by consuming the resource of network-layer and tramsport-layer, however, can be effectively defended by filtering the source IP addresses. This paper proposed a Tor-based Distributed Denial of Service attack, and investigated countermeasures. This method can launch a Distributed Denial of Service attack attack through Tor network toward any host on the Internet, and it is very difficult to trace the attacker due to the strong anonymity of Tor. We also implement this attack, and do experiments in different network environment. The experiments results demonstrated the effectiveness of our method.