Beyond TOR: The TrueNyms Protocol

  • Nicolas Bernard
  • Franck Leprévost
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7053)


How to hide who is communicating with whom? How to hide when a person is communicating? How to even hide the existence of ongoing communications? Partial answers to these questions have already been proposed, usually as byproducts of anonymity providing systems. The most advanced one available today is Onion-Routing and is implemented in Tor and I2P. Still, Onion-Routing is exposed to a series of serious attacks. The current paper classifies these series of attacks, and announces the TrueNyms unobservability protocol. We describe here how TrueNyms handles one of the families of attacks applying to the current Onion-Routing system, namely traffic analysis on the “shape”, and give some evidence on its performance. Developed since 2003, TrueNyms is not anymore an academic answer to a privacy problem, but is a heavily tested and efficient product providing unobservability and anonymity. Although it cannot be used (for the time-being) for very low-latency applications like telephony over IP, TrueNyms can be efficiently used for most low-latency applications like Web browsing and HTTP-based protocols (RSS for instance), Instant Messaging, File transfers, audio and video streaming, remote shell, etc. TrueNyms allows parties to communicate without revealing anything about the communication — including its very existence — to any observer, despite how powerful such an observer might be.


Security Issue Video Streaming Replay Attack Implicit Model Incoming Connection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Back, A., Möller, U., Stiglic, A.: Traffic analysis attacks and trade-offs in anonymity providing systems. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 245–257. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against Tor. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2007), Washington, DC, USA (October 2007)Google Scholar
  3. 3.
    Bernard, N., Leprévost, F.: Unobservability of low-latency communications: the TrueNyms protocol. Work in Progress (2011)Google Scholar
  4. 4.
    Bissias, G.D., Liberatore, M., Jensen, D., Levine, B.N.: Privacy vulnerabilities in encrypted HTTP streams. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 1–11. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Campbell, D.: A new way to do anonymity. STOA European Parliament 168.184/Part.4 (April 04, 1999)Google Scholar
  6. 6.
    Dai, W.: A new way to do anonymity. Post to Cypherpunks Mailing List (February 07, 1995)Google Scholar
  7. 7.
    Danezis, G.: The traffic analysis of continuous-time mixes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 35–50. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  9. 9.
    Ebrahimi, T., Leprévost, F., Warusfel, B. (eds.): Enjeux de la sécurité multimédia. Informatique et Systèmes d’Information, Hermes-Lavoisier (2006)Google Scholar
  10. 10.
    Evans, N., Dingledine, R., Grothoff, C.: A practical congestion attack on tor using long paths. In: Proceedings of the 18th USENIX Security Symposium (August 2009)Google Scholar
  11. 11.
    Fu, X., Graham, B., Bettati, R., Zhao, W.: Active traffic analysis attacks and countermeasures. In: Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing, pp. 31–39 (2003)Google Scholar
  12. 12.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding Routing Information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  13. 13.
    Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW 2009), pp. 31–42. ACM, New York (2009)CrossRefGoogle Scholar
  14. 14.
    Hintz, A.: Fingerprinting websites using traffic analysis. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 171–178. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    The Invisible Internet Project: Introducing I2P (200x),
  16. 16.
    Kent, S., Atkinson, R.: RFC 2401 Security Architecture for IP. IETF (1998)Google Scholar
  17. 17.
    Liberatore, M., Levine, B.N.: Inferring the Source of Encrypted HTTP Connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 255–263 (October 2006)Google Scholar
  18. 18.
    McLachlan, J., Hopper, N.: On the risks of serving whenever you surf: Vulnerabilities in Tor’s blocking resistance design. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2009). ACM (November 2009)Google Scholar
  19. 19.
    Murdoch, S.J.: Hot or not: Revealing hidden services by their clock skew. In: Proceedings of CCS 2006 (October 2006)Google Scholar
  20. 20.
    Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE CS (May 2005)Google Scholar
  21. 21.
    Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 167–183. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    O’Connor, L.: On blending attacks for mixes with memory. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 39–52. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Øverlier, L., Syverson, P.: Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE CS (May 2006)Google Scholar
  24. 24.
    Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications 16(4), 482–494 (1998)CrossRefGoogle Scholar
  25. 25.
    Rescorla, E.: SSL and TLS – Designing and Building Secure Systems. Addison-Wesley (2001)Google Scholar
  26. 26.
    Rybczyńska, M.: Network-level properties of modern anonymity systems. In: Proceedings of the International Multiconference on Computer Science and Information Technology, pp. 837–843 (2008)Google Scholar
  27. 27.
    Rybczyńska, M.: A round-based cover traffic algorithm for anonymity systems. In: 2009 International Conference on Intelligent Networking and Collaborative Systems, pp. 93–99 (2009)Google Scholar
  28. 28.
    Serjantov, A., Sewell, P.: Passive attack analysis for connection-based anonymity systems. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 116–131. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  29. 29.
    Shmatikov, V., Wang, M.H.: Measuring relationship anonymity in mix networks. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2006) (October 2006)Google Scholar
  30. 30.
    Wang, M.-H.: Timing analysis in low-latency mix networks: Attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Sun, Q., Simon, D.R., Wang, Y.M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Berkeley, California (May 2002)Google Scholar
  32. 32.
    Wright, C.V., Monrose, F., Masson, G.M.: On inferring application protocol behaviors in encrypted network traffic. Journal of Machine Learning Research 7, 2745–2769 (2006)MathSciNetzbMATHGoogle Scholar
  33. 33.
    Zalewski, M.: Silence on the Wire: a Field Guide to Passive Reconnaissance and Indirect Attacks. No Starch Press (2005)Google Scholar
  34. 34.
    Zhu, Y., Fu, X., Graham, B., Bettati, R., Zhao, W.: On flow correlation attacks and countermeasures in mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 207–225. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Nicolas Bernard
    • 1
  • Franck Leprévost
    • 1
  1. 1.LACSUniversity of LuxembourgLuxembourg

Personalised recommendations