Tor De-anonymisation Techniques

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10394)


Tor offers a censorship-resistant and distributed platform that can provide easy-to-implement anonymity to web users, websites, and other web services. Tor enables web servers to hide their location, and Tor users can connect to these authenticated hidden services while the server and the user both stay anonymous. However, throughout the years of Tor’s existence, some users have lost their anonymity. This paper discusses the technical limitations of anonymity and the operational security challenges that Tor users will encounter. We present a hands-on demonstration of anonymity exposures that leverage traffic correlation attacks, electronic fingerprinting, operational security failures, and remote code execution. Based on published research and our experience with these methods, we will discuss what they are and how some of them can be exploited. Also, open problems, solutions, and future plans are discussed.


  1. 1.
    Goldschlag, D., Reed, M., Syverson, P.: Onion routing. Commun. ACM 42(2), 39–41 (1999). doi: 10.1145/1653662.1653708 CrossRefGoogle Scholar
  2. 2.
    Dingledine, R., Mathewson, N., Syverson, P.: Deploying low-latency anonymity: design challenges and social factors. IEEE Secur. Priv. 5(5), 83–87 (2007). doi: 10.1109/MSP.2007.108 CrossRefGoogle Scholar
  3. 3.
    The Tor Project Foundation.
  4. 4.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Technical report, DTIC Document (2004)Google Scholar
  5. 5.
    Guardian, T.: Tor: the king of high-secure, low-latency anonymity (2013).
  6. 6.
    Biryukov, A., Pustogarov, I., Thill, F., Weinmann, R.P.: Content and popularity analysis of tor hidden services. In: 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 188–193. IEEE (2014). doi: 10.1109/ICDCSW.2014.20
  7. 7.
    Semenov, A.: Analysis of services in tor network: finnish segment. In: Proceedings of the 12th European Conference on Information Warfare and Security: ECIW 2013, p. 252. Academic Conferences Limited (2013)Google Scholar
  8. 8.
    Edman, M., Syverson, P.: As-awareness in tor path selection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 380–389. ACM (2009). doi: 10.1145/1653662.1653708
  9. 9.
    Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 167–183. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-75551-7_11 CrossRefGoogle Scholar
  10. 10.
    Johnson, A., Wacek, C., Jansen, R., Sherr, M., Syverson, P.: Users get routed: traffic correlation on tor by realistic adversaries. In: Proceedings of the 2013 ACM SIGSAC Conference On Computer and Communications Security, pp. 337–348. ACM (2013). doi: 10.1145/2508859.2516651
  11. 11.
    Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE J. Sel. Areas Commun. 16(4), 482–494 (1998). doi: 10.1109/49.668972 CrossRefGoogle Scholar
  12. 12.
    Chakravarty, S., Barbera, M.V., Portokalidis, G., Polychronakis, M., Keromytis, A.D.: On the effectiveness of traffic analysis against anonymity networks using flow records. In: Faloutsos, M., Kuzmanovic, A. (eds.) PAM 2014. LNCS, vol. 8362, pp. 247–257. Springer, Cham (2014). doi: 10.1007/978-3-319-04918-2_24 CrossRefGoogle Scholar
  13. 13.
    Danezis, G.: The traffic analysis of continuous-time mixes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 35–50. Springer, Heidelberg (2005). doi: 10.1007/11423409_3 CrossRefGoogle Scholar
  14. 14.
    Elahi, T., Bauer, K., AlSabah, M., Dingledine, R., Goldberg, I.: Changing of the guards: a framework for understanding and improving entry guard selection in tor. In: Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, pp. 43–54. ACM (2012). doi: 10.1145/2381966.2381973
  15. 15.
    Schneier, B.: Attacking Tor: how the NSA targets users’ online anonymity. (2013).
  16. 16.
    The Federal Bureau of Investigation: Narcotic Tracking Conspiracy. Sealed Complaint against Ross Ulbricht (2014).
  17. 17.
    Ulbricht, R., Forum, B.: Ross Ulbricht’s message (2011).
  18. 18.
    Fonseca, J., Vieira, M., Madeira, H.: Testing and comparing web vulnerability scanning tools for sql injection and xss attacks. In: 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007, pp. 365–372. IEEE (2007). doi: 10.1109/PRDC.2007.55
  19. 19.
    Adida, B.: Sessionlock: securing web sessions against eavesdropping. In: Proceedings of the 17th International Conference on World Wide Web, pp. 517–524. ACM (2008). doi: 10.1145/1367497.1367568
  20. 20.
    King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. LEET 8, 1–8 (2008). doi: 10.1145/1346281.2181012 Google Scholar
  21. 21.
    Khandelwal, S., Shah, P., Bhavsar, M.K., Gandhi, S.: Frontline techniques to prevent web application vulnerability. Int. J. Adv. Res. Comput. Sci. Electron. Eng. (IJARCSEE) 2(2), 208 (2013)Google Scholar
  22. 22.
    Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet denial of service: attack and defense mechanisms (radia perlman computer networking and security) (2004)Google Scholar
  23. 23.
    The Federal Bureau of Investigation: Affidavit Case 3: 15-cr-05351-RJB Document 166–2. Playpen website exploit (2016).
  24. 24.
    Mozilla Foundation Security Advisory 2013–53: Execution of unmapped memory through onreadystatechange event (2013).
  25. 25.
    Tor-talk mailing list : JavaScript exploit (2016).
  26. 26.
    Mozilla Foundation Security Advisory 2016–92: Firefox SVG Animation Remote Code Execution (2016).
  27. 27.
    VLC - Ticket system: VLC media player privacy leak due to -no-metadata-network-access not being respected (2016).
  28. 28.
    Naked Security: Use of Tor pointed FBI to Harvard University bomb hoax suspect (2013).
  29. 29.
    The Federal Bureau of Investigation : Affidavit of special agent Thomas M. Dalton (2013).
  30. 30.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003). doi: 10.1007/3-540-36467-6_4 CrossRefGoogle Scholar
  31. 31.
    Published by Der Spiegel: The NSA TEMPORA documentation (2013).
  32. 32.
    Tails: Tails operating system - privacy for anyone anywhere.
  33. 33.
    Whonix: Stay anonymous with Whonix Operating system.
  34. 34.
    Wikipedia, The Free Encyclopedia (English): Anonymous file sharing networks (2017).
  35. 35.
    Díaz, C., Sassaman, L., Dewitte, E.: Comparison between two practical mix designs. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 141–159. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30108-0_9 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Kinkayo Pte LtdSingaporeSingapore
  2. 2.Laboratory of Pervasive ComputingTampere University of TechnologyTampereFinland

Personalised recommendations