НАБОР ПРИЗНАКОВ УСТАНОВЛЕНИЯ HTTPS-СОЕДИНЕНИЯ TLS V1.3 ПРОГРАММНЫМ КОМПЛЕКСОМ «ТОР»

Abstract

The suppression of illegal activities of Internet users is one of the urgent problems of informationsecurity in the Russian Federation. The suppression of the activities of persons committingillegal actions using digital technologies, in particular, using the Tor anonymous network, is oneof the tasks of federal law enforcement agencies that ensure information security. The difficulty ofdetecting and identifying the use of the Tor software package in data transmission networks is dueto a number of measures taken by its developers aimed at masking the data flow of the complex,including the use of modern algorithms for encryption of data packets. The aim of the work is tocreate and describe a set of attributes for establishing an https-connection by the Tor softwarepackage in the context of using TLS data encryption using the version 1.3 protocol. The tasks ofthe work are the preparation and analysis of traffic materials of the Tor software package, as wellas the creation, based on the data obtained, of a set of signs of establishing a connection betweenthe client and the server of the anonymous network. In the course of analyzing the data flow of theanonymous network, the stage of establishing a connection between the client and the input serverof the chain of nodes of the Tor network, the so-called "TLS handshake", was investigated. Itshould be noted that this work complements previous studies on the analysis of TLS encryption interms of the TLS v1.3 encryption protocol used since 2018, describing its features as part of themechanism for implementing anonymization by the Tor software package. The authors propose touse the size of the "TLS handshake" packets as the main features that carry identifying informationabout the establishment of an anonymous connection between the client and the Tor network node.The reported study was funded by Russian Ministry of Science (information security), projectnumber 23/2020.