Analyzing the Effectiveness of Passive Correlation Attacks on the Tor Anonymity Network

Abstract

Tor is a widely used low-latency anonymity system. It allows users of web browsers, chat clients, and other common low-latency applications to communicate anonymously online by routing their connection through a circuit of three Tor routers. However, Tor is commonly assumed to be vulnerable to a wide variety of attacks, which might allow Tor operators or outside observers to compromise the anonymity of Tor’s users. One of these attacks is an end-to-end correlation attack, whereby an attacker controlling the first and last router in a circuit can use timing and other data to correlate streams observed at those routers and therefore break Tor’s anonymity. Since most prior tests of correlation algorithms have been either in simulation or have only used certain kinds of traffic, our goal was to test how well these algorithms work on the deployed Tor network. In this thesis we tested three correlation algorithms. Two of these algorithms are from prior work, and the third was designed by us. Its design was based on observations and analyses of data we collected during the testing process. We found that while the two previously-existing algorithms we tested both have problems that prevent them being used in certain cases, our algorithm works reliably on all types of data.