Abstract

The Tor network is widely recognized as an important tool to preserve online privacy. In addition to anonymous Internet access, it allows hosting anonymous services, i.e., Onion Services. However, connecting to an Onion Service is realized in a way that makes them vulnerable to Denial-of-Service attacks (DoS). In this work, we propose Onion Pass, an extension of the Tor protocol that utilizes anonymous cryptographic tokens to mitigate the issue. Clients can solve a challenge to acquire tokens that later can be presented to the Onion Service. The Onion Service can thus differentiate between valid and malicious requests when under attack. Please note that Onion pass is agnostic on the specific challenge-response scheme and follows a design philosophy that puts Onion Services in control of the Onion Pass protocol. We implemented a prototype of Onion Pass and present experimental results that indicate its potential to prevent DoS attacks on Onion Services by reducing their CPU usage required to identify malicious requests by a factor of 47.

Full Text

Published Version

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.