Abstract

ABSTRACTTor protocol has been designed primarily to defend against traffic analysis, which threatens privacy while using Internet. In this paper, we consider a very common threat model where an attacker can observe only the local traffic between the target Tor client and the first Tor relay. We show that even with this restricted threat model, the attacker can infer relevant information about the client's traffic, in particular when exactly new circuits are constructed. This is achieved by analyzing the Tor traffic using Hidden Markov Models (HMMs). The experimental analysis shows that the proposed HMM‐based approach has a high precision (93 % on average) and F‐measure (75 % on average). The more interesting part of the paper discusses how a local attacker can identify the hops forming circuits initiated by the Tor client victim. The attack is based on sampling the timing patterns of the most “probable” paths and then estimating the likelihood of each one of them given a circuit construction packets sequence. The experimental analysis shows that the proposed approach has an acceptable precision (around 50 %) as long as the time delay between HMM learning and the actual traffic analysis is relatively small. Copyright © 2012 John Wiley & Sons, Ltd.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.