Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The Effect of DNS on Tor´s Anonymity
KTH Royal Institute of Tech. .ORCID iD: 0000-0002-7102-8153
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0001-6459-8409
Princeton University.
Princeton University.
Show others and affiliations
2017 (English)In: NDSS Symposium 2017, Internet society , 2017Conference paper, Published paper (Refereed)
Abstract [en]

Previous attacks that link the sender and receiver oftraffic in the Tor network (“correlation attacks”) have generallyrelied on analyzing traffic from TCP connections. The TCPconnections of a typical client application, however, are oftenaccompanied by DNS requests and responses. This additionaltraffic presents more opportunities for correlation attacks. Thispaper quantifies how DNS traffic can make Tor users more vulnerableto correlation attacks. We investigate how incorporatingDNS traffic can make existing correlation attacks more powerfuland how DNS lookups can leak information to third partiesabout anonymous communication. We (i) develop a method toidentify the DNS resolvers of Tor exit relays; (ii) develop a newset of correlation attacks (DefecTor attacks) that incorporate DNStraffic to improve precision; (iii) analyze the Internet-scale effectsof these new attacks on Tor users; and (iv) develop improvedmethods to evaluate correlation attacks. First, we find that thereexist adversaries that can mount DefecTor attacks: for example,Google’s DNS resolver observes almost 40% of all DNS requestsexiting the Tor network. We also find that DNS requests oftentraverse ASes that the corresponding TCP connections do nottransit, enabling additional ASes to gain information about Torusers’ traffic. We then show that an adversary that can mount aDefecTor attack can often determine the website that a Tor useris visiting with perfect precision, particularly for less popularwebsites where the set of DNS names associated with that websitemay be unique to the site. We also use the Tor Path Simulator(TorPS) in combination with traceroute data from vantage pointsco-located with Tor exit relays to estimate the power of AS-leveladversaries that might mount DefecTor attacks in practice.

Place, publisher, year, edition, pages
Internet society , 2017.
Keywords [en]
Tor, Website Fingerprinting, Correlation Attacks, Anonymity, DNS
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-64786DOI: 10.14722/ndss.2017.23311ISBN: 1-891562-46-0 OAI: oai:DiVA.org:kau-64786DiVA, id: diva2:1152872
Conference
Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 26 Feb-1 Mar, 2017
Projects
Hoppet till Tor (5065)Available from: 2017-10-26 Created: 2017-10-26 Last updated: 2018-10-11Bibliographically approved

Open Access in DiVA

fulltext(960 kB)17 downloads
File information
File name FULLTEXT01.pdfFile size 960 kBChecksum SHA-512
75bccc237cea9141f2b19f58c05427cfe9cab9ebe65caf7d453be49e47df3cc43a051a09112939d33f3892043749ebbe78acb5f94ccbb22f880c05a1890bb489
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Greschbach, BenjaminPulls, Tobias
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 17 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 57 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf