Spoiled Onions: Exposing Malicious Tor Exit Relays
2014 (English)Report (Other academic)
Several hundred Tor exit relays together push more than 1 GiB/s of network traffic. However, it iseasy for exit relays to snoop and tamper with anonymised network traffic and as all relays are runby independent volunteers, not all of them are innocuous.
In this paper, we seek to expose malicious exit relays and document their actions. First, wemonitored the Tor network after developing a fast and modular exit relay scanner. We implementedseveral scanning modules for detecting common attacks and used them to probe all exit relays over aperiod of four months. We discovered numerous malicious exit relays engaging in different attacks.To reduce the attack surface users are exposed to, we further discuss the design and implementationof a browser extension patch which fetches and compares suspicious X.509 certificates overindependent Tor circuits.
Our work makes it possible to continuously monitor Tor exit relays. We are able to detect andthwart many man-in-the-middle attacks which makes the network safer for its users. All our code isavailable under a free license.
Place, publisher, year, edition, pages
tor, mitm, analysis, measurement
Research subject Computer Science
IdentifiersURN: urn:nbn:se:kau:diva-31033OAI: oai:DiVA.org:kau-31033DiVA: diva2:691638