Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Spoiled Onions: Exposing Malicious Tor Exit Relays
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. (PriSec)
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. (PriSec)ORCID iD: 0000-0003-0778-4736
2014 (English)Report (Other academic)
Abstract [en]

Several hundred Tor exit relays together push more than 1 GiB/s of network traffic. However, it iseasy for exit relays to snoop and tamper with anonymised network traffic and as all relays are runby independent volunteers, not all of them are innocuous.

In this paper, we seek to expose malicious exit relays and document their actions. First, wemonitored the Tor network after developing a fast and modular exit relay scanner. We implementedseveral scanning modules for detecting common attacks and used them to probe all exit relays over aperiod of four months. We discovered numerous malicious exit relays engaging in different attacks.To reduce the attack surface users are exposed to, we further discuss the design and implementationof a browser extension patch which fetches and compares suspicious X.509 certificates overindependent Tor circuits.

Our work makes it possible to continuously monitor Tor exit relays. We are able to detect andthwart many man-in-the-middle attacks which makes the network safer for its users. All our code isavailable under a free license.

Place, publisher, year, edition, pages
2014.
Keyword [en]
tor, mitm, analysis, measurement
National Category
Computer Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-31033OAI: oai:DiVA.org:kau-31033DiVA: diva2:691638
Available from: 2014-01-28 Created: 2014-01-28 Last updated: 2017-12-06

Open Access in DiVA