Identifying and characterizing Sybils in the Tor network
2016 (English)In: Proceedings of the 25th USENIX Security Symposium, USENIX - The Advanced Computing Systems Association, 2016, 1169-1185 p.Conference paper (Refereed)
Being a volunteer-run, distributed anonymity network, Tor is vulnerable to Sybil attacks. Little is known about real-world Sybils in the Tor network, and we lack practical tools and methods to expose Sybil attacks. In this work, we develop sybilhunter, a system for detecting Sybil relays based on their appearance, such as configuration; and behavior, such as uptime sequences. We used sybilhunter’s diverse analysis techniques to analyze nine years of archived Tor network data, providing us with new insights into the operation of real-world attackers. Our findings include diverse Sybils, ranging from botnets, to academic research, and relays that hijacked Bitcoin transactions. Our work shows that existing Sybil defenses do not apply to Tor, it delivers insights into realworld attacks, and provides practical tools to uncover and characterize Sybils, making the network safer for its users.
Place, publisher, year, edition, pages
USENIX - The Advanced Computing Systems Association, 2016. 1169-1185 p.
tor, sybil attack, anonymity
Research subject Computer Science
IdentifiersURN: urn:nbn:se:kau:diva-43678ISBN: 978-1-931971-32- 4OAI: oai:DiVA.org:kau-43678DiVA: diva2:943421
25th USENIX Security Symposium, August 10–12, 2016, in Austin, Texas, USA