Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
An attacker can determine the site visited by a user if he is interested in a specific selection of sites.
Cybersecurity researchers talked about a new fingerprint attack on encrypted Tor web browser traffic. An attacker can determine the site visited by a user, but only if the attacker is interested in a specific selection of sites.
"While the accuracy of an attack monitoring a small group of five popular websites can exceed 95%, the accuracy of indiscriminate (non-targeted) attacks on groups of 25 and 100 websites does not reach 80% and 60%, respectively," the experts explained.
The Tor browser offers its users the ability to route Internet traffic through an overlay network of more than 6,000 relays in order to anonymize the original location. It does this by creating a chain that runs through the ingress, middle, and egress nodes before forwarding requests to destination IP addresses. In addition, requests are encrypted once for each node, further complicating analysis and avoiding information leakage. While Tor clients themselves are not anonymous with respect to their entry nodes, since traffic is encrypted and requests go through multiple hops, entry nodes cannot identify the clients' destination, just as exit nodes cannot distinguish between clients.
The method proposed by the researchers is aimed at violating this anonymity protection and allows an attacker to observe patterns of encrypted traffic between the user and the Tor network in order to predict the visited site. During the attack, the attacker launches an exit node to determine the variety of traffic generated by real users, which is then used as a source to collect traces of Tor traffic and develop a machine learning-based classification model on top of the collected information, allowing inference about user visits.
As part of the study, specialists launched entry and exit nodes for a week in July 2020 using a custom version of Tor v0.4.3.5 to retrieve relevant information from the exit node.
"The research has shown that browser fingerprint attacks can only be successful if the attacker seeks to identify websites in a small group," the experts noted.
Cybersecurity researchers talked about a new fingerprint attack on encrypted Tor web browser traffic. An attacker can determine the site visited by a user, but only if the attacker is interested in a specific selection of sites.
"While the accuracy of an attack monitoring a small group of five popular websites can exceed 95%, the accuracy of indiscriminate (non-targeted) attacks on groups of 25 and 100 websites does not reach 80% and 60%, respectively," the experts explained.
The Tor browser offers its users the ability to route Internet traffic through an overlay network of more than 6,000 relays in order to anonymize the original location. It does this by creating a chain that runs through the ingress, middle, and egress nodes before forwarding requests to destination IP addresses. In addition, requests are encrypted once for each node, further complicating analysis and avoiding information leakage. While Tor clients themselves are not anonymous with respect to their entry nodes, since traffic is encrypted and requests go through multiple hops, entry nodes cannot identify the clients' destination, just as exit nodes cannot distinguish between clients.
The method proposed by the researchers is aimed at violating this anonymity protection and allows an attacker to observe patterns of encrypted traffic between the user and the Tor network in order to predict the visited site. During the attack, the attacker launches an exit node to determine the variety of traffic generated by real users, which is then used as a source to collect traces of Tor traffic and develop a machine learning-based classification model on top of the collected information, allowing inference about user visits.
As part of the study, specialists launched entry and exit nodes for a week in July 2020 using a custom version of Tor v0.4.3.5 to retrieve relevant information from the exit node.
"The research has shown that browser fingerprint attacks can only be successful if the attacker seeks to identify websites in a small group," the experts noted.
