HSDirSniper: A New Attack Exploiting Vulnerabilities in Tor's Hidden Service Directories
Authors: 
Qingfeng Zhang, Zhiyang Teng, Xuebin Wang, Yue Gao, Qingyun Liu, Jinqiao ShiAuthors Info & Claims
Qingfeng Zhang, Zhiyang Teng, Xuebin Wang, Yue Gao, Qingyun Liu, Jinqiao ShiAuthors Info & ClaimsPages 1812 - 1823
Abstract
Tor hidden services (HSs) are used to provide anonymous services to users on the Internet without revealing the location of the servers. However, existing approaches have proven ineffective in mitigating the misuse of hidden services. Our investigation reveals that the latest iteration of Tor hidden services still exhibits vulnerabilities related to Hidden Service Directories (HSDirs). Building upon this identified weakness, we introduce the HSDirSniper attack, which leverages a substantial volume of descriptors to inundate the HSDir's descriptor cache. This results in the HSDir purging all stored descriptors, thereby blocking arbitrary hidden services. Notably, our attack represents the most practical means of blocking hidden services within the current high-adversarial context. The advantage of the HSDirSniper attack lies in its covert nature, as the targeted hidden service remains unaware of the attack. Additionally, the successful execution of this attack does not require the introduction of a colluding routing node within the Tor Network. We conducted comprehensive experiments in the real-world Tor Network, and the experimental results show that an attacker equipped with a certain quantity of hidden servers can render arbitrary hidden services inaccessible up to 90% of the time. To ascertain the potential scope of damage that the HSDirSniper attack can inflict upon hidden services, we provide a formal analytical framework for quantifying the cost of the HSDirSniper attack. Finally, we discuss the ethical concerns and countermeasures.
Supplemental Material
MP4 File
Supplemental video
- Download
- 30.65 MB
References
[1]
Marco Valerio Barbera, Vasileios P Kemerlis, Vasilis Pappas, and Angelos D Keromytis. 2013. CellFlood: Attacking Tor onion routers on the cheap. In Computer Security--ESORICS 2013: 18th European Symposium on Research in Computer Security, Egham, UK, September 9--13, 2013. Proceedings 18. Springer, 664--681.
[2]
Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. 2013. Trawling for tor hidden services: Detection, measurement, deanonymization. In 2013 IEEE Symposium on Security and Privacy. IEEE, 80--94.
[3]
Nikita Borisov, George Danezis, Prateek Mittal, and Parisa Tabriz. 2007. Denial of service or denial of security?. In Proceedings of the 14th ACM conference on Computer and communications security. 92--102.
[4]
Matteo Casenove and Armando Miraglia. 2014. Botnet over Tor: The illusion of hiding. In 2014 6th International Conference On Cyber Conflict (CyCon 2014). IEEE, 273--282.
[5]
Muqian Chen, Xuebin Wang, Tingwen Liu, Jinqiao Shi, Zelin Yin, and Binxing Fang. 2019. Signalcookie: Discovering guard relays of hidden services in parallel. In 2019 IEEE Symposium on Computers and Communications (ISCC). IEEE, 1--7.
[6]
Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. Technical Report. Naval Research Lab Washington DC.
[7]
Diana L Huete Trujillo and Antonio Ruiz-Mart'inez. 2021. Tor hidden services: A systematic literature review. Journal of Cybersecurity and Privacy, Vol. 1, 3 (2021), 496--518.
[8]
Rob Jansen, Matthew Traudt, and Nicholas Hopper. 2018. Privacy-preserving dynamic learning of tor network traffic. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1944--1961.
[9]
Rob Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann. 2014. The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. In NDSS. Citeseer.
[10]
Rob Jansen, Tavish Vaidya, and Micah Sherr. 2019. Point break: A study of bandwidth $$Denial-of-Service$$ attacks against tor. In 28th USENIX security symposium (USENIX Security 19). 1823--1840.
[11]
Jianjun Lin, Jianbo Gao, Zhenhao Wu, Chengxiang Si, and Bo Sun. 2019. Deanonymizing tor in a stealthy way. In 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC). IEEE, 1--8.
[12]
Xiance Meng and Mangui Liang. 2022. A Traffic Splitting Algorithm for Load Balancing in Tor. Entropy, Vol. 24, 6 (2022), 807.
[13]
Florentin Rochet and Olivier Pereira. 2018. Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing Protocols. Proceedings on Privacy Enhancing Technology, Vol. 2018, 2 (2018), 27--46.
[14]
Qingfeng Tan, Yue Gao, Jinqiao Shi, Xuebin Wang, Binxing Fang, and Zhihong Tian. 2018. Toward a comprehensive insight into the eclipse attacks of tor hidden services. IEEE Internet of Things Journal, Vol. 6, 2 (2018), 1584--1593.
[15]
The Tor Project. [n.,d.] a. Announcing the Vanguards Add-On for Onion Services. https://blog.torproject.org/announcing-vanguards-add-onion-services.
[16]
The Tor Project. [n.,d.] b. Metrics. https://metrics.torproject.org/networksize.html.
[17]
The Tor Project. [n.,d.] c. Onionbalance v3. https://onionbalance.readthedocs.io/en/latest/v3/tutorial-v3.html.
[18]
The Tor Project. [n.,d.] d. Stem. https://stem.torproject.org/.
[19]
The Tor Project. [n.,d.] e. Tor Rendezvous Specification - Version 3. https://torproject.gitlab.io/torspec/rend-spec-v3.html.
[20]
Rolf Van Wegberg, Samaneh Tajalizadehkhoob, Kyle Soska, Ugur Akyazi, Carlos Hernandez Ganan, Bram Klievink, Nicolas Christin, and Michel Van Eeten. 2018. Plug and prey? measuring the commoditization of cybercrime via online anonymous markets. In 27th USENIX security symposium (USENIX security 18). 1009--1026.
[21]
Chunmian Wang, Junzhou Luo, Zhen Ling, Lan Luo, and Xinwen Fu. 2023. A comprehensive and long-term evaluation of tor v3 onion services. In Proceedings of the 42nd IEEE International Conference on Computer Communications (INFOCOM). IEEE.
[22]
Changhoon Yoon, Kwanwoo Kim, Yongdae Kim, Seungwon Shin, and Sooel Son. 2019. Doppelg"angers on the dark web: A large-scale assessment on phishing hidden web services. In The World Wide Web Conference. 2225--2235.
Index Terms
- HSDirSniper: A New Attack Exploiting Vulnerabilities in Tor's Hidden Service Directories
Recommendations
Analysis of Fingerprinting Techniques for Tor Hidden Services
WPES '17: Proceedings of the 2017 on Workshop on Privacy in the Electronic SocietyThe website fingerprinting attack aims to infer the content of encrypted and anonymized connections by analyzing traffic patterns such as packet sizes, their order, and direction. Although it has been shown that no existing fingerprinting method scales ...
Empirical analysis of Tor Hidden Services
Tor hidden services allow someone to host a website or other transmission control protocol (TCP) service whilst remaining anonymous to visitors. The collection of all Tor hidden services is often referred to as the ‘darknet’. In this study, the authors ...
Attack gives me power: DoS-defending constant-time privacy-preserving authentication of low-cost devices such as backscattering RFID tags
MSCC '16: Proceedings of the 3rd ACM Workshop on Mobile Sensing, Computing and CommunicationDenial of service (DoS) attack is a great threaten to privacy-preserving authentication protocols for low-cost devices such as RFID. During such attack, the legal internal states can be consumed by the DoS attack. Then the attacker can observe the ...
Comments
Information & Contributors
Information
Published In
May 2024
4826 pages
ISBN:9798400701719
DOI:10.1145/3589334
- General Chairs:
- Tat-Seng Chua,
- Chong-Wah Ngo,
- Proceedings Chair:
- Roy Ka-Wei Lee,
- Program Chairs:
- Ravi Kumar,
- Hady W. Lauw
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 May 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- The National Key Research and Development Program of China
- The National Natural Science Foundation of China
- The State Key Program of National Natural Science Foundation of China
Conference
WWW '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,899 of 8,196 submissions, 23%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 204Total Downloads
- Downloads (Last 12 months)204
- Downloads (Last 6 weeks)80
Reflects downloads up to 04 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in