This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
2009 13th International Conference on Computer Supported Cooperative Work in Design
A novel flow multiplication attack against Tor
Santiago, Chile
April 22-April 24
ISBN: 978-1-4244-3534-0
Xiaogang Wang, School of Computer Science and Engineering, Southeast University, Nanjing, China
Junzhou Luo, School of Computer Science and Engineering, Southeast University, Nanjing, China
Ming Yang, School of Computer Science and Engineering, Southeast University, Nanjing, China
Zhen Ling, School of Computer Science and Engineering, Southeast University, Nanjing, China
Tor has become one of the most popular overlay networks for anonymizing TCP traffic. A novel and effective flow multiplication attack against Tor is proposed in this paper, which exploits the fundamental vulnerability of anonymous web browsing by using a man-in-the-middle attack on client's HTTP flow. In the flow multiplication attack, whenever a malicious exit onion router detects a web request to a target server, it responds with a malicious page embedded with specified number of image tags, which will cause the browser to initiate deterministic number of web connections on the same circuit to fetch those images. The entry onion router on the circuit can then find such traffic pattern and the communication relationship between the client and the web server will be discovered. Even if all active content systems such as JavaScript in the browser are disabled, our attack can still compromise the anonymity of Tor while achieving invisibility by keeping client's communication running continuously. The experiment results on Tor validate the feasibility and effectiveness of our attack.
Citation:
Xiaogang Wang, Junzhou Luo, Ming Yang, Zhen Ling, "A novel flow multiplication attack against Tor," cscwd, pp.686-691, 2009 13th International Conference on Computer Supported Cooperative Work in Design, 2009
Usage of this product signifies your acceptance of the Terms of Use.