Adversaries monitoring Tor traffic crossing their jurisdictional border and reconstructing Tor circuits

08/28/2018
by   Herman Galteland, et al.
0

We model and analyze passive adversaries that monitors Tor traffic crossing the border of a jurisdiction an adversary is controlling. We show that a single adversary is able to connect incoming and outgoing traffic of their border, tracking the traffic, and cooperating adversaries are able to reconstruct parts of the Tor network, revealing user-server relationships. In our analysis we created two algorithms to estimate the capabilities of the adversaries. The first generates Tor-like traffic and the second analyzes and reconstructs the simulated data.

READ FULL TEXT

Authors

page 1

page 2

page 3

page 4

02/21/2020

Optimizing Vulnerability-Driven Honey Traffic Using Game Theory

Enterprises are increasingly concerned about adversaries that slowly and...
04/23/2021

Predicting Adversary Lateral Movement Patterns with Deep Learning

This paper develops a predictive model for which host, in an enterprise ...
05/17/2022

Can You Still See Me?: Reconstructing Robot Operations Over End-to-End Encrypted Channels

Connected robots play a key role in Industry 4.0, providing automation a...
04/21/2021

Towards Causal Models for Adversary Distractions

Automated adversary emulation is becoming an indispensable tool of netwo...
12/20/2017

Tracking Cyber Adversaries with Adaptive Indicators of Compromise

A forensics investigation after a breach often uncovers network and host...
10/19/2020

Adaptive Traffic Fingerprinting: Large-scale Inference under Realistic Assumptions

The widespread adoption of encrypted communications (e.g., the TLS proto...
05/26/2020

A Taxonomy for Dynamic Honeypot Measures of Effectiveness

Honeypots are computing systems used to capture unauthorized, often mali...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.