Adversaries monitoring Tor traffic crossing their jurisdictional border and reconstructing Tor circuits

by   Herman Galteland, et al.

We model and analyze passive adversaries that monitors Tor traffic crossing the border of a jurisdiction an adversary is controlling. We show that a single adversary is able to connect incoming and outgoing traffic of their border, tracking the traffic, and cooperating adversaries are able to reconstruct parts of the Tor network, revealing user-server relationships. In our analysis we created two algorithms to estimate the capabilities of the adversaries. The first generates Tor-like traffic and the second analyzes and reconstructs the simulated data.



page 1

page 2

page 3

page 4


Optimizing Vulnerability-Driven Honey Traffic Using Game Theory

Enterprises are increasingly concerned about adversaries that slowly and...

Predicting Adversary Lateral Movement Patterns with Deep Learning

This paper develops a predictive model for which host, in an enterprise ...

Can You Still See Me?: Reconstructing Robot Operations Over End-to-End Encrypted Channels

Connected robots play a key role in Industry 4.0, providing automation a...

Towards Causal Models for Adversary Distractions

Automated adversary emulation is becoming an indispensable tool of netwo...

Tracking Cyber Adversaries with Adaptive Indicators of Compromise

A forensics investigation after a breach often uncovers network and host...

Adaptive Traffic Fingerprinting: Large-scale Inference under Realistic Assumptions

The widespread adoption of encrypted communications (e.g., the TLS proto...

A Taxonomy for Dynamic Honeypot Measures of Effectiveness

Honeypots are computing systems used to capture unauthorized, often mali...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.