Attacks on Onion Discovery and Remedies via Self-Authenticating Traditional Addresses

by   Paul Syverson, et al.
University of North Carolina at Chapel Hill
U.S. Navy
Stanford University
The Tor Project, Inc.

Onion addresses encode their own public key. They are thus self-authenticating, one of the security and privacy advantages of onion services, which are typically accessed via Tor Browser. Because of the mostly random-looking appearance of onion addresses, a number of onion discovery mechanisms have been created to permit routing to an onion address associated with a more meaningful URL, such as a registered domain name. We describe novel vulnerabilities engendered by onion discovery mechanisms recently introduced by Tor Browser that facilitate hijack and tracking of user connections. We also recall previously known hijack and tracking vulnerabilities engendered by use of alternative services that are facilitated and rendered harder to detect if the alternative service is at an onion address. Self-authenticating traditional addresses (SATAs) are valid DNS addresses or URLs that also contain a commitment to an onion public key. We describe how the use of SATAs in onion discovery counters these vulnerabilities. SATAs also expand the value of onion discovery by facilitating self-authenticated access from browsers that do not connect to services via the Tor network.


page 1

page 2

page 3

page 4


OAuthGuard: Protecting User Security and Privacy with OAuth 2.0 and OpenID Connect

Millions of users routinely use Google to log in to websites supporting ...

What's in Your Wallet? Privacy and Security Issues in Web 3.0

Much of the recent excitement around decentralized finance (DeFi) comes ...

Holes in the Geofence: Privacy Vulnerabilities in "Smart" DNS Services

Smart DNS (SDNS) services advertise access to "geofenced" content (typic...

Follow the Scent: Defeating IPv6 Prefix Rotation Privacy

IPv6's large address space provides ample freedom for assigning addresse...

SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention Network

Unlike IPv4 addresses, which are typically masked by a NAT, IPv6 address...

Clueless: A Tool Characterising Values Leaking as Addresses

Clueless is a binary instrumentation tool that characterises explicit ca...

Bl0ck: Paralyzing 802.11 connections through Block Ack frames

Despite Wi-Fi is at the eve of its seventh generation, security concerns...

Please sign up or login with your details

Forgot password? Click here to reset