Researchers devise passive attacks for identifying Tor hidden services

A group of MIT researchers have devised two attacks that could identify, with a high degree of certainty (88%), an anonymous hidden service or client.

Hidden services are servers configured to receive inbound connections only through Tor, and can be accessed via their .onion address. In theory, it should be impossible to discover their true location, but in practice, there are attacks, such as this latest one, that could “uncloak” them.

“Over the past few years, hidden services have witnessed various active attacks in the wild, resulting in several takedowns,” the researchers noted. “To examine the security of the design of hidden services, a handful of attacks have been proposed against them. While they have shown their effectiveness, they all assume an active at- tacker model. The attacker sends crafted signals to speed up discovery of entry guards, which are first-hop routers on circuits, or use congestion attacks to bias entry guard selection towards colluding entry guards. Furthermore, all previous attacks require a malicious client to continuously attempt to connect to the hidden service.”

Dubbed “circuit fingerprinting”, these latest attacks rely on the special properties of the circuits used for hidden service activities, and allow the attacker to identify the presence of (client or server) hidden service activity in the network with high accuracy, then deanonymize the hidden service clients and servers.

“Since the attack is passive, it is undetectable until the nodes have been deanonymized, and can target thousands of hosts retroactively just by having access to clients’ old network traffic,” the researchers also pointed out.

There are ways of protecting Tor users and hidden service operators from these attacks. The researchers noted several changes that Tor developers would have to implement in order to defend users.

“It’s is a known issue that hidden service circuits are noticeable in certain situations, but this attack is very difficult to execute. The countermeasures described in the paper are interesting since the authors claim that deploying some of them would neutralize their attack and better defend against hidden service circuit fingerprinting attacks in general,” a Tor Project spokesperson told Jordan Pearson.

“This has yet to be proven. We are interested to see this article get officially published at Usenix Security where some Tor developers and privacy researchers will be attending. We need more concrete proof that these measures actually fix the issue,” the spokesperson noted, and added that the Project encourages peer-reviewed research into both attacks against and defenses of the Tor network.