Uploaded byLoukikKhandare
83 views

De anonymization in tor

The document discusses de-anonymization of hidden services on the Tor network. Hidden services allow for anonymous hosting of websites on Tor. De-anonymization seeks to uncover the real IP addresses of hidden services that host illegal activities. The document outlines an active attack method to de-anonymize a hidden service in three phases. The attack injects malicious nodes as relays to eventually control an entry guard node and force the hidden service to select it. This allows the attacker to directly connect to the server and learn its IP address, completing the de-anonymization.

Embed presentation

De-Anonymization in Tor Network Presented by:- • A021-Naman Dalsania • A030-Jinesh Jain • A037-Loukik Khandare
Working of a Tor Network
Path choice in a Tor Network
Need for De-Anonymization in Tor Network • De-Anonymization in Tor Network is needed to track down the real IP addresses of the Hidden Services so , so that it can be taken down or the owner of that server could be punished for malicious crimes performed from that server. The need to de-anonymize these hidden services is because they serve as a route to perform malicious activities on the Tor Network like drug supply, child porn, weapon deals, etc.
What are Hidden Services? • Hidden services are the websites located inside the Tor Networks, which receive inbound connection only through Tor. • They provide server anonymity in addition to Tor-default client one. • They protect the location of the server hosting the service and provide encryption at every hop from a client to the hidden service.
Method of De-Anonymizing HS • Active Attack:- The adversary injects malicious nodes in the Tor network and eventually obtain the control of the HS entry guard with the possibility of disabling benign General idea: Since only entry nodes of the server knows its location (IP address) the attacker consists in trying several attempts of connections to the HS until this chooses an entry guard controlled by the attacker relays.
Attack Phases in Active Attack • Phase 1: The client continues to establish new connections with HS and recording every kind of cell in the central server.It repeats this loop until one of its entry point sees the following combination of cells.
Phase 2: • In this phase the attacker want to be sure its relay is chosen as HS entry guard. • When the client is about to establish the conversation with the server, it automatically sends a begin cell. • The RP without even decrypting, it modifies 1 bit of the cell so that the server will not understand its content. Note that it works because the integrity check is performed ONLY at HS. • The above triggers a destroy cell to be sent back to the client to tear down the complete circuit. • Every attacker’s relay is waiting for this cell and, if it arrives, reports it to the central server
Phase 2:
Phase 3 • The central server check the following o Both RP and entry node trigger a Destroy event oTimeliness of them is consistent: given Tb the timing of the begin cell and Te the timing of the destroy cell at RP and Td the timing of the destroy cell at entry point. If , Tb < Td < Te timing of event is consistent. • This implies the attacker controls an HS entry guard so… he is directly connected with the server and consequently it knows its location. • So the de-anonymization is successful.
Thank You.

More Related Content

PDF
Deanonymize Tor Hidden Services
byFabrizio Farinacci
 
PPTX
Onion routing and tor: Fundamentals and Anonymity
byanurag singh
 
PPTX
Working of TCP
bySandesh Bakadra
 
PPTX
Information and data security pseudorandom number generation and stream cipher
byMazin Alwaaly
 
PPT
T Tcp
byRam Dutt Shukla
 
PPSX
Adaptation of tcp window
bypriya Nithya
 
PDF
(130727) #fitalk anonymous network concepts and implementation
byINSIGHT FORENSIC
 
PPTX
Error control 20
byzulhelman hanafi
 
Deanonymize Tor Hidden Services
byFabrizio Farinacci
 
Onion routing and tor: Fundamentals and Anonymity
byanurag singh
 
Working of TCP
bySandesh Bakadra
 
Information and data security pseudorandom number generation and stream cipher
byMazin Alwaaly
 
T Tcp
byRam Dutt Shukla
 
Adaptation of tcp window
bypriya Nithya
 
(130727) #fitalk anonymous network concepts and implementation
byINSIGHT FORENSIC
 
Error control 20
byzulhelman hanafi
 

Similar to De anonymization in tor

PPTX
Anonymous traffic network
byApurv Singh Gautam
 
PPTX
TOR NETWORK
byRishikese MR
 
PDF
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
byShah Sheikh
 
PPT
Tor
byBharat Sabne
 
PDF
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
byPriyanka Aash
 
PPTX
Anonymizers
byGregory Hanis
 
PPTX
Tor Project and The Darknet
byAhmed Mater
 
PPTX
Tor network seminar by 13504
byPrashant Rana
 
ODP
The Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
bylokijaja
 
PDF
Anonymity in the web based on routing protocols
byBiagio Botticelli
 
PPT
Anon p2p slides
bychintaan
 
PDF
Anonymity in the Web based on Routing Protocols
byBiagio Botticelli
 
PDF
Anonymizing Networks
bypauldeng
 
PDF
FreeSpeak- Anonymous messaging over on-demand cloud services
byPablo Panero
 
Anonymous traffic network
byApurv Singh Gautam
 
TOR NETWORK
byRishikese MR
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
byShah Sheikh
 
Tor
byBharat Sabne
 
Defcon 22-adrian-crenshaw-dropping-docs-on-darknets-how-peop
byPriyanka Aash
 
Anonymizers
byGregory Hanis
 
Tor Project and The Darknet
byAhmed Mater
 
Tor network seminar by 13504
byPrashant Rana
 
The Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
bylokijaja
 
Anonymity in the web based on routing protocols
byBiagio Botticelli
 
Anon p2p slides
bychintaan
 
Anonymity in the Web based on Routing Protocols
byBiagio Botticelli
 
Anonymizing Networks
bypauldeng
 
FreeSpeak- Anonymous messaging over on-demand cloud services
byPablo Panero
 

Recently uploaded

PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PPTX
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PDF
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PPTX
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
PDF
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
PPTX
JAVA Programming Lecture 1 C 4 Yourself.pptx
byyvsbglfaeahuyldzhq
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
JAVA Programming Lecture 1 C 4 Yourself.pptx
byyvsbglfaeahuyldzhq
 

De anonymization in tor

  • 1.
    De-Anonymization in TorNetwork Presented by:- • A021-Naman Dalsania • A030-Jinesh Jain • A037-Loukik Khandare
  • 2.
    Working of aTor Network
  • 3.
    Path choice ina Tor Network
  • 4.
    Need for De-Anonymizationin Tor Network • De-Anonymization in Tor Network is needed to track down the real IP addresses of the Hidden Services so , so that it can be taken down or the owner of that server could be punished for malicious crimes performed from that server. The need to de-anonymize these hidden services is because they serve as a route to perform malicious activities on the Tor Network like drug supply, child porn, weapon deals, etc.
  • 5.
    What are HiddenServices? • Hidden services are the websites located inside the Tor Networks, which receive inbound connection only through Tor. • They provide server anonymity in addition to Tor-default client one. • They protect the location of the server hosting the service and provide encryption at every hop from a client to the hidden service.
  • 6.
    Method of De-AnonymizingHS • Active Attack:- The adversary injects malicious nodes in the Tor network and eventually obtain the control of the HS entry guard with the possibility of disabling benign General idea: Since only entry nodes of the server knows its location (IP address) the attacker consists in trying several attempts of connections to the HS until this chooses an entry guard controlled by the attacker relays.
  • 7.
    Attack Phases inActive Attack • Phase 1: The client continues to establish new connections with HS and recording every kind of cell in the central server.It repeats this loop until one of its entry point sees the following combination of cells.
  • 8.
    Phase 2: • Inthis phase the attacker want to be sure its relay is chosen as HS entry guard. • When the client is about to establish the conversation with the server, it automatically sends a begin cell. • The RP without even decrypting, it modifies 1 bit of the cell so that the server will not understand its content. Note that it works because the integrity check is performed ONLY at HS. • The above triggers a destroy cell to be sent back to the client to tear down the complete circuit. • Every attacker’s relay is waiting for this cell and, if it arrives, reports it to the central server
  • 9.
  • 10.
    Phase 3 • Thecentral server check the following o Both RP and entry node trigger a Destroy event oTimeliness of them is consistent: given Tb the timing of the begin cell and Te the timing of the destroy cell at RP and Td the timing of the destroy cell at entry point. If , Tb < Td < Te timing of event is consistent. • This implies the attacker controls an HS entry guard so… he is directly connected with the server and consequently it knows its location. • So the de-anonymization is successful.
  • 11.