Tor offers a censorship-resistant and distributed platform that can provide easy-to-implement anonymity to web users, websites, and other web services. Tor enables web servers to hide their location, and Tor users can connect to these authenticated hidden services while the server and the user both stay anonymous. However, throughout the years of Tor’s existence, some users have lost their anonymity. This paper discusses the technical limitations of anonymity and the operational security challenges that Tor users will encounter. We present a hands-on demonstration of anonymity exposures that leverage traffic correlation attacks, electronic fingerprinting, operational security failures, and remote code execution. Based on published research and our experience with these methods, we will discuss what they are and how some of them can be exploited. Also, open problems, solutions, and future plans are discussed.
Juha Nurmi, Mikko S. Niemelä (Kinkayo-Silverskin): Tor De-anonymisation Techniques
Presented at NSS 2017, Helsinki. Lecture Notes in Computer Science, volume 10394