We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor

Theodor Schnitzler, Christina Pöpper, Markus Dürmuth, Katharina Kohls

IEEE European Symposium on Security and Privacy (EuroS&P '21). Virtual Conference, September 6-10, 2021


Traffic analysis attacks against the Tor network are a persisting threat to the anonymity of its users. The technical capabilities of attacks against encrypted Internet traffic have come a long way. Although the current state-of-the-art predicts high precision and accuracy for website fingerprinting and end-to-end confirmation, the concepts of these attacks often solely focus on their technical capabilities and ignore the operational requirements that are mandatory to get access to transmissions. In this work, we introduce three novel stepping-stone attacks that enable an adversary to (i) gain additional information about monitored connections, (ii) manipulate the Tor connection build-up, and (iii) conduct a targeted Denial-of-Service attack within the Tor infrastructure. All attacks exploit core defensive features of Tor and, consequently, are hard to patch. At the same time, our attacks are in line with standard attacker models for traffic analysis attacks. We demonstrate the feasibility of all three attacks in simulations and empirical case studies and emphasize their pivotal role in preparing a realistic setting for end-to-end confirmation attacks.


tags: anonymity, privacy, Tor, traffic analysis