Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services Albert Kwon†, Mashael AlSabah‡§†∗, David Lazar†, Marc Dacier‡, and Srinivas Devadas† †Massachusetts Institute of Technology, fkwonal,lazard,[email protected] ‡Qatar Computing Research Institute, [email protected] §Qatar University, [email protected] This paper sheds light on crucial weaknesses in the As a result, many sensitive services are only accessi- design of hidden services that allow us to break the ble through Tor. Prominent examples include human anonymity of hidden service clients and operators pas- rights and whistleblowing organizations such as Wik- sively. In particular, we show that the circuits, paths ileaks and Globalleaks, tools for anonymous messag- established through the Tor network, used to commu- ing such as TorChat and Bitmessage, and black markets nicate with hidden services exhibit a very different be- like Silkroad and Black Market Reloaded. Even many havior compared to a general circuit. We propose two non-hidden services, like Facebook and DuckDuckGo, attacks, under two slightly different threat models, that recently have started providing hidden versions of their could identify a hidden service client or operator using websites to provide stronger anonymity guarantees. these weaknesses. We found that we can identify the users’ involvement with hidden services with more than That said, over the past few years, hidden services 98% true positive rate and less than 0.1% false positive have witnessed various active attacks in the wild [12, 28], rate with the first attack, and 99% true positive rate and resulting in several takedowns [28]. To examine the se- 0.07% false positive rate with the second. We then re- curity of the design of hidden services, a handful of at- visit the threat model of previous website fingerprinting tacks have been proposed against them. While they have attacks, and show that previous results are directly ap- shown their effectiveness, they all assume an active at- plicable, with greater efficiency, in the realm of hidden tacker model. The attacker sends crafted signals [6] to services. Indeed, we show that we can correctly deter- speed up discovery of entry guards, which are first-hop mine which of the 50 monitored pages the client is visit- routers on circuits, or use congestion attacks to bias entry ing with 88% true positive rate and false positive rate as guard selection towards colluding entry guards [22]. Fur- low as 2.9%, and correctly deanonymize 50 monitored thermore, all previous attacks require a malicious client hidden service servers with true positive rate of 88% and to continuously attempt to connect to the hidden service. false positive rate of 7.8% in an open world setting. In this paper, we present the first practical passive attack against hidden services and their users called 1 Introduction circuit fingerprinting attack. Using our attack, an at- In today’s online world where gathering users’ per- tacker can identify the presence of (client or server) hid- sonal data has become a business trend, Tor [14] has den service activity in the network with high accuracy. emerged as an important privacy-enhancing technology This detection reduces the anonymity set of a user from allowing Internet users to maintain their anonymity on- millions of Tor users to just the users of hidden ser- line. Today, Tor is considered to be the most popular vices. Once the activity is detected, we show that the anonymous communication network, serving millions of attacker can perform website fingerprinting (WF) attacks clients using approximately 6000 volunteer-operated re- to deanonymize the hidden service clients and servers. lays, which are run from all around the world [3]. While the threat of WF attacks has been recently criti- In addition to sender anonymity, Tor’s hidden services cized by Juarez et al. [24], we revisit their findings and allow for receiver anonymity. This provides people with demonstrate that the world of hidden services is the ideal a free haven to host and serve content without the fear setting to wage WF attacks. Finally, since the attack of being targeted, arrested or forced to shut down [11]. is passive, it is undetectable until the nodes have been deanonymized, and can target thousands of hosts retroac- ∗Joint first author. tively just by having access to clients’ old network traffic. Approach. We start by studying the behavior of Tor cir- cuits on the live Tor network (for our own Tor clients and OP G1 hidden services) when a client connects to a Tor hidden extend service. Our key insight is that during the circuit con- extended struction and communication phase between a client and extend a hidden service, Tor exhibits fingerprintable traffic pat- extended begin terns that allow an adversary to efficiently and accurately Legend: identify, and correlate circuits involved in the communi- connected Received by G1 cation with hidden services. Therefore, instead of mon- data Relayed by G1 itoring every circuit, which may be costly, the first step in the attacker’s strategy is to identify suspicious circuits with high confidence to reduce the problem space to just hidden services. Next, the attacker applies the WF at- Figure 1: Cells exchanged between the client and the entry guard to build a general circuit for non-hidden streams after the tack [10, 36, 35] to identify the clients’ hidden service circuit to G1 has been created. activity or deanonymize the hidden service server. Contributions. This paper offers the following contri- butions: evaluation. In Section 7, we demonstrate the effective- ness of WF attacks on hidden services. We then discuss 1. We present key observations regarding the commu- possible future countermeasures in Section 8. Finally, nication and interaction pattern in the hidden ser- we overview related works in Section 9, and conclude in vices design in Tor. Section 10. 2. We identify distinguishing features that allow a pas- sive adversary to easily detect the presence of hid- 2 Background den service clients or servers in the local network. We evaluate our detection approach and show that We will now provide the necessary background on Tor we can classify hidden service circuits (from the and its hidden services. Next, we provide an overview of client- and the hidden service-side) with more than WF attacks. 98% accuracy. 3. For a stronger attacker who sees a majority of the 2.1 Tor and Hidden Services clients’ Tor circuits, we propose a novel circuit cor- relation attack that is able to quickly and efficiently Alice uses the Tor network simply by installing the detect the presence of hidden service activity using Tor browser bundle, which includes a modified Firefox a sequence of only the first 20 cells with accuracy browser and the Onion Proxy (OP). The OP acts as an of 99%. interface between Alice’s applications and the Tor net- work. The OP learns about Tor’s relays, Onion Routers 4. Based on our observations and results, we argue that (ORs), by downloading the network consensus document the WF attacker model is significantly more realis- from directory servers. Before Alice can send her traffic tic and less costly in the domain of hidden services through the network, the OP builds circuits interactively as opposed to the general web. We evaluate WF at- and incrementally using 3 ORs: an entry guard, middle, tacks on the identified circuits (from client and hid- and exit node. Tor uses 512-byte fixed-sized cells as its den service side), and we are able to classify hidden communication data unit for exchanging control infor- services in both open and closed world settings. mation between ORs and for relaying users’ data. The details of the circuit construction process in Tor 5. We propose defenses that aim to reduce the detec- proceeds as follows. The OP sends a create fast cell tion rate of the presence of hidden service commu- to establish the circuit with the entry guard, which re- nication in the network. sponds with a created fast. Next, the OP sends an extend command cell to the entry guard, which causes Roadmap. We first provide the reader with a back- it to send a create cell to the middle OR to establish ground on Tor, its hidden service design, and WF attacks the circuit on behalf of the user. Finally, the OP sends in Section 2. We next present, in Section 3, our obser- another extend to the middle OR to cause it to cre- vations regarding different characteristics of hidden ser- ate the circuit at exit. Once done, the OP will receive vices. In Section 4, we discuss our model and assump- an extended message from the middle OR, relayed by tions, and in Sections 5 and 6, we present our attacks and the entry guard. By the end of this operation, the OP 2 will have shared keys used for layered encryption, with every hop on the circuit.1 The exit node peels the last Hidden Service layer of the encryption and establishes the TCP connec- Client tion to Alice’s destination. Figure 1 shows the cells ex- changed between OP and the entry guard for regular Tor 4 3 5 connections, after the exchange of the create fast and created fast messages. IP Tor uses TCP secured with TLS to maintain the OP- RP HSDir to-OR and the OR-to-OR connections, and multiplexes circuits within a single TCP connection. An OR-to- 2 1 OR connection multiplexes circuits from various users, 6 whereas an OP-to-OR connection multiplexes circuits from the same user. An observer watching the OP-to-OR Hidden TCP connection should not be able to tell apart which Service TCP segment belongs to which circuit (unless only one circuit is active).