Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Spoiled Onions: Exposing Malicious Tor Exit Relays
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0003-2481-2997
FH Campus Wien, Austria.
SBA Research, Austria.
SBA Research, Austria.
Show others and affiliations
2014 (English)In: Privacy Enhancing Technologies, Springer, 2014, p. 304-331Conference paper, Published paper (Refereed)
Resource type
Text
Abstract [en]

Tor exit relays are operated by volunteers and together push more than 1 GiB/s of network traffic. By design, these volunteers are able to inspect and modify the anonymized network traffic. In this paper, we seek to expose such malicious exit relays and document their actions. First, we monitored the Tor network after developing two fast and modular exit relay scanners-one for credential sniffing and one for active MitM attacks. We implemented several scanning modules for detecting common attacks and used them to probe all exit relays over a period of several months. We discovered numerous malicious exit relays engaging in a multitude of different attacks. To reduce the attack surface users are exposed to, we patched Torbutton, an existing browser extension and part of the Tor Browser Bundle, to fetch and compare suspicious X. 509 certificates over independent Tor circuits. Our work makes it possible to continuously and systematically monitor Tor exit relays. We are able to detect and thwart many man-in-the-middle attacks, thereby making the network safer for its users. All our source code is available under a free license.

Place, publisher, year, edition, pages
Springer, 2014. p. 304-331
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 8555
Keywords [en]
Exit Node, Network Consensus, MitM Attack, Indian Node, Relay Operator
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-41578DOI: 10.1007/978-3-319-08506-7_16ISI: 000343887000016ISBN: 978-3-319-08506-7 (electronic)ISBN: 978-3-319-08505-0 (print)OAI: oai:DiVA.org:kau-41578DiVA, id: diva2:923084
Conference
PETS 2014 - The 14th International Privacy Enhancing Technologies Symposium, Jul 16-18, 2014, Amsterdam
Available from: 2016-04-25 Created: 2016-04-11 Last updated: 2020-07-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Winter, PhilippLindskog, Stefan

Search in DiVA

By author/editor
Winter, PhilippLindskog, Stefan
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 285 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf