Spoiled Onions: Exposing Malicious Tor Exit Relays
2014 (English)In: Privacy Enhancing Technologies, Springer, 2014, 304-331 p.Conference paper (Refereed)Text
Tor exit relays are operated by volunteers and together push more than 1 GiB/s of network traffic. By design, these volunteers are able to inspect and modify the anonymized network traffic. In this paper, we seek to expose such malicious exit relays and document their actions. First, we monitored the Tor network after developing two fast and modular exit relay scanners-one for credential sniffing and one for active MitM attacks. We implemented several scanning modules for detecting common attacks and used them to probe all exit relays over a period of several months. We discovered numerous malicious exit relays engaging in a multitude of different attacks. To reduce the attack surface users are exposed to, we patched Torbutton, an existing browser extension and part of the Tor Browser Bundle, to fetch and compare suspicious X. 509 certificates over independent Tor circuits. Our work makes it possible to continuously and systematically monitor Tor exit relays. We are able to detect and thwart many man-in-the-middle attacks, thereby making the network safer for its users. All our source code is available under a free license.
Place, publisher, year, edition, pages
Springer, 2014. 304-331 p.
Lecture Notes in Computer Science, ISSN 0302-9743 ; 8555
Computer and Information Science
IdentifiersURN: urn:nbn:se:kau:diva-41578DOI: 10.1007/978-3-319-08506-7_16ISI: 000343887000016ISBN: 978-3-319-08506-7; 978-3-319-08505-0 OAI: oai:DiVA.org:kau-41578DiVA: diva2:923084
PETS 2014 - The 14th International Privacy Enhancing Technologies Symposium, Jul 16-18, 2014, Amsterdam