Change search
ReferencesLink to record
Permanent link

Direct link
Spoiled Onions: Exposing Malicious Tor Exit Relays
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. (PriSec)
Show others and affiliations
2014 (English)In: Privacy Enhancing Technologies, Springer, 2014, 304-331 p.Conference paper (Refereed)Text
Abstract [en]

Tor exit relays are operated by volunteers and together push more than 1 GiB/s of network traffic. By design, these volunteers are able to inspect and modify the anonymized network traffic. In this paper, we seek to expose such malicious exit relays and document their actions. First, we monitored the Tor network after developing two fast and modular exit relay scanners-one for credential sniffing and one for active MitM attacks. We implemented several scanning modules for detecting common attacks and used them to probe all exit relays over a period of several months. We discovered numerous malicious exit relays engaging in a multitude of different attacks. To reduce the attack surface users are exposed to, we patched Torbutton, an existing browser extension and part of the Tor Browser Bundle, to fetch and compare suspicious X. 509 certificates over independent Tor circuits. Our work makes it possible to continuously and systematically monitor Tor exit relays. We are able to detect and thwart many man-in-the-middle attacks, thereby making the network safer for its users. All our source code is available under a free license.

Place, publisher, year, edition, pages
Springer, 2014. 304-331 p.
Lecture Notes in Computer Science, ISSN 0302-9743 ; 8555
National Category
Computer and Information Science
URN: urn:nbn:se:kau:diva-41578DOI: 10.1007/978-3-319-08506-7_16ISI: 000343887000016ISBN: 978-3-319-08506-7; 978-3-319-08505-0 OAI: diva2:923084
PETS 2014 - The 14th International Privacy Enhancing Technologies Symposium, Jul 16-18, 2014, Amsterdam
Available from: 2016-04-25 Created: 2016-04-11 Last updated: 2016-06-02Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Winter, PhilippLindskog, Stefan
By organisation
Department of Mathematics and Computer ScienceDepartment of Computer ScienceFaculty of Health, Science and Technology (starting 2013)
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 8 hits
ReferencesLink to record
Permanent link

Direct link