On the risks of serving whenever you surf: Vulnerabilities in Tor's blocking resistance design

Jon McLachlan, Nicholas Hopper

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Scopus citations

Abstract

In Tor, a bridge is a client node that volunteers to help censored users access Tor by serving as an unlisted, first-hop relay. Since bridging is voluntary, the success of this circumvention mechanism depends critically on the willingness of clients to act as bridges. We identify three key architectural shortcomings of the bridge design: (1) bridges are easy to find; (2) a bridge always accepts connections when its operator is using Tor; and (3) traffic to and from clients connected to a bridge interferes with traffic to and from the bridge operator. These shortcomings lead to an attack that can expose the IP address of bridge operators visiting certain web sites over Tor. We also discuss mitigation mechanisms.

Original languageEnglish (US)
Title of host publicationProceedings of the 8th ACM Workshop on Privacy in the Electronic Society, WPES '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Pages31-40
Number of pages10
DOIs
StatePublished - Dec 1 2009
Event8th ACM Workshop on Privacy in the Electronic Society, WPES '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 - Chicago, IL, United States
Duration: Nov 9 2009Nov 13 2009

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other8th ACM Workshop on Privacy in the Electronic Society, WPES '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
CountryUnited States
CityChicago, IL
Period11/9/0911/13/09

Keywords

  • Anonymous communication
  • Blocking resistance

Fingerprint Dive into the research topics of 'On the risks of serving whenever you surf: Vulnerabilities in Tor's blocking resistance design'. Together they form a unique fingerprint.

Cite this