An Extended View on Measuring Tor AS-level Adversaries

Gabriel Karl Gegenhuber (Corresponding author), Markus Maier, Florian Holzbauer, Wilfried Mayer, Georg Merzdovnik, Edgar Weippl, Johanna Ullrich

Publications: Contribution to journalArticlePeer Reviewed

Abstract

Tor provides anonymity to millions of users around the globe which has made it a valuable target for malicious actors. As a low-latency anonymity system, it is vulnerable to traffic correlation attacks from strong passive adversaries such as large autonomous systems (ASes). In preliminary work Mayer et al.(2020), we have developed a measurement approach utilizing the RIPE Atlas framework – a network of more than 11,000 probes worldwide – to infer the risk of deanonymization for IPv4 clients in Germany and the US.

In this paper, we apply our methodology to additional scenarios providing a broader picture of the potential for deanonymization in the Tor network. In particular, we (a) repeat our earlier (2020) measurements in 2022 to observe changes over time, (b) adopt our approach for IPv6 to analyze the risk of deanonymization when using this next-generation Internet protocol, and (c) investigate the current situation in Russia, where censorship has been intensified after the beginning of Russia’s full-scale invasion of Ukraine. According to our results, Tor provides user anonymity at consistent quality: While individual numbers vary in dependence of client and destination, we were able to identify ASes with the potential to conduct deanonymization attacks. For clients in Germany and the US, the overall picture, however, has not changed since 2020. In addition, the protocols (IPv4 vs. IPv6) do not significantly impact the risk of deanonymization. Russian users are able to securely evade censorship using Tor. Their general risk of deanonymization is, in fact, lower than in the other investigated countries. Beyond, the few ASes with the potential to successfully perform deanonymization are operated by Western companies, further reducing the risk for Russian users.
Original languageEnglish
Article number103302
Number of pages14
JournalComputers & Security
Volume132
DOIs
Publication statusPublished - 1 Sep 2023

Austrian Fields of Science 2012

  • 102015 Information systems
  • 102016 IT security

Keywords

  • Anonymity
  • Censorship
  • Privacy
  • RIPE atlas
  • Routing
  • Tor
  • Traceroute measurements

Fingerprint

Dive into the research topics of 'An Extended View on Measuring Tor AS-level Adversaries'. Together they form a unique fingerprint.

Cite this