Ensuring anonymity online, is a very important goal to safeguard the security of all users in general and persecuted politicians and whistleblowers in particular, to do this one of the most adopted tools is Tor (The Onion Router) which with its network allows anonymous browsing to millions of users every day, but as the adoption of the Tor network by users has advanced, attacks by nations with the purpose of deanonymizing users have also increased. In this thesis, we are going to discuss the effectiveness of the Session Correlation attack in the Tor network, which aims to deanonymize a user by taking possession of entry guard and exit nodes or by cooperating with ISPs of various nations. To do so, we analysed scenarios by verifying their possible implementations in the network and validated one of the state-of-the-art projects that addresses the Session Correlation attack through sliding subset sum, SUMo. From the results obtained, it can be concluded that the attack is very difficult to be performed, in the scenario where the attacker owns the entry and exit nodes, technologies such as Vanguard and Conflux make the user very secure in his browsing. On the other hand, in the scenario of inter-nation collaborations, the large number of affiliate and not to nations entities, combined with the amount of connections an ISP can receive and the possibility of using VPNs and Bridges, configure the attack as highly disadvantageous for the attacker who could achieve the same results through other attacks. In the end, we analysed SUMo with different settings and managed to correlate with an accuracy of 6%, peaking, with the best setting of 24%, it showed, in addition, failure to handle errors and uncorrelated sessions. The tests were also carried out with sessions made with active user protections such as Bridge, VPN and a script we developed, in addition to the normal session that is possible to make with the Tor browser, in these cases the situation did not improve, reaching in certain cases an accuracy of 0%.
Ensuring anonymity online, is a very important goal to safeguard the security of all users in general and persecuted politicians and whistleblowers in particular, to do this one of the most adopted tools is Tor (The Onion Router) which with its network allows anonymous browsing to millions of users every day, but as the adoption of the Tor network by users has advanced, attacks by nations with the purpose of deanonymizing users have also increased. In this thesis, we are going to discuss the effectiveness of the Session Correlation attack in the Tor network, which aims to deanonymize a user by taking possession of entry guard and exit nodes or by cooperating with ISPs of various nations. To do so, we analysed scenarios by verifying their possible implementations in the network and validated one of the state-of-the-art projects that addresses the Session Correlation attack through sliding subset sum, SUMo. From the results obtained, it can be concluded that the attack is very difficult to be performed, in the scenario where the attacker owns the entry and exit nodes, technologies such as Vanguard and Conflux make the user very secure in his browsing. On the other hand, in the scenario of inter-nation collaborations, the large number of affiliate and not to nations entities, combined with the amount of connections an ISP can receive and the possibility of using VPNs and Bridges, configure the attack as highly disadvantageous for the attacker who could achieve the same results through other attacks. In the end, we analysed SUMo with different settings and managed to correlate with an accuracy of 6%, peaking, with the best setting of 24%, it showed, in addition, failure to handle errors and uncorrelated sessions. The tests were also carried out with sessions made with active user protections such as Bridge, VPN and a script we developed, in addition to the normal session that is possible to make with the Tor browser, in these cases the situation did not improve, reaching in certain cases an accuracy of 0%.
Enhancing Tor Privacy: A Study on State-of-the-Art Session Correlation Methods and Possible Countermeasures
LATINI, LUDOVICO
2024/2025
Abstract
Ensuring anonymity online, is a very important goal to safeguard the security of all users in general and persecuted politicians and whistleblowers in particular, to do this one of the most adopted tools is Tor (The Onion Router) which with its network allows anonymous browsing to millions of users every day, but as the adoption of the Tor network by users has advanced, attacks by nations with the purpose of deanonymizing users have also increased. In this thesis, we are going to discuss the effectiveness of the Session Correlation attack in the Tor network, which aims to deanonymize a user by taking possession of entry guard and exit nodes or by cooperating with ISPs of various nations. To do so, we analysed scenarios by verifying their possible implementations in the network and validated one of the state-of-the-art projects that addresses the Session Correlation attack through sliding subset sum, SUMo. From the results obtained, it can be concluded that the attack is very difficult to be performed, in the scenario where the attacker owns the entry and exit nodes, technologies such as Vanguard and Conflux make the user very secure in his browsing. On the other hand, in the scenario of inter-nation collaborations, the large number of affiliate and not to nations entities, combined with the amount of connections an ISP can receive and the possibility of using VPNs and Bridges, configure the attack as highly disadvantageous for the attacker who could achieve the same results through other attacks. In the end, we analysed SUMo with different settings and managed to correlate with an accuracy of 6%, peaking, with the best setting of 24%, it showed, in addition, failure to handle errors and uncorrelated sessions. The tests were also carried out with sessions made with active user protections such as Bridge, VPN and a script we developed, in addition to the normal session that is possible to make with the Tor browser, in these cases the situation did not improve, reaching in certain cases an accuracy of 0%.| File | Dimensione | Formato | |
|---|---|---|---|
|
Latini_Ludovico.pdf
accesso aperto
Dimensione
920.76 kB
Formato
Adobe PDF
|
920.76 kB | Adobe PDF | Visualizza/Apri |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/84775