Tor HTTP Usage and Information Leakage

Abstract : This paper analyzes the web browsing behaviour of Tor users. By collecting HTTP requests we show which websites are of interest to Tor users and we determined an upper bound on how vulnerable Tor users are to sophisticated de-anonymization attacks: up to 78 % of the Tor users do not use Tor as suggested by the Tor community, namely to browse the web with TorButton. They could thus fall victim to de-anonymization attacks by merely browsing the web. Around 1% of the requests could be used by an adversary for exploit piggybacking on vulnerable file formats. Another 7 % of all requests were generated by social networking sites which leak plenty of sensitive and identifying information. Due to the design of HTTP and Tor, we argue that HTTPS is currently the only effective countermeasure against de-anonymization and information leakage for HTTP over Tor.
Type de document :
Communication dans un congrès
Bart Decker; Ingrid Schaumüller-Bichl. 11th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security (CMS), May 2010, Linz, Austria. Springer, Lecture Notes in Computer Science, LNCS-6109, pp.245-255, 2010, Communications and Multimedia Security. 〈10.1007/978-3-642-13241-4_22〉
Liste complète des métadonnées

Littérature citée [16 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01056375
Contributeur : Hal Ifip <>
Soumis le : lundi 18 août 2014 - 18:10:32
Dernière modification le : vendredi 11 août 2017 - 15:29:36
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 05:32:46

Fichier

cms2010_submission_49.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Markus Huber, Martin Mulazzani, Edgar Weippl. Tor HTTP Usage and Information Leakage. Bart Decker; Ingrid Schaumüller-Bichl. 11th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security (CMS), May 2010, Linz, Austria. Springer, Lecture Notes in Computer Science, LNCS-6109, pp.245-255, 2010, Communications and Multimedia Security. 〈10.1007/978-3-642-13241-4_22〉. 〈hal-01056375〉

Partager

Métriques

Consultations de la notice

247

Téléchargements de fichiers

641