One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users

Stevens Le Blond 1, * Pere Manils 1 Chaabane Abdelberi 1 Mohamed Ali Kaafar 1, * Claude Castelluccia 1 Arnaud Legout 1 Walid Dabbous 1
* Auteur correspondant
1 PLANETE - Protocols and applications for the Internet
Inria Grenoble - Rhône-Alpes, CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : Tor is a popular low-latency anonymity network. However, Tor does not protect against the exploitation of an insecure application to reveal the IP address of, or trace, a TCP stream. In addition, because of the linkability of Tor streams sent together over a single circuit, tracing one stream sent over a circuit traces them all. Surprisingly, it is unknown whether this linkability allows in practice to trace a significant number of streams originating from secure (i.e., proxied) applications. In this paper, we show that linkability allows us to trace 193% of additional streams, including 27% of HTTP streams possibly originating from ''secure'' browsers. In particular, we traced 9% of Tor streams carried by our instrumented exit nodes. Using BitTorrent as the insecure application, we design two attacks tracing BitTorrent users on Tor. We run these attacks in the wild for 23 days and reveal 10,000 IP addresses of Tor users. Using these IP addresses, we then profile not only the BitTorrent downloads but also the websites visited per country of origin of Tor users. We show that BitTorrent users on Tor are over-represented in some countries as compared to BitTorrent users outside of Tor. By analyzing the type of content downloaded, we then explain the observed behaviors by the higher concentration of pornographic content downloaded at the scale of a country. Finally, we present results suggesting the existence of an underground BitTorrent ecosystem on Tor.
Type de document :
Communication dans un congrès
4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11), Mar 2011, Boston, United States. USENIX, 2011
Liste complète des métadonnées

Littérature citée [12 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00574178
Contributeur : Stevens Le Blond <>
Soumis le : lundi 7 mars 2011 - 13:00:48
Dernière modification le : samedi 27 janvier 2018 - 01:30:53
Document(s) archivé(s) le : mercredi 8 juin 2011 - 06:41:23

Fichiers

btor.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00574178, version 1
  • ARXIV : 1103.1518

Collections

Citation

Stevens Le Blond, Pere Manils, Chaabane Abdelberi, Mohamed Ali Kaafar, Claude Castelluccia, et al.. One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users. 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11), Mar 2011, Boston, United States. USENIX, 2011. 〈inria-00574178〉

Partager

Métriques

Consultations de la notice

4279

Téléchargements de fichiers

965