Abstract
To date, there has yet to be a study that characterizes the usage of a real deployed anonymity service. We present observations and analysis obtained by participating in the Tor network. Our primary goals are to better understand Tor as it is deployed and through this understanding, propose improvements. In particular, we are interested in answering the following questions: (1) How is Tor being used? (2) How is Tor being mis-used? (3) Who is using Tor?
To sample the results, we show that web traffic makes up the majority of the connections and bandwidth, but non-interactive protocols consume a disproportionately large amount of bandwidth when compared to interactive protocols. We provide a survey of how Tor is being misused, both by clients and by Tor router operators. In particular, we develop a method for detecting exit router logging (in certain cases). Finally, we present evidence that Tor is used throughout the world, but router participation is limited to only a few countries.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)
Wendolsky, R., Herrmann, D., Federrath, H.: Performance comparison of low-latency anonymisation services from a user perspective. In: Borisov, N., Golle, P. (eds.) PET 2007. Springer, Heidelberg (2007)
Goldberg, I.: On the security of the Tor authentication protocol. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258. Springer, Heidelberg (2006)
Murdoch, S.J.: Hot or not: Revealing hidden services by their clock skew. In: 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA (November 2006)
Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (2005)
Øverlier, L., Syverson, P.: Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (2006)
Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against Tor. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2007), Washington, DC, USA (October 2007)
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174. Springer, Heidelberg (1996)
Sicker, D.C., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: IMC 2007: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. ACM Press, New York (2007)
Ethereal: A network protocol analyzer, http://www.ethereal.com
Bauer, K., McCoy, D.: Block insecure protocols by default (January 2008), https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/proposals/129-reject-plaintext-ports.txt
Zetter, K.: Tor researcher who exposed embassy e-mail passwords gets raided by Swedish FBI and CIA (November 2007), http://blog.wired.com/27bstroke6/2007/11/swedish-researc.html
Perry, M.: Torflow, https://www.torproject.org/svn/torflow/README
OpenDNS, http://www.opendns.com
Bethencourt, J., Franklin, J., Vernon, M.: Mapping Internet sensors with probe response attacks. In: Proceedings of the 14th conference on USENIX Security Symposium, Baltimore, MD. USENIX Association (2005)
Shinoda, Y., Ikai, K., Itoh, M.: Vulnerabilities of passive Internet threat monitors. In: Proceedings of the 14th conference on USENIX Security Symposium, Baltimore, MD. USENIX Association (2005)
Cesarini, P.: Caught in the Network. In: The Chronicle of Higher Education, Washington, D.C, vol. 53 (February 2007)
Tor: Response template for Tor node maintainer to ISP, http://www.torproject.org/eff/tor-dmca-response.html
Dingledine, R.: EFF is looking for Tor DMCA test case volunteers, http://archives.seul.org/or/talk/Oct-2005/msg00208.html
Johnson, P.C., Kapadia, A., Tsang, P.P., Smith, S.W.: Nymble: Anonymous IP-address blocking. In: Borisov, N., Golle, P. (eds.) PET 2007. Springer, Heidelberg (2007)
American Registry for Internet Numbers, http://www.arin.net/index.shtml
Asia Pacific Network Information Centre, http://www.apnic.net
Latin American & Caribbean Internet Addresses Registry, http://lacnic.net/en
Ripe Network Coordination Centre, http://www.ripe.net
African Network Information Centre, http://www.afrinic.net
Inernet World Stats, http://www.internetworldstats.com
McCoy, D., Bauer, K., Grunwald, D., Tabriz, P., Sicker, D.: Shining light in dark places: A study of anonymous network usage. University of Colorado Technical Report CU-CS-1032-07 (2007)
Feamster, N., Dingledine, R.: Location diversity in anonymity networks. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2004), Washington, DC, USA (October 2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
McCoy, D., Bauer, K., Grunwald, D., Kohno, T., Sicker, D. (2008). Shining Light in Dark Places: Understanding the Tor Network. In: Borisov, N., Goldberg, I. (eds) Privacy Enhancing Technologies. PETS 2008. Lecture Notes in Computer Science, vol 5134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70630-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-70630-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70629-8
Online ISBN: 978-3-540-70630-4
eBook Packages: Computer ScienceComputer Science (R0)