A Comprehensive Evaluation of the Impact on Tor Network Anonymity Caused by ShadowRelay

As a distributed anonymous network run by volunteers, Tor relays are often manipulated by operators to achieve their goals. Our work reveals that some relays, named ShadowRelay, are bound to hidden nodes and actively forward user traffic to the next-hop relay or target without the user's knowle...

Full description

Saved in:
Bibliographic Details
Published in2023 IEEE Symposium on Computers and Communications (ISCC) pp. 1369 - 1375
Main Authors Zhang, Qingfeng, Zhu, Jiawei, Chen, Muqian, Wang, Xuebin, Liu, Qingyun, Shi, Jinqiao
Format Conference Proceeding
LanguageEnglish
Published IEEE 09.07.2023
Subjects
Anonymity
Bandwidth
Computers
Delays
Filtering
Hidden node
Malicious relay
Relays
Tor
Online AccessGet full text

Cover

More Information
Summary:As a distributed anonymous network run by volunteers, Tor relays are often manipulated by operators to achieve their goals. Our work reveals that some relays, named ShadowRelay, are bound to hidden nodes and actively forward user traffic to the next-hop relay or target without the user's knowledge. To detect ShadowRelays, we developed HiddenSniffer based on client and Tor relay collusion, and found 162 hidden nodes distributed across 22 countries, along with 85 Shadow Relays which account for 2.08% of the total relay bandwidth. Additionally, there exists a family relationship among the Shadow Relays, with the largest family containing 24 members. The experimental results indicate that ShadowRelays have increased the number of ASes capable of sniffing user traffic by 27.6%, and improved the ability of 14.7% of attackers to launch traffic confirmation attacks. Furthermore, ShadowRelays adversely impact the Tor network's availability by introducing increased transmission delay within the circuits.
ISSN:2642-7389
DOI:10.1109/ISCC58397.2023.10218060