An international team of security researchers has received the prestigious 2024 Best Portuguese Internet Research Award from the Portuguese Chapter of the Internet Society (ISOC.pt). The researchers were recognized for their paper, “Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum,” work that uncovered critical vulnerabilities in the Tor network.
The goal of the Tor network, one of the world’s most widely used anonymity networks, is to provide users a way to access the Internet as privately and anonymously as possible by routing encrypted traffic through multiple servers. Expectations are that this eliminates the possibility of tracing the origin of traffic, allowing Tor users to circumvent surveillance imposed by censorship agencies and national authorities.
Professor Diogo Barradas, from the Cheriton School of Computer Science, is among the paper’s co-authors. Their work was selected by the ISOC.pt because it exposed vulnerabilities in the Tor network that could be exploited by third parties to enable the tracking of presumed anonymous communications.
“The jury highlights the contribution of this paper to the protection of citizens’ rights online and against abusive surveillance and censorship on political or racial grounds, both goals of the Internet Society,” wrote Professor Hugo Miranda on behalf of the jury and ISOC.pt board. “The ISOC.pt congratulates Daniela Lopes, Jin-Dong Dong, Pedro Medeiros, Daniel Castro, Diogo Barradas, Bernardo Portela, João Vinagre, Bernardo Ferreira, Nicolas Christin and Nuno Santos for this work.”
Diogo Barradas is an Assistant Professor at the Cheriton School of Computer Science, a member of the CrySP group, and the interim Associate Director of the Waterloo Cybersecurity and Privacy Institute. His research focuses on network security and privacy, with particular emphasis on statistical traffic analysis, Internet censorship circumvention and digital forensics.
About this award-winning research
Tor is a widely recognized low-latency anonymity network that allows users to circumvent surveillance, eavesdropping and censorship. Its ability to defend against flow correlation attacks is essential to provide strong anonymity guarantees. However, the feasibility of flow correlation attacks against Tor onion services has remained an open challenge.
In their award-winning paper, the researchers present an effective flow correlation attack that can deanonymize onion service sessions in the Tor network. Their attack is based on a novel distributed technique named Sliding Subset Sum (SUMo), which can be deployed by a group of colluding ISPs worldwide in a federated fashion. These ISPs collect Tor traffic at multiple vantage points in the network and analyze it through a pipelined architecture based on machine learning classifiers and a novel similarity function based on the classic subset sum decision problem. These classifiers enable SUMo to deanonymize onion service sessions effectively and efficiently. The researchers also analyzed possible countermeasures the Tor community can adopt to hinder the efficacy of these attacks.
Key contributions of the research
- A novel classification algorithm that enables efficient and accurate flow correlation for Tor onion service sessions
- Improved circuit fingerprinting classifiers, capable of by-passing the circuit padding defences implemented in the latest versions of Tor
- A robust classification pipeline, demonstrating the practical application and effectiveness of deploying SUMo attacks on Tor onion service sessions
- A large dataset for enabling flow correlation on Tor, encompassing both clearnet and onion service websites; this dataset represents a valuable resource for in-depth study and analysis of the Tor network
- A comprehensive evaluation of the described techniques, showing that SUMo attacks are feasible and effective
To learn more about the research on which this article is based, please see Daniela Lopes, Jin-Dong Dong, Pedro Medeiros, Daniel Castro, Diogo Barradas, Bernardo Portela, João Vinagre, Bernardo Ferreira, Nicolas Christin, Nuno Santos. Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum. Proceedings of the 31st Network and Distributed System Security Symposium, San Diego, CA, USA.