Publicação
Detection of anonymised traffic: Tor as case study
| Resumo: | This work studies Tor, an anonymous overlay network used to browse the Internet. Apart from its main purpose, this open-source project has gained popularity mainly because it does not hide its implementation. In this way, researchers and security experts can fully examine and confirm its security requirements. Its ease of use has attracted all kinds of people, including ordinary citizens who want to avoid being profiled for targeted advertisements or circumvent censorship, corporations who do not want to reveal information to their competitors, and government intelligence agencies who need to do operations on the Internet without being noticed. In opposition, an anonymous system like this represents a good testbed for attackers, because their actions are naturally untraceable. In this work, the characteristics of Tor traffic are studied in detail in order to devise an inspection methodology able to improve Tor detection. In particular, this methodology considers as new inputs the observer position in the network, the portion of traffic it can monitor, and particularities of the Tor browser for helping in the detection process. In addition, a set of Snort rules were developed as a proof-of-concept for the proposed Tor detection approach. |
|---|---|
| Autores principais: | Dantas, Bruno |
| Outros Autores: | Carvalho, Paulo; Lima, Solange; Silva, João Marco Cardoso |
| Assunto: | Ciências Naturais::Ciências da Computação e da Informação |
| Ano: | 2020 |
| País: | Portugal |
| Tipo de documento: | comunicação em conferência |
| Tipo de acesso: | acesso restrito |
| Instituição associada: | Universidade do Minho |
| Idioma: | inglês |
| Origem: | RepositóriUM - Universidade do Minho |
| _version_ | 1867439707404632064 |
|---|---|
| author | Dantas, Bruno |
| author2 | Carvalho, Paulo Lima, Solange Silva, João Marco Cardoso |
| author2_role | author author author |
| author_facet | Dantas, Bruno Carvalho, Paulo Lima, Solange Silva, João Marco Cardoso |
| author_role | author |
| contributor_name_str_mv | RepositóriUM - Universidade do Minho |
| country_str | PT |
| creators_json_txt | [{\"Person.name\":\"Dantas, Bruno\"},{\"Person.name\":\"Carvalho, Paulo\"},{\"Person.name\":\"Lima, Solange\"},{\"Person.name\":\"Silva, João Marco Cardoso\"}] |
| datacite.contributors.contributor.contributorName.fl_str_mv | RepositóriUM - Universidade do Minho |
| datacite.creators.creator.creatorName.fl_str_mv | Dantas, Bruno Carvalho, Paulo Lima, Solange Silva, João Marco Cardoso |
| datacite.date.Accepted.fl_str_mv | 2020-01-01T00:00:00Z |
| datacite.date.embargoed.fl_str_mv | 10000-01-01T00:00:00Z |
| datacite.rights.fl_str_mv | http://purl.org/coar/access_right/c_16ec |
| datacite.subjects.subject.fl_str_mv | Ciências Naturais::Ciências da Computação e da Informação |
| datacite.titles.title.fl_str_mv | Detection of anonymised traffic: Tor as case study |
| dc.contributor.none.fl_str_mv | RepositóriUM - Universidade do Minho |
| dc.creator.none.fl_str_mv | Dantas, Bruno Carvalho, Paulo Lima, Solange Silva, João Marco Cardoso |
| dc.date.Accepted.fl_str_mv | 2020-01-01T00:00:00Z |
| dc.date.embargoed.fl_str_mv | 10000-01-01T00:00:00Z |
| dc.format.none.fl_str_mv | application/pdf |
| dc.identifier.none.fl_str_mv | https://hdl.handle.net/1822/71608 |
| dc.language.none.fl_str_mv | eng |
| dc.publisher.none.fl_str_mv | Springer |
| dc.rights.none.fl_str_mv | http://purl.org/coar/access_right/c_16ec |
| dc.subject.none.fl_str_mv | Ciências Naturais::Ciências da Computação e da Informação |
| dc.title.fl_str_mv | Detection of anonymised traffic: Tor as case study |
| dc.type.none.fl_str_mv | http://purl.org/coar/resource_type/c_5794 |
| description | This work studies Tor, an anonymous overlay network used to browse the Internet. Apart from its main purpose, this open-source project has gained popularity mainly because it does not hide its implementation. In this way, researchers and security experts can fully examine and confirm its security requirements. Its ease of use has attracted all kinds of people, including ordinary citizens who want to avoid being profiled for targeted advertisements or circumvent censorship, corporations who do not want to reveal information to their competitors, and government intelligence agencies who need to do operations on the Internet without being noticed. In opposition, an anonymous system like this represents a good testbed for attackers, because their actions are naturally untraceable. In this work, the characteristics of Tor traffic are studied in detail in order to devise an inspection methodology able to improve Tor detection. In particular, this methodology considers as new inputs the observer position in the network, the portion of traffic it can monitor, and particularities of the Tor browser for helping in the detection process. In addition, a set of Snort rules were developed as a proof-of-concept for the proposed Tor detection approach. |
| dirty | 0 |
| eu_rights_str_mv | restrictedAccess |
| format | conferencePaper |
| fulltext.url.fl_str_mv | https://repositorium.uminho.pt/bitstreams/bbbf41fb-c28c-4cb3-8faf-d72f3bc42a52/download |
| id | rum_51bbccddd8bdbb5db95ebcdff20f6066 |
| identifier.url.fl_str_mv | https://hdl.handle.net/1822/71608 |
| instacron_str | repositorium |
| institution | Universidade do Minho |
| instname_str | Universidade do Minho |
| language | eng |
| network_acronym_str | rum |
| network_name_str | RepositóriUM - Universidade do Minho |
| oai_identifier_str | oai:repositorium.uminho.pt:1822/71608 |
| organization_str_mv | urn:organizationAcronym:repositorium |
| person_str_mv | Dantas, Bruno Carvalho, Paulo Lima, Solange Silva, João Marco Cardoso |
| publishDate | 2020 |
| publisher.none.fl_str_mv | Springer |
| reponame_str | RepositóriUM - Universidade do Minho |
| repository_id_str | urn:repositoryAcronym:rum |
| service_str_mv | urn:repositoryAcronym:rum |
| spelling | engSpringerporThis work studies Tor, an anonymous overlay network used to browse the Internet. Apart from its main purpose, this open-source project has gained popularity mainly because it does not hide its implementation. In this way, researchers and security experts can fully examine and confirm its security requirements. Its ease of use has attracted all kinds of people, including ordinary citizens who want to avoid being profiled for targeted advertisements or circumvent censorship, corporations who do not want to reveal information to their competitors, and government intelligence agencies who need to do operations on the Internet without being noticed. In opposition, an anonymous system like this represents a good testbed for attackers, because their actions are naturally untraceable. In this work, the characteristics of Tor traffic are studied in detail in order to devise an inspection methodology able to improve Tor detection. In particular, this methodology considers as new inputs the observer position in the network, the portion of traffic it can monitor, and particularities of the Tor browser for helping in the detection process. In addition, a set of Snort rules were developed as a proof-of-concept for the proposed Tor detection approach.application/pdfporDetection of anonymised traffic: Tor as case studyDantas, BrunoCarvalho, PauloLima, SolangeSilva, João Marco CardosoHostingInstitutionOrganizationalRepositóriUM - Universidade do Minhoe-mailmailto:repositorium@usdb.uminho.ptrepositorium@usdb.uminho.ptCITATIONDantas, B., Carvalho, P., Lima, S. R., & Silva, J. M. C. (2020). Detection of Anonymised Traffic: Tor as Case Study. In Internet of Things, Smart Spaces, and Next Generation Networks and Systems (pp. 95-109). SpringerISBNIsPartOf978-3-030-65728-4ISSNIsPartOf0302-9743DOIIsPartOf10.1007/978-3-030-65729-1_9EISBNIsPartOf978-3-030-65729-120202021-04-10T14:54:07Z10000-01-01T00:00:00Z2020-01-01T00:00:00ZHandlehttps://hdl.handle.net/1822/71608http://purl.org/coar/access_right/c_16ecrestricted accesshttp://www.oecd.org/science/inno/38235147.pdfFields of Science and Technology (FOS)Ciências Naturais::Ciências da Computação e da Informação232348 bytesother research producthttp://purl.org/coar/resource_type/c_5794conference paperhttp://purl.org/coar/access_right/c_f1cfapplication/pdffulltexthttps://repositorium.uminho.pt/bitstreams/bbbf41fb-c28c-4cb3-8faf-d72f3bc42a52/download |
| spellingShingle | Detection of anonymised traffic: Tor as case study Dantas, Bruno Ciências Naturais::Ciências da Computação e da Informação |
| status | SINGLETON |
| subject.other.fl_str_mv | Ciências Naturais::Ciências da Computação e da Informação |
| title | Detection of anonymised traffic: Tor as case study |
| title_full | Detection of anonymised traffic: Tor as case study |
| title_fullStr | Detection of anonymised traffic: Tor as case study |
| title_full_unstemmed | Detection of anonymised traffic: Tor as case study |
| title_short | Detection of anonymised traffic: Tor as case study |
| title_sort | Detection of anonymised traffic: Tor as case study |
| topic | Ciências Naturais::Ciências da Computação e da Informação |
| topic_facet | Ciências Naturais::Ciências da Computação e da Informação |
| url | https://hdl.handle.net/1822/71608 |
| visible | 1 |