Table 8 - uploaded by Saad Saleh
Content may be subject to copyright.
Research works on Tor's client mobility. Table entries symbolize New algorithms (New Algo), Analysis (Anal.), Autonomous Systems (AS), Relay Locations (Relay loc.), Hops, Performance-Latency-Bandwidth (Perf., Lat, BW), Multi-path, Load, Relay Capacity (Rel. Cap.) and Anonymity (Anon). Research Focus Path Selection Parameters Idea New Anal.AS RelayHops Perf. Multi-load Rel. Anon. 

Research works on Tor's client mobility. Table entries symbolize New algorithms (New Algo), Analysis (Anal.), Autonomous Systems (AS), Relay Locations (Relay loc.), Hops, Performance-Latency-Bandwidth (Perf., Lat, BW), Multi-path, Load, Relay Capacity (Rel. Cap.) and Anonymity (Anon). Research Focus Path Selection Parameters Idea New Anal.AS RelayHops Perf. Multi-load Rel. Anon. 

Source publication
Article
Full-text available
Anonymity services have seen high growth rates with increased usage in the past few years. Among various services, Tor is one of the most popular peer-to-peer anonymizing service. In this survey paper, we summarize, analyze, classify and quantify 26 years of research on the Tor network. Our research shows that `security' and `anonymity' are the mos...

Context in source publication

Context 1
... this section, we study the research works focused on the mobility of Tor network with a particular emphasis on anonymity. Table 8 shows the research works in path selection track and shows that performance and anonymity have been the most frequently studied parameters. Details are presented in below paragraphs. ...

Similar publications

Preprint
Full-text available
Background: COVID-19 caused the worst international public health crisis, accompanied by major global economic downturns, mass-scale job losses, which impacted on the psychosocial wellbeing of the worldwide population. This study examined factors associated with psychosocial distress, fear of COVID-19 and coping strategies amongst the general popul...

Citations

... The main idea is to hide communication metadata (like who communicates with whom) to a local eavesdropper. While there has been a lot of research on Tor and JonDonym [37,47], the large majority of it is of technical nature and does not consider the users and their perceptions. That changed with a series of papers investigating reasons for the (non-)adoption of Tor [20] and JonDonym [17]. ...
Article
Users report that they have regretted accidentally sharing personal information on social media. There have been proposals to help protect the privacy of these users, by providing tools which analyze text or images and detect personal information or privacy disclosure with the objective to alert the user of a privacy risk and transform the content. However, these proposals rely on having access to users' data and users have reported that they have privacy concerns about the tools themselves. In this study, we investigate whether these privacy concerns are unique to privacy tools or whether they are comparable to privacy concerns about non-privacy tools that also process personal information. We conduct a user experiment to compare the level of privacy concern towards privacy tools and non-privacy tools for text and image content, qualitatively analyze the reason for those privacy concerns, and evaluate which assurances are perceived to reduce that concern. The results show privacy tools are at a disadvantage: participants have a higher level of privacy concern about being surveilled by the privacy tools, and the same level concern about intrusion and secondary use of their personal information compared to non-privacy tools. In addition, the reasons for these concerns and assurances that are perceived to reduce privacy concern are also similar. We discuss what these results mean for the development of privacy tools that process user content.
... The experiments demonstrate that Tor anonymous traffic is recognized at a rate of more than 99%, with classification accuracy reaching 94%. The authors of [45] conducted a thorough analysis of Tor traffic classification, quantification, and comparison of various strategies for deanonymization, path selection, and increasing the performance of encrypted communication in the Darknet. ...
Article
Full-text available
The massive modern technical revolution in electronics, cognitive computing, and sensing has provided critical infrastructure for the development of today’s Internet of Things (IoT) for a wide range of applications. However, because endpoint devices’ computing, storage, and communication capabilities are limited, IoT infrastructures are exposed to a wide range of cyber-attacks. As such, Darknet or blackholes (sinkholes) attacks are significant, and recent attack vectors that are launched against several IoT communication services. Since Darknet address space evolved as a reserved internet address space that is not contemplated to be used by legitimate hosts globally, any communication traffic is speculated to be unsolicited and distinctively deemed a probe, backscatter, or misconfiguration. Thus, in this paper, we develop, investigate, and evaluate the performance of machine-learning-based Darknet traffic detection systems (DTDS) in IoT networks. Mainly, we make use of six supervised machine-learning techniques, including bagging decision tree ensembles (BAG-DT), AdaBoost decision tree ensembles (ADA-DT), RUSBoosted decision tree ensembles (RUS-DT), optimizable decision tree (O-DT), optimizable k-nearest neighbor (O-KNN), and optimizable discriminant (O-DSC). We evaluate the implemented DTDS models on a recent and comprehensive dataset, known as the CIC-Darknet-2020 dataset, composed of contemporary actual IoT communication traffic involving four different classes that combine VPN and Tor traffic in a single dataset covering a wide range of captured cyber-attacks and hidden services provided by the Darknet. Our empirical performance analysis demonstrates that bagging ensemble techniques (BAG-DT) offer better accuracy and lower error rates than other implemented supervised learning techniques, scoring a 99.50% of classification accuracy with a low inferencing overhead of 9.09 µ second. Finally, we also contrast our BAG-DT-DTDS with other existing DTDS models and demonstrate that our best results are improved by (1.9~27%) over the former state-of-the-art models.
... Our goal is to see the different aspects of the three most popular dark web systems: Tor, I2P, and Freenet. Although there are surveys available on anonymous networks [8]- [10], [1], [11]- [13], [6], [14], there is no comprehensive survey of the complex deanonymizing attacks on the dark web and threat intelligence techniquesthat is the focus of this study. ...
... They also reported some countermeasures in their survey. Saleh et al. [8] presented a literature survey that deals with classification, quantification, and comparative analysis of research work on Tor. They classified the literature into three broad categories: deanonymization, path selection, analysis, and performance improvement. ...
... It is not clear to what extent the dark web occupies the deep web [16]. Still, it is evident that some illegal activities routinely occur within the dark web, such as child pornography, phishing, scams, fraud, hacking, human trafficking, etc. Exact figures are not known yet [8]. ...
Article
Full-text available
The dark web is a section of the Internet that is not accessible to search engines and requires an anonymizing browser called Tor. Its hidden network and anonymity pave the way for illegal activities and help cybercriminals to execute well-planned, coordinated, and malicious cyberattacks. Cyber security experts agree that online criminal activities are increasing exponentially, and they are also becoming more rampant and intensified. These illegal cyber activities include various destructive crimes that may target a single person or a whole nation, for example, data breaches, ransomware attacks, black markets, mafias, and terrorist attacks. So, maintaining data privacy and secrecy is the new dilemma of the era. This paper has extensively reviewed various attacks and attack patterns commonly applied in the dark web. We have also classified these attacks in our unique trilogies classification system. Furthermore, a detailed overview of existing threat detection techniques and their limitations is discussed for anonymity providing services like Tor, I2P, and Freenet. Finally, the paper has identified significant weaknesses that make the dark web vulnerable to different attacks.
... Darknet trhy fungují spíše krátkodobě a jsou přístupné prostřednictvím společností "Tor", "Dream market" nebo "Tochka", které provozují překryvnou síť anonymních serverů a maskování původních IP adres uživatelů. Anonymita je zajišťována i použitím kryptoměn, například bitcoin nebo monero pro elektronické platby [24,25]. ...
Article
Full-text available
A synthetic opioid called fentanyl is a well-known therapeutic agent for the relief of chronic and extreme pain. In medical practice, it is applied to patients in several ways. Outside medical facilities, patients are mainly helped by the application of patches, from which the active substance is gradually released and penetrates transdermally into the body. However, fentanyl and its derivatives also have side effects, which are a danger, especially in the case of unprofessional treatment and targeted abuse by drug addicts. In recent years, there has been a relatively high number of cases worldwide where fentanyl has been extracted from a transdermal patch and an overdose has occurred.
... Darknet trhy fungují spíše krátkodobě a jsou přístupné prostřednictvím společností "Tor", "Dream market" nebo "Tochka", které provozují překryvnou síť anonymních serverů a maskování původních IP adres uživatelů. Anonymita je zajišťována i použitím kryptoměn, například bitcoin nebo monero pro elektronické platby [24,25]. ...
Article
Syntetický opioid s názvem fentanyl je známým terapeutickým prostředkem k tlumení chronické i extrémní bolesti. V medicínské praxi je pacientům aplikován několikero způsoby. Mimo zdravotnická zařízení pacientům pomáhá především aplikace náplastí, z nich je účinná látka postupně uvolňována a proniká transdermálně do organismu. Fentanyl a jeho deriváty ovšem vykazují i nežádoucí účinky, jež představují nebezpečí především v případě neodborného zacházení a cíleného zneužívání drogově závislými jedinci. V uplynulých letech bylo celosvětově evidováno poměrně vysoké množství případů, kdy byl fentanyl z náplasti extrahován a došlo k předávkování uživatele.
... The main function that provides Tor to any citizen is, through a set of nodes in the Tor network, to protect his/her anonymity by hiding his/her network IP address [1]. The security and anonymity of Tor have been deeply studied in many works [2,5], and although different types of attacks are possible [3,6], the research community is working toward providing solutions to the different attacks [5,7,8]. ...
... The main function that provides Tor to any citizen is, through a set of nodes in the Tor network, to protect his/her anonymity by hiding his/her network IP address [1]. The security and anonymity of Tor have been deeply studied in many works [2,5], and although different types of attacks are possible [3,6], the research community is working toward providing solutions to the different attacks [5,7,8]. ...
... As mentioned previously, due to its popularity and the services it offers, Tor has been broadly studied and many issues regarding it have been analysed. It has been analysed both from the user's point of view [17] and a technical point of view [5,12,15]. Technical studies are the most common analyses. ...
Article
Full-text available
Anonymous communications networks were created to protect the privacy of communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features. Among them, we can mention that Tor can hide a user’s IP address when accessing to a service such as the Web, and it also supports Tor hidden services (THS) (now named onion services) as a mechanism to conceal the server’s IP address, used mainly to provide anonymity to websites. THS is an important research field in Tor. However, there is a lack of reviews that sum up the main findings and research challenges. In this article, we present a systematic literature review that aims to offer a comprehensive overview of the research made on THS by presenting the state-of-the-art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and presents main findings and advances regarding Tor hidden services, limitations found, and future issues to be investigated.
... The main function that provides Tor to any citizen is, through a set nodes in the Tor network, protect his/her anonymity by hiding his/her network IP address [1]. The security and anonymity of Tor has been deeply studied in many works and, although, different types of attacks are possible [3,4], the research community is working in providing solutions to the different attacks [5][6][7]. ...
... As mentioned previously, due to its popularity and the services it offers, Tor has been broadly studied and many issues regarding it has been analysed. It has been analysed both from user's point of view [14] and a technical point of view [5,11,13]. Being the technical studies the most common. In a taxonomy presented by Saleh et al. [5], they classify Tor research topics in deanonymization, performance analysis and architectural improvements, and path selection. ...
... Being the technical studies the most common. In a taxonomy presented by Saleh et al. [5], they classify Tor research topics in deanonymization, performance analysis and architectural improvements, and path selection. Within these topics, we can found THS. ...
Preprint
Full-text available
Anonymous communications networks were born to protect the privacy of our communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features, among them, we can mention user’s IP location or Tor Hidden Services (THS) as a mechanism to conceal the location of servers, mainly, web servers. THS is an important research field in Tor. However, there is a lack of reviews that sump up main findings and research challenges. In this article we present a systematic literature review that aims to offer a comprehensive view on the research made on Tor Hidden services presenting the state of the art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and present main findings and advances regarding Tor Hidden Services, limitations found, and future issues to be investigated.
... Although there are some past surveys of Tor attacks, most consider all types of Tor attacks, while we have narrowed the scope to only include de-anonymisation attacks. Our survey covers about 30 more de-anonymisation attacks than most past surveys [9], [10], [11], [12]. Moreover, we discuss more than 15 de-anonymisation attacks published after 2016 (not reported in most of the previous works [10], [13], [14]), including attacks that use advanced techniques such as deep learning. ...
... A survey on a vast area of overall Tor research (performance, architectural improvements, attacks, and experimentation) was published in 2018 [11]. In their paper, Saleh et al. [11] divide all Tor research into three main categories: deanonymisation, path selection and performance analysis, and architectural improvements. ...
... A survey on a vast area of overall Tor research (performance, architectural improvements, attacks, and experimentation) was published in 2018 [11]. In their paper, Saleh et al. [11] divide all Tor research into three main categories: deanonymisation, path selection and performance analysis, and architectural improvements. The de-anonymisation category is discussed under six sub-categories: 1. HS identification, 2. Tor traffic identification, 3. Attacks on Tor, 4. Tor traffic analysis attacks, 5. Tor improvements, and 6. ...
Article
Full-text available
Anonymity networks are becoming increasingly popular in today’s online world as more users attempt to safeguard their online privacy. Tor is currently the most popular anonymity network in use and provides anonymity to both users and services (hidden services). However, the anonymity provided by Tor is also being misused in various ways. Hosting illegal sites for selling drugs, hosting command and control servers for botnets, and distributing censored content are but a few such examples. As a result, various parties, including governments and law enforcement agencies, are interested in attacks that assist in de-anonymising the Tor network, disrupting its operations, and bypassing its censorship circumvention mechanisms. In this survey paper, we review known Tor attacks and identify current techniques for the de-anonymisation of Tor users and hidden services. We discuss these techniques and analyse the practicality of their execution method. We conclude by discussing improvements to the Tor framework that help prevent the surveyed de-anonymisation attacks.
... There are many mechanisms of IPv4/IPv6 translation [85]. With Tor, there are some powerful traffic analysis attacks who focus on sizing and timing by using sophisticated statistical techniques to breach communication privacy, i.e. the attacker can track the incoming and outcoming traffic from/to Tor network, so he can confirm with a high probability that the specific communication patterns are communicated with each other [80,73,79]. An attacker can be a malicious OR1 (entry router), so it can de-anonymize the client Tor easily. ...
Thesis
Full-text available
We tackle the problem of privacy breaching in IPv6 Low power Wireless Personal Area Networks (6LoWPAN)-based Internet of Things (IoT) networks where an attacker may be able to identify the communicating entities. We propose three contributions which are: (i) survey: we thoroughly expose the prime focus of the existing solutions on communication identifiers privacy in 6LoWPANs, clarifying the important information about: at which layer the solutions operate, based on which protocol, against which attack, for which application, based on simulations or real prototypes, which sensitive information or communication identifiers are protected, which Privacy-Preserving Technique (PPT) is used, and how long is the duration of the protection against privacy attacks. (ii) uOTA: based on the One Time Address (OTA) approach proposed for the traditional Internet, with a focus on low complexity, memory footprint, and energy consumption, uOTA uses just one IPv6 address to send or to receive one packet. (iii) ACFI which is based on: (1) anonymizing both IP and MAC addresses, as well as port number at the source host, using a random pseudonyming scheme, and (2) anonymizing the IP address and port number of the destination host, using a Tor-like network. We analysed the effect of the Tor entry node location on the performance of our solution in three different scenarios: the Tor entry node is located (a) inside the 6LoWPAN, (b) at the 6LBR gateway, or (c) completely outside the 6LoWPAN. Using Cooja simulator, we showed that our solutions (uOTA and ACFI) outperformed state-of-the-art solutions by making it more difficult to identify communication flows by improving the anonymity and unlinkability of the communicating entities without significantly affecting energy consumption, communication delay, and network bandwidth.
... As shown in Section 3, there has been a number of solutions proposed in the 7 context of 6LoWPANs. Most of these solutions only considered a part of the problem in a particular context, such as anonymizing 8 the source node identity and overlooking the destination one, anonymizing nodes identities without taking into account linkability, 9 etc. 10 In this paper, we propose a global solution that takes into account anonymizing both source and destination addresses, port 11 numbers, as well as source MAC addresses, to make it difficult for attackers to de-anonymize sources or destination identities or 12 find relationships between them, with the following as main contributions: 13 ...
... constraints: the limitations of Tor to TCP flows [8] and the partial support of IPv6 addresses. Indeed, only the communication 5 ...
... The routers (also called Onion Routers (ORs)) ensure 25 that the original source identity becomes anonymous, while the exit node makes sure that the messages reach the destination and 26 also routes the responses back to the source node through the Tor network. More details can be found in [8,19]. 27 ...
Article
We tackle the problem of privacy breaching in IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) where an attacker may be able to identify the communicating entities. We propose a solution based on: (i) anonymizing both IP and MAC addresses, as well as port number at the source host, using a random pseudonyming scheme, and (ii) anonymizing the IP address and port number of the destination host, using a Tor-like network. We analyzed the effect of the Tor entry node location on the performance of our solution in three different scenarios: the Tor entry node is located (i) inside the 6LoWPAN, (ii) at the IPv6 Low-power Border Router (6LBR), or (iii) completely outside the 6LoWPAN. Using Cooja simulator, we showed that our solution outperforms state-of-the-art solutions by making it more difficult to identify communication flows by improving the anonymity and unlinkability of the communicating entities without significantly affecting energy consumption, communication delay, and network bandwidth.