Figure 3 - uploaded by Saad Saleh
Content may be subject to copyright.
Taxonomy of Tor research. Tor literature can be broadly classified into three areas: deanonymization, path selection, and performance analysis and architectural improvements. 

Taxonomy of Tor research. Tor literature can be broadly classified into three areas: deanonymization, path selection, and performance analysis and architectural improvements. 

Source publication
Article
Full-text available
Anonymity services have seen high growth rates with increased usage in the past few years. Among various services, Tor is one of the most popular peer-to-peer anonymizing service. In this survey paper, we summarize, analyze, classify and quantify 26 years of research on the Tor network. Our research shows that `security' and `anonymity' are the mos...

Context in source publication

Context 1
... our review, we observed that research works on Tor could be broadly classified into three tracks/categories which include (1) deanonymization, (2) path selection, and (3) Analysis and performance improvement. Figure 3 shows the classification of our survey paper along with a list of all research works present in various subcategories. ...

Similar publications

Preprint
Full-text available
Background: COVID-19 caused the worst international public health crisis, accompanied by major global economic downturns, mass-scale job losses, which impacted on the psychosocial wellbeing of the worldwide population. This study examined factors associated with psychosocial distress, fear of COVID-19 and coping strategies amongst the general popul...

Citations

... The main idea is to hide communication metadata (like who communicates with whom) to a local eavesdropper. While there has been a lot of research on Tor and JonDonym [37,47], the large majority of it is of technical nature and does not consider the users and their perceptions. That changed with a series of papers investigating reasons for the (non-)adoption of Tor [20] and JonDonym [17]. ...
Article
Users report that they have regretted accidentally sharing personal information on social media. There have been proposals to help protect the privacy of these users, by providing tools which analyze text or images and detect personal information or privacy disclosure with the objective to alert the user of a privacy risk and transform the content. However, these proposals rely on having access to users' data and users have reported that they have privacy concerns about the tools themselves. In this study, we investigate whether these privacy concerns are unique to privacy tools or whether they are comparable to privacy concerns about non-privacy tools that also process personal information. We conduct a user experiment to compare the level of privacy concern towards privacy tools and non-privacy tools for text and image content, qualitatively analyze the reason for those privacy concerns, and evaluate which assurances are perceived to reduce that concern. The results show privacy tools are at a disadvantage: participants have a higher level of privacy concern about being surveilled by the privacy tools, and the same level concern about intrusion and secondary use of their personal information compared to non-privacy tools. In addition, the reasons for these concerns and assurances that are perceived to reduce privacy concern are also similar. We discuss what these results mean for the development of privacy tools that process user content.
... The experiments demonstrate that Tor anonymous traffic is recognized at a rate of more than 99%, with classification accuracy reaching 94%. The authors of [45] conducted a thorough analysis of Tor traffic classification, quantification, and comparison of various strategies for deanonymization, path selection, and increasing the performance of encrypted communication in the Darknet. ...
Article
Full-text available
The massive modern technical revolution in electronics, cognitive computing, and sensing has provided critical infrastructure for the development of today’s Internet of Things (IoT) for a wide range of applications. However, because endpoint devices’ computing, storage, and communication capabilities are limited, IoT infrastructures are exposed to a wide range of cyber-attacks. As such, Darknet or blackholes (sinkholes) attacks are significant, and recent attack vectors that are launched against several IoT communication services. Since Darknet address space evolved as a reserved internet address space that is not contemplated to be used by legitimate hosts globally, any communication traffic is speculated to be unsolicited and distinctively deemed a probe, backscatter, or misconfiguration. Thus, in this paper, we develop, investigate, and evaluate the performance of machine-learning-based Darknet traffic detection systems (DTDS) in IoT networks. Mainly, we make use of six supervised machine-learning techniques, including bagging decision tree ensembles (BAG-DT), AdaBoost decision tree ensembles (ADA-DT), RUSBoosted decision tree ensembles (RUS-DT), optimizable decision tree (O-DT), optimizable k-nearest neighbor (O-KNN), and optimizable discriminant (O-DSC). We evaluate the implemented DTDS models on a recent and comprehensive dataset, known as the CIC-Darknet-2020 dataset, composed of contemporary actual IoT communication traffic involving four different classes that combine VPN and Tor traffic in a single dataset covering a wide range of captured cyber-attacks and hidden services provided by the Darknet. Our empirical performance analysis demonstrates that bagging ensemble techniques (BAG-DT) offer better accuracy and lower error rates than other implemented supervised learning techniques, scoring a 99.50% of classification accuracy with a low inferencing overhead of 9.09 µ second. Finally, we also contrast our BAG-DT-DTDS with other existing DTDS models and demonstrate that our best results are improved by (1.9~27%) over the former state-of-the-art models.
... Darknet trhy fungují spíše krátkodobě a jsou přístupné prostřednictvím společností "Tor", "Dream market" nebo "Tochka", které provozují překryvnou síť anonymních serverů a maskování původních IP adres uživatelů. Anonymita je zajišťována i použitím kryptoměn, například bitcoin nebo monero pro elektronické platby [24,25]. ...
Article
Full-text available
A synthetic opioid called fentanyl is a well-known therapeutic agent for the relief of chronic and extreme pain. In medical practice, it is applied to patients in several ways. Outside medical facilities, patients are mainly helped by the application of patches, from which the active substance is gradually released and penetrates transdermally into the body. However, fentanyl and its derivatives also have side effects, which are a danger, especially in the case of unprofessional treatment and targeted abuse by drug addicts. In recent years, there has been a relatively high number of cases worldwide where fentanyl has been extracted from a transdermal patch and an overdose has occurred.
... Darknet trhy fungují spíše krátkodobě a jsou přístupné prostřednictvím společností "Tor", "Dream market" nebo "Tochka", které provozují překryvnou síť anonymních serverů a maskování původních IP adres uživatelů. Anonymita je zajišťována i použitím kryptoměn, například bitcoin nebo monero pro elektronické platby [24,25]. ...
Article
Syntetický opioid s názvem fentanyl je známým terapeutickým prostředkem k tlumení chronické i extrémní bolesti. V medicínské praxi je pacientům aplikován několikero způsoby. Mimo zdravotnická zařízení pacientům pomáhá především aplikace náplastí, z nich je účinná látka postupně uvolňována a proniká transdermálně do organismu. Fentanyl a jeho deriváty ovšem vykazují i nežádoucí účinky, jež představují nebezpečí především v případě neodborného zacházení a cíleného zneužívání drogově závislými jedinci. V uplynulých letech bylo celosvětově evidováno poměrně vysoké množství případů, kdy byl fentanyl z náplasti extrahován a došlo k předávkování uživatele.
... The main function that provides Tor to any citizen is, through a set of nodes in the Tor network, to protect his/her anonymity by hiding his/her network IP address [1]. The security and anonymity of Tor have been deeply studied in many works [2,5], and although different types of attacks are possible [3,6], the research community is working toward providing solutions to the different attacks [5,7,8]. ...
... The main function that provides Tor to any citizen is, through a set of nodes in the Tor network, to protect his/her anonymity by hiding his/her network IP address [1]. The security and anonymity of Tor have been deeply studied in many works [2,5], and although different types of attacks are possible [3,6], the research community is working toward providing solutions to the different attacks [5,7,8]. ...
... As mentioned previously, due to its popularity and the services it offers, Tor has been broadly studied and many issues regarding it have been analysed. It has been analysed both from the user's point of view [17] and a technical point of view [5,12,15]. Technical studies are the most common analyses. ...
Article
Full-text available
Anonymous communications networks were created to protect the privacy of communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features. Among them, we can mention that Tor can hide a user’s IP address when accessing to a service such as the Web, and it also supports Tor hidden services (THS) (now named onion services) as a mechanism to conceal the server’s IP address, used mainly to provide anonymity to websites. THS is an important research field in Tor. However, there is a lack of reviews that sum up the main findings and research challenges. In this article, we present a systematic literature review that aims to offer a comprehensive overview of the research made on THS by presenting the state-of-the-art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and presents main findings and advances regarding Tor hidden services, limitations found, and future issues to be investigated.
... The main function that provides Tor to any citizen is, through a set nodes in the Tor network, protect his/her anonymity by hiding his/her network IP address [1]. The security and anonymity of Tor has been deeply studied in many works and, although, different types of attacks are possible [3,4], the research community is working in providing solutions to the different attacks [5][6][7]. ...
... As mentioned previously, due to its popularity and the services it offers, Tor has been broadly studied and many issues regarding it has been analysed. It has been analysed both from user's point of view [14] and a technical point of view [5,11,13]. Being the technical studies the most common. In a taxonomy presented by Saleh et al. [5], they classify Tor research topics in deanonymization, performance analysis and architectural improvements, and path selection. ...
... Being the technical studies the most common. In a taxonomy presented by Saleh et al. [5], they classify Tor research topics in deanonymization, performance analysis and architectural improvements, and path selection. Within these topics, we can found THS. ...
Preprint
Full-text available
Anonymous communications networks were born to protect the privacy of our communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features, among them, we can mention user’s IP location or Tor Hidden Services (THS) as a mechanism to conceal the location of servers, mainly, web servers. THS is an important research field in Tor. However, there is a lack of reviews that sump up main findings and research challenges. In this article we present a systematic literature review that aims to offer a comprehensive view on the research made on Tor Hidden services presenting the state of the art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and present main findings and advances regarding Tor Hidden Services, limitations found, and future issues to be investigated.
... Although there are some past surveys of Tor attacks, most consider all types of Tor attacks, while we have narrowed the scope to only include de-anonymisation attacks. Our survey covers about 30 more de-anonymisation attacks than most past surveys [9], [10], [11], [12]. Moreover, we discuss more than 15 de-anonymisation attacks published after 2016 (not reported in most of the previous works [10], [13], [14]), including attacks that use advanced techniques such as deep learning. ...
... A survey on a vast area of overall Tor research (performance, architectural improvements, attacks, and experimentation) was published in 2018 [11]. In their paper, Saleh et al. [11] divide all Tor research into three main categories: deanonymisation, path selection and performance analysis, and architectural improvements. ...
... A survey on a vast area of overall Tor research (performance, architectural improvements, attacks, and experimentation) was published in 2018 [11]. In their paper, Saleh et al. [11] divide all Tor research into three main categories: deanonymisation, path selection and performance analysis, and architectural improvements. The de-anonymisation category is discussed under six sub-categories: 1. HS identification, 2. Tor traffic identification, 3. Attacks on Tor, 4. Tor traffic analysis attacks, 5. Tor improvements, and 6. ...
Article
Full-text available
Anonymity networks are becoming increasingly popular in today’s online world as more users attempt to safeguard their online privacy. Tor is currently the most popular anonymity network in use and provides anonymity to both users and services (hidden services). However, the anonymity provided by Tor is also being misused in various ways. Hosting illegal sites for selling drugs, hosting command and control servers for botnets, and distributing censored content are but a few such examples. As a result, various parties, including governments and law enforcement agencies, are interested in attacks that assist in de-anonymising the Tor network, disrupting its operations, and bypassing its censorship circumvention mechanisms. In this survey paper, we review known Tor attacks and identify current techniques for the de-anonymisation of Tor users and hidden services. We discuss these techniques and analyse the practicality of their execution method. We conclude by discussing improvements to the Tor framework that help prevent the surveyed de-anonymisation attacks.
... There are many mechanisms of IPv4/IPv6 translation [85]. With Tor, there are some powerful traffic analysis attacks who focus on sizing and timing by using sophisticated statistical techniques to breach communication privacy, i.e. the attacker can track the incoming and outcoming traffic from/to Tor network, so he can confirm with a high probability that the specific communication patterns are communicated with each other [80,73,79]. An attacker can be a malicious OR1 (entry router), so it can de-anonymize the client Tor easily. ...
Thesis
Full-text available
We tackle the problem of privacy breaching in IPv6 Low power Wireless Personal Area Networks (6LoWPAN)-based Internet of Things (IoT) networks where an attacker may be able to identify the communicating entities. We propose three contributions which are: (i) survey: we thoroughly expose the prime focus of the existing solutions on communication identifiers privacy in 6LoWPANs, clarifying the important information about: at which layer the solutions operate, based on which protocol, against which attack, for which application, based on simulations or real prototypes, which sensitive information or communication identifiers are protected, which Privacy-Preserving Technique (PPT) is used, and how long is the duration of the protection against privacy attacks. (ii) uOTA: based on the One Time Address (OTA) approach proposed for the traditional Internet, with a focus on low complexity, memory footprint, and energy consumption, uOTA uses just one IPv6 address to send or to receive one packet. (iii) ACFI which is based on: (1) anonymizing both IP and MAC addresses, as well as port number at the source host, using a random pseudonyming scheme, and (2) anonymizing the IP address and port number of the destination host, using a Tor-like network. We analysed the effect of the Tor entry node location on the performance of our solution in three different scenarios: the Tor entry node is located (a) inside the 6LoWPAN, (b) at the 6LBR gateway, or (c) completely outside the 6LoWPAN. Using Cooja simulator, we showed that our solutions (uOTA and ACFI) outperformed state-of-the-art solutions by making it more difficult to identify communication flows by improving the anonymity and unlinkability of the communicating entities without significantly affecting energy consumption, communication delay, and network bandwidth.
... As shown in Section 3, there has been a number of solutions proposed in the 7 context of 6LoWPANs. Most of these solutions only considered a part of the problem in a particular context, such as anonymizing 8 the source node identity and overlooking the destination one, anonymizing nodes identities without taking into account linkability, 9 etc. 10 In this paper, we propose a global solution that takes into account anonymizing both source and destination addresses, port 11 numbers, as well as source MAC addresses, to make it difficult for attackers to de-anonymize sources or destination identities or 12 find relationships between them, with the following as main contributions: 13 ...
... constraints: the limitations of Tor to TCP flows [8] and the partial support of IPv6 addresses. Indeed, only the communication 5 ...
... The routers (also called Onion Routers (ORs)) ensure 25 that the original source identity becomes anonymous, while the exit node makes sure that the messages reach the destination and 26 also routes the responses back to the source node through the Tor network. More details can be found in [8,19]. 27 ...
Article
We tackle the problem of privacy breaching in IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) where an attacker may be able to identify the communicating entities. We propose a solution based on: (i) anonymizing both IP and MAC addresses, as well as port number at the source host, using a random pseudonyming scheme, and (ii) anonymizing the IP address and port number of the destination host, using a Tor-like network. We analyzed the effect of the Tor entry node location on the performance of our solution in three different scenarios: the Tor entry node is located (i) inside the 6LoWPAN, (ii) at the IPv6 Low-power Border Router (6LBR), or (iii) completely outside the 6LoWPAN. Using Cooja simulator, we showed that our solution outperforms state-of-the-art solutions by making it more difficult to identify communication flows by improving the anonymity and unlinkability of the communicating entities without significantly affecting energy consumption, communication delay, and network bandwidth.
... Most research on Tor's hidden service network has focused on de-anonymisation and security (Saleh, Qadir & Ilyas, 2018), although there has been a focus on illicit drug markets by criminologists and drug and addiction scholars (see e.g. International Journal of Drug Policy). ...
Method
Full-text available
Since the advent of darknet markets, or illicit cryptomarkets, there has been a sustained interest in studying their operations: the actors, products, payment methods, and so on. However, this research has been limited by a variety of obstacles, including the difficulty in obtaining reliable and representative data, which present challenges to undertaking a complete and systematic study. The Australian National University’s Cybercrime Observatory has developed tools that can be used to collect and analyse data obtained from darknet markets. This paper describes these tools in detail. While the proposed methods are not error-free, they provide a further step in providing a transparent and comprehensive solution for observing darknet markets tailored for data scientists, social scientists, criminologists and others interested in analysing trends from darknet markets.