Wentao Huang’s research while affiliated with Beijing University of Posts and Telecommunications and other places

Criminals exploit the robust anonymity afforded by Tor for illicit purposes, prompting heightened interest among researchers in de-anonymization attacks on the Tor network. The execution of experiments on de-anonymization attacks within a real Tor network presents considerable challenges, hence the necessity for a simulation environment. However, existing methods for simulating the Tor network are inadequate regarding realism, flexibility, and scalability, with some being prohibitively expensive. In this paper, we develop a lightweight and scalable Tor network simulation environment based on Kubernetes (K8s), employing Docker containers to simulate Tor relays. The results demonstrate that a network of up to a thousand Tor relays can be simulated using just four standard hosts. Furthermore, two de-anonymization attack experiments were conducted within this simulated environment, which exhibited high levels of realism and flexibility. Finally, a hybrid networking approach combining multi-granularity relays was explored to enhance further the balance between realism and cost in Tor network simulations.

Tor enables end user the desirable cyber anonymity with obfuscation technologies like MEEK. However, it has also manifested itself a wide shield for various illegal hidden services involved cyber criminals, motivating the urgent need of deanonymization technologies. In this paper, we propose a novel communication fingerprint abstracted from key packet sequences, and attempt to efficiently identify end users MEEK-based access to Tor hidden services. Specifically, we investigate the communication fingerprint during the early connection stage of MEEK-based Tor rendezvous establishment, and make use of deep neural network to automatically learn and form a key packet sequence. Unlike most of existing approaches that rely on the entire long communication packet sequence, experiments demonstrate that our key packet sequence enabled scheme can significantly reduce both the time and hardware resource consumption for the identification task by 23%–37% and 80%–86%, respectively, while being able to keep a slightly better accuracy.KeywordsTorHidden serviceTraffic analysisMEEK