Tor network forensics and hidden service deanonymization

Fatti, Francesco (2016) Tor network forensics and hidden service deanonymization. [Laurea magistrale], Università di Bologna, Corso di Studio in Ingegneria delle telecomunicazioni [LM-DM270], Documento ad accesso riservato.
Documenti full-text disponibili:
[img] Documento PDF
Full-text non accessibile

Download (9MB) | Contatta l'autore

Abstract

The cybernetics revolution of the last years improved a lot our lives, having an immediate access to services and a huge amount of information over the Internet. Nowadays the user is increasingly asked to insert his sensitive information on the Internet, leaving its traces everywhere. But there are some categories of people that cannot risk to reveal their identities on the Internet. Even if born to protect U.S. intelligence communications online, nowadays Tor is the most famous low-latency network, that guarantees both anonymity and privacy of its users. The aim of this thesis project is to well understand how the Tor protocol works, not only studying its theory, but also implementing those concepts in practice, having a particular attention for security topics. In order to run a Tor private network, that emulates the real one, a virtual testing environment has been configured. This behavior allows to conduct experiments without putting at risk anonymity and privacy of real users. We used a Tor patch, that stores TLS and circuit keys, to be given as inputs to a Tor dissector for Wireshark, in order to obtain decrypted and decoded traffic. Observing clear traffic allowed us to well check the protocol outline and to have a proof of the format of each cell. Besides, these tools allowed to identify a traffic pattern, used to conduct a traffic correlation attack to passively deanonymize hidden service clients. The attacker, controlling two nodes of the Tor network, is able to link a request for a given hidden server to the client who did it, deanonymizing him. The robustness of the traffic pattern and the statistics, such as the true positive rate, and the false positive rate, of the attack are object of a potential future work.

Abstract
Tipologia del documento
Tesi di laurea (Laurea magistrale)
Autore della tesi
Fatti, Francesco
Relatore della tesi
Correlatore della tesi
Scuola
Corso di studio
Indirizzo
Communication networks, systems and services
Ordinamento Cds
DM270
Parole chiave
Tor, Network Forensics, Traffic Analysis, Hidden Service, Deanonymization, Traffic Correlation
Data di discussione della Tesi
16 Marzo 2016
URI

Altri metadati

Gestione del documento: Visualizza il documento

^