Skip to main content
SpringerLink
Log in

Identification of MEEK-Based TOR Hidden Service Access Using the Key Packet Sequence

  • Conference paper
  • First Online:
Computational Science – ICCS 2022 (ICCS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13350))

Included in the following conference series:

Abstract

Tor enables end user the desirable cyber anonymity with obfuscation technologies like MEEK. However, it has also manifested itself a wide shield for various illegal hidden services involved cyber criminals, motivating the urgent need of deanonymization technologies. In this paper, we propose a novel communication fingerprint abstracted from key packet sequences, and attempt to efficiently identify end users MEEK-based access to Tor hidden services. Specifically, we investigate the communication fingerprint during the early connection stage of MEEK-based Tor rendezvous establishment, and make use of deep neural network to automatically learn and form a key packet sequence. Unlike most of existing approaches that rely on the entire long communication packet sequence, experiments demonstrate that our key packet sequence enabled scheme can significantly reduce both the time and hardware resource consumption for the identification task by 23%–37% and 80%–86%, respectively, while being able to keep a slightly better accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The dataset can be found on the following URL: https://github.com/Meiqiw/meek-mingan/.

  2. 2.

    As the prior work, we chose hidden services based on the list provided by the .onion search engine http://www.ahmia.fi/.

References

  1. Tor project, users - tor metrics. https://metrics.torproject.org/userstats-relay-country.html?start=2021-11-20&end=2022-01-20&country=all&events=off. Accessed Jan 2022

  2. Tor specification. https://gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt

  3. Angel, Y., Winter, P.: obfs4 (the obfourscator), May 2014. https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt

  4. Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. Arch. Neurol. 2(3), 293 (2012)

    Google Scholar 

  5. Fifield, D., Lan, C., Hynes, R., Wegmann, P., Paxson, V.: Blocking-resistant communication through domain fronting. Proc. Priv. Enhancing Technol. 2015(2), 46–64 (2015)

    Article  Google Scholar 

  6. Guan, Z., Gou, G., Guan, Y., Wang, B.: An empirical analysis of plugin-based tor traffic over SSH tunnel. In: MILCOM 2019–2019 IEEE Military Communications Conference (MILCOM), pp. 616–621. IEEE (2019)

    Google Scholar 

  7. Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: USENIX Security Symposium, pp. 1187–1203 (2016)

    Google Scholar 

  8. Jansen, R., Juárez, M., Galvez, R., Elahi, T., Díaz, C.: Inside job: applying traffic analysis to measure tor from within. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February 2018. The Internet Society (2018)

    Google Scholar 

  9. Kwon, A., Alsabah, M., Lazar, D., Dacier, M., Devadas, S.: Circuit fingerprinting attacks: passive deanonymization of tor hidden services. In: Usenix Security Symposium, pp. 287–302 (2015)

    Google Scholar 

  10. Panchenko, A., et al.: Website fingerprinting at internet scale. In: NDSS (2016)

    Google Scholar 

  11. Panchenko, A., Mitseva, A., Henze, M., Lanze, F., Wehrle, K., Engel, T.: Analysis of fingerprinting techniques for tor hidden services. In: Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, Dallas, TX, USA, 30 October - 3 November 2017, pp. 165–175. ACM (2017)

    Google Scholar 

  12. Rimmer, V., Preuveneers, D., Juarez, M., Van Goethem, T., Joosen, W.: Automated website fingerprinting through deep learning. In: Network & Distributed System Security Symposium (NDSS) (2018)

    Google Scholar 

  13. Shahbar, K., Zincir-Heywood, A.N.: An analysis of tor pluggable transports under adversarial conditions. In: 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1–7. IEEE (2017)

    Google Scholar 

  14. Sheffey, S., Aderholdt, F.: Improving meek with adversarial techniques. In: 9th \(\{\)USENIX\(\}\) Workshop on Free and Open Communications on the Internet (\(\{\)FOCI\(\}\) 19) (2019)

    Google Scholar 

  15. Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928–1943 (2018)

    Google Scholar 

  16. Soleimani, M.H.M., Mansoorizadeh, M., Nassiri, M.: Real-time identification of three tor pluggable transports using machine learning techniques. J. Supercomput. 74(10), 4910–4927 (2018)

    Article  Google Scholar 

  17. Syverson, P., Dingledine, R., Mathewson, N.: Tor: the second generation onion router. In: Usenix Security, pp. 303–320 (2004)

    Google Scholar 

  18. Wang, L., Dyer, K.P., Akella, A., Ristenpart, T., Shrimpton, T.: Seeing through network-protocol obfuscation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 57–69 (2015)

    Google Scholar 

  19. Wang, M., Li, Y., Wang, X., Liu, T., Shi, J., Chen, M.: 2ch-TCN: a website fingerprinting attack over tor using 2-channel temporal convolutional networks. In: 2020 IEEE Symposium on Computers and Communications (ISCC), pp. 1–7 (2020). https://doi.org/10.1109/ISCC50000.2020.9219717

  20. Wang, T., Goldberg, I.: Improved website fingerprinting on tor. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, pp. 201–212. ACM (2013)

    Google Scholar 

  21. Xie, H., Wang, L., Yin, S., Zhao, H., Shentu, H.: Adaptive meek technology for anti-traffic analysis. In: 2020 International Conference on Networking and Network Applications (NaNA), pp. 102–107. IEEE (2020)

    Google Scholar 

  22. Yao, Z., et al.: Meek-based tor traffic identification with hidden Markov model. In: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 335–340. IEEE (2018)

    Google Scholar 

Download references

Acknowledgements

This work is supported by the Fundamental Research Program(JCKY2019211B001), the Key Research and Development Program for Guangdong Province under grant(No.2019B010137003) and the Strategic Priority Research Program of the Chinese Academy of Sciences with No. XDC02030000.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Xuebin Wang & Meiqi Wang

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Xuebin Wang & Meiqi Wang

  3. School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China

    Zeyu Li, Wentao Huang, Shengli Pan & Jinqiao Shi

  4. National Internet Emergency Center(CNCERT/CC), Beijing, China

    Zhipeng Chen

Authors
  1. Xuebin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhipeng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zeyu Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wentao Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Meiqi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Shengli Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Jinqiao Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Zeyu Li or Jinqiao Shi .

Editor information

Editors and Affiliations

  1. Brunel University London, London, UK

    Derek Groen

  2. University of Amsterdam, Amsterdam, The Netherlands

    Clélia de Mulatier

  3. AGH University of Science and Technology, Krakow, Poland

    Maciej Paszynski

  4. University of Amsterdam, Amsterdam, The Netherlands

    Valeria V. Krzhizhanovskaya

  5. University of Tennessee at Knoxville, Knoxville, TN, USA

    Jack J. Dongarra

  6. University of Amsterdam, Amsterdam, The Netherlands

    Peter M. A. Sloot

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, X. et al. (2022). Identification of MEEK-Based TOR Hidden Service Access Using the Key Packet Sequence. In: Groen, D., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds) Computational Science – ICCS 2022. ICCS 2022. Lecture Notes in Computer Science, vol 13350. Springer, Cham. https://doi.org/10.1007/978-3-031-08751-6_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-08751-6_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-08750-9

  • Online ISBN: 978-3-031-08751-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation