Abstract
Tor enables end user the desirable cyber anonymity with obfuscation technologies like MEEK. However, it has also manifested itself a wide shield for various illegal hidden services involved cyber criminals, motivating the urgent need of deanonymization technologies. In this paper, we propose a novel communication fingerprint abstracted from key packet sequences, and attempt to efficiently identify end users MEEK-based access to Tor hidden services. Specifically, we investigate the communication fingerprint during the early connection stage of MEEK-based Tor rendezvous establishment, and make use of deep neural network to automatically learn and form a key packet sequence. Unlike most of existing approaches that rely on the entire long communication packet sequence, experiments demonstrate that our key packet sequence enabled scheme can significantly reduce both the time and hardware resource consumption for the identification task by 23%–37% and 80%–86%, respectively, while being able to keep a slightly better accuracy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The dataset can be found on the following URL: https://github.com/Meiqiw/meek-mingan/.
- 2.
As the prior work, we chose hidden services based on the list provided by the .onion search engine http://www.ahmia.fi/.
References
Tor project, users - tor metrics. https://metrics.torproject.org/userstats-relay-country.html?start=2021-11-20&end=2022-01-20&country=all&events=off. Accessed Jan 2022
Tor specification. https://gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt
Angel, Y., Winter, P.: obfs4 (the obfourscator), May 2014. https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt
Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. Arch. Neurol. 2(3), 293 (2012)
Fifield, D., Lan, C., Hynes, R., Wegmann, P., Paxson, V.: Blocking-resistant communication through domain fronting. Proc. Priv. Enhancing Technol. 2015(2), 46–64 (2015)
Guan, Z., Gou, G., Guan, Y., Wang, B.: An empirical analysis of plugin-based tor traffic over SSH tunnel. In: MILCOM 2019–2019 IEEE Military Communications Conference (MILCOM), pp. 616–621. IEEE (2019)
Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: USENIX Security Symposium, pp. 1187–1203 (2016)
Jansen, R., Juárez, M., Galvez, R., Elahi, T., Díaz, C.: Inside job: applying traffic analysis to measure tor from within. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February 2018. The Internet Society (2018)
Kwon, A., Alsabah, M., Lazar, D., Dacier, M., Devadas, S.: Circuit fingerprinting attacks: passive deanonymization of tor hidden services. In: Usenix Security Symposium, pp. 287–302 (2015)
Panchenko, A., et al.: Website fingerprinting at internet scale. In: NDSS (2016)
Panchenko, A., Mitseva, A., Henze, M., Lanze, F., Wehrle, K., Engel, T.: Analysis of fingerprinting techniques for tor hidden services. In: Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, Dallas, TX, USA, 30 October - 3 November 2017, pp. 165–175. ACM (2017)
Rimmer, V., Preuveneers, D., Juarez, M., Van Goethem, T., Joosen, W.: Automated website fingerprinting through deep learning. In: Network & Distributed System Security Symposium (NDSS) (2018)
Shahbar, K., Zincir-Heywood, A.N.: An analysis of tor pluggable transports under adversarial conditions. In: 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1–7. IEEE (2017)
Sheffey, S., Aderholdt, F.: Improving meek with adversarial techniques. In: 9th \(\{\)USENIX\(\}\) Workshop on Free and Open Communications on the Internet (\(\{\)FOCI\(\}\) 19) (2019)
Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928–1943 (2018)
Soleimani, M.H.M., Mansoorizadeh, M., Nassiri, M.: Real-time identification of three tor pluggable transports using machine learning techniques. J. Supercomput. 74(10), 4910–4927 (2018)
Syverson, P., Dingledine, R., Mathewson, N.: Tor: the second generation onion router. In: Usenix Security, pp. 303–320 (2004)
Wang, L., Dyer, K.P., Akella, A., Ristenpart, T., Shrimpton, T.: Seeing through network-protocol obfuscation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 57–69 (2015)
Wang, M., Li, Y., Wang, X., Liu, T., Shi, J., Chen, M.: 2ch-TCN: a website fingerprinting attack over tor using 2-channel temporal convolutional networks. In: 2020 IEEE Symposium on Computers and Communications (ISCC), pp. 1–7 (2020). https://doi.org/10.1109/ISCC50000.2020.9219717
Wang, T., Goldberg, I.: Improved website fingerprinting on tor. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, pp. 201–212. ACM (2013)
Xie, H., Wang, L., Yin, S., Zhao, H., Shentu, H.: Adaptive meek technology for anti-traffic analysis. In: 2020 International Conference on Networking and Network Applications (NaNA), pp. 102–107. IEEE (2020)
Yao, Z., et al.: Meek-based tor traffic identification with hidden Markov model. In: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 335–340. IEEE (2018)
Acknowledgements
This work is supported by the Fundamental Research Program(JCKY2019211B001), the Key Research and Development Program for Guangdong Province under grant(No.2019B010137003) and the Strategic Priority Research Program of the Chinese Academy of Sciences with No. XDC02030000.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, X. et al. (2022). Identification of MEEK-Based TOR Hidden Service Access Using the Key Packet Sequence. In: Groen, D., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds) Computational Science – ICCS 2022. ICCS 2022. Lecture Notes in Computer Science, vol 13350. Springer, Cham. https://doi.org/10.1007/978-3-031-08751-6_40
Download citation
DOI: https://doi.org/10.1007/978-3-031-08751-6_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-08750-9
Online ISBN: 978-3-031-08751-6
eBook Packages: Computer ScienceComputer Science (R0)