Per Connection Server-Side Identification of Connections via Tor

Author

Springall, Andrew ; DeVito, Christopher ; Huang, Shou-Hsuan Stephen

Author_Institution

Comput. Sci. & Eng., Univ. of Michigan, Ann Arbor, MI, USA

fYear

2015

fDate

24-27 March 2015

Firstpage

727

Lastpage

734

Abstract

This paper presents two new and novel methods to separate network connections between those that have originated behind the Tor network and those that have not. Our methods identify Tor inbound connections through the use of two distinct timing signatures, delay and round-trip time, that can be used to create effective metrics. In order to evaluate our methods´ ability to correctly identify Tor connections, we present the results of two small-scale experiments, one testing performance with HTTP traffic and the other testing SSH. These experiments resulted in very high accuracy rates (100% and 98.99% respectively) when partitioning network connections into Tor and non-Tor originating connections. Through the use of our techniques, we believe that inbound connections that have traversed the Tor network can be identified on a per-connection basis rather than the current per-IP basis.

Keywords

computer network security; HTTP traffic; SSH; Tor inbound connections; Tor network; computer security; connection server-side identification; intrusion detection; the onion router; Browsers; Cryptography; Delays; IP networks; Protocols; Relays; Servers; HTTP; Intrusion detection; SSH; Tor; computer security; stepping-stone;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on

Conference_Location

Gwangiu

ISSN

1550-445X

Print_ISBN

978-1-4799-7904-2

Type

conf

DOI

10.1109/AINA.2015.260

Filename

7098045