Tor: Hidden Services and Deanonymisation

Presented at 31C3 (2014), Dec. 30, 2014, 5:15 p.m. (60 minutes).

This talk presents the results from what we believe to be one of the largest studies into Tor Hidden Services (The Darknet) to date.

There is no public list of onion addresses available; instead, over a period of 6 months, we ran a large number of Tor relays to infiltrate the Distributed Hash Table which Hidden Services publish to. From this, we were able to collect the list of Tor onion addresses AND the number of requests for each site (e.g. loosely analogous to the number of visitors).

We then used a custom web crawler to crawl all the hidden services and pull a large set of information from each. From this, in this talk, we present a the information we found, from the list of the top onion addresses by content type and by popularity to estimates on size and turnover. We will also present what the largest proportion of Tor Hidden Service traffic is (it isn't pretty, and it's not drugs/silk road!).

Finally, I will explain the main classes of attacks useful for deanonymising the Hidden Services and Tor users. Sadly, it's easier than the Tor user-base at large think and thus far, there have been no patches or fixes for these attacks and there isn't likely to be because they exploit fundamental weaknesses in the way Tor works.


Presenters:

  • Dr Gareth Owen
    Senior Lecturer at the University of Portsmouth with an interest in Cryptography and Cyber Security. Senior Lecturer at the University of Portsmouth with an interest in Cryptography and Cyber Security.

Links:

Similar Presentations: