Anonymity systems such as Tor aim to enable users to communicate in a mannerthat is untraceable by adversaries that control a small number of machines. Toprovide efficient service to users, these anonymity systems make full use offorwarding capacity when sending traffic between intermediate relays. In thispaper, we show that doing this leaks information about the set of Tor relays ina circuit (path). We present attacks that, with high confidence and basedsolely on throughput information, can (a) reduce the attacker's uncertaintyabout the bottleneck relay of any Tor circuit whose throughput can be observed,(b) exactly identify the guard relay(s) of a Tor user when circuit throughputcan be observed over multiple connections, and (c) identify whether twoconcurrent TCP connections belong to the same Tor user, breaking unlinkability.Our attacks are stealthy, and cannot be readily detected by a user or by Torrelays. We validate our attacks using experiments over the live Tor network. Wefind that the attacker can substantially reduce the entropy of a bottleneckrelay distribution of a Tor circuit whose throughput can be observed-theentropy gets reduced by a factor of 2 in the median case. Such informationleaks from a single Tor circuit can be combined over multiple connections toexactly identify a user's guard relay(s). Finally, we are also able to link twoconnections from the same initiator with a crossover error rate of less than1.5% in under 5 minutes. Our attacks are also more accurate and require fewerresources than previous attacks on Tor.
展开▼