Traffic flow analysis of tor pluggable transports

  title={Traffic flow analysis of tor pluggable transports},
  author={Khalid Shahbar and Ayse Nur Zincir-Heywood},
  journal={2015 11th International Conference on Network and Service Management (CNSM)},
Tor provides the users the ability to use the Internet anonymously. On the Tor network, the users connect to three relays run by volunteers. The addresses of these relays are publicly available. Some organizations prevent access to Tor by blocking the addresses of these relays. To mitigate this, Tor has introduced the concept of bridges and pluggable transports. Bridges are relays that do not have publicly available addresses so that they can evade the blocking. Pluggable transports are used to… 

Figures and Tables from this paper

An Empirical Analysis of Plugin-Based Tor Traffic over SSH Tunnel

To quantitatively analyze the plugin-based Tor traffic over encrypted tunnels, experiments involving the traffic identification and correlation are performed, demonstrating that Tor traffic encrypted by tunneling protocols is also at risk of anonymity revealing when confronted with traffic analysis.

An analysis of tor pluggable transports under adversarial conditions

This work investigates how well pluggable transports can obfuscate user traffic under adversarial conditions and represents the adversarial environments using the existing traffic analysis systems.

Real-time identification of three Tor pluggable transports using machine learning techniques

An empirical study on detection of three widely used Tor pluggable transports, namely Obfs3, Obfs4, and ScrambleSuit using four learning algorithms and investigates the performance of Adaboost and Random Forests as two ensemble methods.

Detection of Tor Traffic Hiding Under Obfs4 Protocol Based on Two-Level Filtering

A novel scheme for Obfs4 traffic detection based on two-level filtering and fine-grained accurate identification to achieve high-precision, real-time recognition of Obfs3 traffic and indicates that ObFS4 cannot effectively counteract traffic analysis attacks in practical applications.

A Big Data-Enabled Hierarchical Framework for Traffic Classification

BDeH is enabled by big data-paradigm and capitalizes the machine learning workhorse for operating with encrypted traffic and allows for seamless integration of data parallelism provided by big-data technologies with model parallelism enabled by hierarchical approaches.

Application Detection in Anonymous Communication Networks

Three anonymity tools, including TOR, UltraSurf, and ScrambleSuit, have weaknesses against data flow analysis by designing a supervised classification system based on machine learning and traffic classification techniques.

Packet Momentum for Identification of Anonymity Networks

Packet Momentum is a novel approach proposed to identify multilayer-encryption anonymity networks efficiently and accurately and the obfuscations techniques they use.

Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark

This paper provides (repeatable) classification results with the aim of investigating to what degree the specific anonymity tool (and the traffic it hides) can be identified, when compared to the traffic of the other considered anonymity tools, using machine learning approaches based on the sole statistical features.

A review on machine learning-based approaches for Internet traffic classification

A comprehensive review of various data representation methods, and the different objectives of Internet traffic classification and obfuscation techniques, largely considering the ML-based solutions.

Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark (Web)

This paper provides classification results with the aim of investigating to which degree the specific anonymity tool (and the traffic it hides) can be identified, when compared to the traffic of other considered anonymity tools, using five machine learning classifiers.



Using Traffic Analysis to Identify the Second Generation Onion Router

It is demonstrated that traffic from a simulated Tor network can be distinguished from regular encrypted traffic, suggesting that real world Tor users may be vulnerable to the same analysis.

Extensive analysis and large-scale empirical evaluation of tor bridge discovery

This study shows that the bridge discovery based on malicious middle routers is simple, efficient and effective to discover bridges with little overhead.

Stochastic Packet Inspection for TCP Traffic

The concept of Stochastic Packet Inspection (SPI) is extended to support TCP traffic classification, and its performance on real network data is analyzed.

Benchmarking two techniques for Tor classification: Flow level and circuit level classification

This work extended on the previous work to classify the user activities using information extracted from Tor circuits and cells and developed a classification system to identify user activities based on traffic flow features.

Evading Censorship with Browser-Based Proxies

A browser-based proxy creation system that generates a large number of short-lived proxies so that clients using the system seamlessly hop from one proxy to the next as thesebrowser-based proxies appear and disappear.

Breaking and Improving Protocol Obfuscation

This report shows how even obfuscated application layer protocols, such as BitTorrent's MSE protocol and Skype, can be identified by fingerprinting statistically measurable properties of TCP and UDP sessions, and proposes techniques that can improve future versions of obfuscated protocols, inhibiting identification through this type of statistical analysis.

The Parrot Is Dead: Observing Unobservable Network Communications

This work enumerates the requirements that a censorship-resistant system must satisfy to successfully mimic another protocol and concludes that "unobservability by imitation" is a fundamentally flawed approach.

ScrambleSuit: a polymorphic network protocol to circumvent censorship

By using morphing techniques and a secret exchanged out-of-band, ScrambleSuit can defend against active probing and other fingerprinting techniques such as protocol classification and regular expressions and enables effective and lightweight obfuscation for application layer protocols.

How the Great Firewall of China is Blocking Tor

In this paper, this paper investigates how the Great Firewall of China prevents thousands of potential Tor users from accessing the network.

Protocol misidentification made easy with format-transforming encryption

This paper designs an FTE-based record layer that can encrypt arbitrary application-layer traffic, and experimentally shows that this forces misidentification for all of the evaluated DPI systems.