Opened 3 years ago

Closed 3 years ago

#20416 closed enhancement (duplicate)

The Effect of DNS on Tor's Anonymity

Reported by: ufd33 Owned by:
Priority: Very High Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Critical Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We show how an attacker can use DNS requests to mount highly precise website fingerprinting attacks: Mapping DNS traffic to websites is highly accurate even with simple techniques, and correlating the observed websites with a website fingerprinting attack greatly improves the precision when monitoring relatively unpopular websites. Our results show that DNS requests from Tor exit relays traverse numerous autonomous systems that subsequent web traffic does not traverse. We also find that a set of exit relays, at times comprising 40% of Tor’s exit bandwidth, uses Google’s public DNS servers—an alarmingly high number for a single organization. We believe that Tor relay operators should take steps to ensure that the network maintains more diversity into how exit relays resolve DNS domains.

full text:
We show how an attacker can use DNS requests to mount highly precise website fingerprinting attacks: Mapping DNS traffic to websites is highly accurate even with simple techniques, and correlating the observed websites with a website fingerprinting attack greatly improves the precision when monitoring relatively unpopular websites. Our results show that DNS requests from Tor exit relays traverse numerous autonomous systems that subsequent web traffic does not traverse. We also find that a set of exit relays, at times comprising 40% of Tor’s exit bandwidth, uses Google’s public DNS servers—an alarmingly high number for a single organization. We believe that Tor relay operators should take steps to ensure that the network maintains more diversity into how exit relays resolve DNS domains.

full text:
https://nymity.ch/tor-dns/tor-dns.pdf

webpage:
https://nymity.ch/tor-dns/

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by ufd33

Type: projectenhancement

comment:2 Changed 3 years ago by nickm

We worked with the authors of this paper, and the attacks should be somewhat mitigated by #19769, implemented in Tor 0.3.0.2-alpha

comment:3 Changed 3 years ago by nickm

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.