CARONTE: Measuring the Prevalence of Content Leaks for Deanonymizing Tor Hidden Services

April 7, 2015

Srdjan Matic


CARONTE: Measuring the Prevalence of Content Leaks for Deanonymizing Tor Hidden Services

Time:   10:45am
Location:   Lecture hall 1, level B

Anonymity networks such as Tor are a critical privacy-enabling technology. Tor’s hidden services protect the location of the server hosting the service and provide encryption at every hop from a client to the hidden server. This presentation we will introduce CARONTE, a platform to measure the prevalence of content leaks in hidden services, i.e., information in the content or configuration of the hidden service that gives away the location of the hidden server. Compared to prior approaches that deanonymize hidden services CARONTE implements a novel approach that does not rely on flaws on the Tor protocol and assumes an open-world, i.e., it does not assume a short list of candidate servers is known in advance. CARONTE finds content leaks leading to deanonymization in 4.7% of hidden services. It also uncovers that 84% of the deanonymized hidden services are not trying to hide their location and that 21% of hidden services are running on Tor relays.