February 14, 2017
Srdjan Matic
In the last years we have witnessed a boom in the use of techniques and tools that provide anonymity. Such techniques and tools are used by clients that want their communication to stay anonymous or to access censored content, as well as by administrators to hide the location of their servers. All those activities can be easily performed with the support of an anonymity network. An important component of an anonymity network is the hidden server, a machine whose IP address is kept secret. Such hidden servers are the target of research of this dissertation; more specifically, we focus on different types of hidden servers used in the Tor anonymity network.
Our work comprises two parts, one dealing with Tor hidden services and the other one about bridges. In the first part we illustrated novel approaches that we developed for analyzing the security and revealing the location of hidden servers. We demonstrate our technique by implementing it in a tool, that later we used for deanonymizing over 100 real hidden services. In the second part, we perform the first systematic study of the Tor bridge infrastructure. Our study covers both the public bridge infrastructure available to all Tor users, and the previously unreported private bridge infrastructure, comprising private nodes for the exclusive use of those who know about their existence. Our results show how the public bridge ecosystem with clients is stable and those bridges rarely change their IP address. Furthermore we discuss the security implication of public datasets that can be leverage for recovering addresses of bridges, and how track a bridge across IP changes.