My colleagues and I published a (not yet peer-reviewed) research paper on how DNS affects Tor's anonymity. The key parts of our work are:
- We measure the DNS setup of exit relays over time, showing that at times Google got to see almost 40% of DNS requests coming out of Tor.
- We show how website fingerprinting attacks can be augmented with observed DNS requests, resulting in precise attacks for unpopular websites.
- Similar to the "Users Get Routed" work, we simulate the impact of our attack at Internet-scale using the TorPS simulator.
The PDF is available online: https://nymity.ch/tor-dns/tor-dns.pdf
Our project page has code, data, and replication instructions: https://nymity.ch/tor-dns/
On 09/28/2016 11:35 AM, Philipp Winter wrote:
My colleagues and I published a (not yet peer-reviewed) research paper on how DNS affects Tor's anonymity. The key parts of our work are:
We measure the DNS setup of exit relays over time, showing that at times Google got to see almost 40% of DNS requests coming out of Tor.
We show how website fingerprinting attacks can be augmented with observed DNS requests, resulting in precise attacks for unpopular websites.
Similar to the "Users Get Routed" work, we simulate the impact of our attack at Internet-scale using the TorPS simulator.
The PDF is available online: https://nymity.ch/tor-dns/tor-dns.pdf
Our project page has code, data, and replication instructions: https://nymity.ch/tor-dns/ _______________________________________________
Excellent work, this is really neat!
It reminds me a bit of https://www.cse.buffalo.edu/~mohaisen/doc/14-wpes.pdf, which describes the prevalence accidental .onion lookups on DNS root servers.
The issue with 8.8.8.8 is significant. It's easy to point /etc/resolv.conf at Google's DNS because it just works, without realizing the implications. https://xkcd.com/1361/
-
Jesse V -
Philipp Winter