Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Winter, Philipp; Lindskog, Stefan (2014)
Publisher: Karlstads universitet, Institutionen för matematik och datavetenskap
Languages: English
Types: Report
Subjects: tor, mitm, Computer Systems, Datorsystem, analysis, measurement, Computer Science - Cryptography and Security

Classified by OpenAIRE into

Several hundred Tor exit relays together push more than 1 GiB/s of network traffic. However, it is easy for exit relays to snoop and tamper with anonymised network traffic and as all relays are run by independent volunteers, not all of them are innocuous. In this paper, we seek to expose malicious exit relays and document their actions. First, we monitored the Tor network after developing a fast and modular exit relay scanner. We implemented several scanning modules for detecting common attacks and used them to probe all exit relays over a period of four months. We discovered numerous malicious exit relays engaging in different attacks. To reduce the attack surface users are exposed to, we further discuss the design and implementation of a browser extension patch which fetches and compares suspicious X.509 certificates over independent Tor circuits. Our work makes it possible to continuously monitor Tor exit relays. We are able to detect and thwart many man-in-the-middle attacks which makes the network safer for its users. All our code is available under a free license.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • Alexa. The top 500 sites on the web. 2013. URL: http://www.alexa.com/topsites.
    • Daniel J. Bernstein. “Curve25519: new Diffie-Hellman speed records”. In: Public Key Cryptography. Springer, 2006. URL: http: //cr.yp.to/ecdh/curve25519-20060209.pdf.
    • [3] Sambuddho Chakravarty et al. “Detecting Traffic
    • Springer, 2011. URL: http://www.cs.columbia.
    • edu/~mikepo/papers/tordecoys.raid11.pdf.
    • Roger Dingledine. Re: Holy shit I caught 1. 2006.
    • URL: http://archives.seul.org/or/talk/Aug2006/msg00262.html.
    • Roger Dingledine, Nick Mathewson, and Paul Syverson. “Tor: The Second-Generation Onion Router”. In: USENIX Security. USENIX Association, 2004. URL: http://static.usenix.org/event/sec04/tech/full_ papers/dingledine/dingledine.pdf.
    • [1] [2] [4] [5] [6] [7] [8] Electronic Frontier Foundation. HTTPS
    • Everywhere. 2013. URL:
    • https://www.eff.org/https-everywhere. [9] Ian Goldberg. “On the Security of the Tor
    • 2006. URL: http:
    • //freehaven.net/anonbib/cache/tap:pet2006.pdf.
    • Dan Haim. SocksiPy - A Python SOCKS client module. 2006. URL: http://socksipy.sourceforge.net.
    • [11] Jeff Hodges, Collin Jackson, and Adam Barth.
    • RFC 6797: HTTP Strict Transport Security
    • (HSTS). 2012. URL:
    • https://tools.ietf.org/html/rfc6797.
    • Ralph Holz et al. “X.509 Forensics: Detecting and Localising the SSL/TLS Men-in-the-Middle”. In: ESORICS. Springer, 2012. URL: http://www.net.in.tum.de/fileadmin/ bibtex/publications/papers/holz_x509forensics_ esorics2012.pdf.
    • Markus Huber, Martin Mulazzani, and Edgar Weippl. “Tor HTTP Usage and Information Leakage”. In: Communications and Multimedia Security. Springer, 2010. URL: http:// freehaven.net/anonbib/cache/huber2010tor.pdf.
    • [14] InformAction. NoScript. 2013. URL:
    • [16] Thoughtcrime Labs. Convergence. 2011. URL:
    • Browser [DRAFT]. 2013. URL: https://www.
    • [24] The Tor Project. Relays with Exit, Fast, Guard, Stable, and HSDir flags. 2013. URL: https: //metrics.torproject.org/network.html#relayflags.
    • [25] The Tor Project. Snakes on a Tor. URL: https: //gitweb.torproject.org/torflow.git/tree/HEAD: /NetworkScanners/ExitAuthority.
    • The Tor Project. Stem Docs. 2013. URL: https://stem.torproject.org.
    • The Tor Project. TC: A Tor control protocol (Version 1). URL: https: //gitweb.torproject.org/torspec.git/blob/HEAD: Tor. URL: https://code.google.com/p/torsocks/.
    • Dan Wendlandt, David G. Andersen, and Adrian Perrig. “Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing”. In: USENIX Annual Technical Conference. USENIX Association, 2008. URL: http://perspectivessecurity.files.wordpress.com/ [28] 1 Certificate: 2 Data: 3 Version: 3 (0x2) 4 Serial Number: 16517615612733694071 (0xe53a5be2bd702077) 5 Signature Algorithm: sha1WithRSAEncryption 6 Issuer: C=US, ST=Nevada, L=Newbury, O=Main Authority, 7 OU=Certificate Management, 8 CN=main.authority.com/emailAddress= 9 Validity 10 Not Before: Feb 12 08:13:07 2013 GMT 11 Not After : Feb 10 08:13:07 2023 GMT 12 Subject: C=US, ST=Nevada, L=Newbury, O=Main Authority, 13 OU=Certificate Management, 14 CN=main.authority.com/emailAddress= 15 Subject Public Key Info: 16 Public Key Algorithm: rsaEncryption 17 Public-Key: (1024 bit) 18 Modulus: 19 00:da:5d:5f:06:06:dc:8e:f1:8c:70:b1:58:12:0a: 20 41:0e:b9:23:cc:0e:6f:bc:22:5a:05:12:09:cf:ac: 21 85:9d:95:2c:3a:93:5d:c9:04:c9:4e:72:15:6a:10: 22 f1:b6:cd:e4:8e:ad:5a:7f:1e:d2:b5:a7:13:e9:87: 23 d8:aa:a0:24:15:24:84:37:d1:69:8e:31:8f:5c:2e: 24 92:e3:f4:9c:c3:bc:18:7d:cf:b7:ba:b2:5b:32:61:
    • 64:05:cd:1f:c3:b5:28:e1:f5:a5:1c:35:db:0f:e8:
    • c3:1d:e3:e3:33:9c:95:61:6d:b7:a6:ad:de:2b:0d:
    • d2:88:07:5f:63:0d:9c:1e:cf
    • Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier:
    • 07:42:E0:52:A7:DC:A5:C5:0F:C5:
    • AF:03:56:CD:EB:42:8D:96:00:D6 X509v3 Authority Key Identifier:
    • keyid:07:42:E0:52:A7:DC:A5:C5:0F:C5:
    • AF:03:56:CD:EB:42:8D:96:00:D6
    • serial:E5:3A:5B:E2:BD:70:20:77
    • X509v3 Basic Constraints:
    • CA:TRUE Signature Algorithm: sha1WithRSAEncryption
    • 23:55:73:1b:5c:77:e4:4b:14:d7:71:b4:09:11:4c:ed:2d:08:
    • ae:7e:37:21:2e:a7:a0:49:6f:d1:9f:c8:21:77:76:55:71:f9:
    • 8c:7b:2c:e8:a9:ea:7f:2f:98:f7:45:44:52:b5:46:a4:09:4b:
    • ce:88:90:bd:28:ed:05:8c:b6:14:79:a0:f3:d3:1f:30:d6:59:
    • 5c:dd:e6:e6:cd:3a:a4:69:8f:2d:0c:49:e7:df:01:52:b3:34:
    • 38:97:c5:9a:c3:fa:f3:61:b8:89:0f:d2:d9:a5:48:e6:7b:67:
    • 48:4a:72:3f:da:28:3e:65:bf:7a:c2:96:27:dd:c0:1a:ea:51:
    • f5:09 2 Date: Tue, 14 Jan 2014 17:12:08 GMT 3 Server: Apache/2.2.22 (Ubuntu) 4 Vary: Accept-Encoding 5 Transfer-Encoding: chunked 6 Content-Type: text/html 5A2A51D4 (see Table 1). It was appended right in front
  • No related research data.
  • No similar publications.
  • BioEntity Site Name
    Google Code

Share - Bookmark

Cite this article