Honey Onions: a Framework for Characterizing and Identifying Misbehaving Tor HSDirs
This addresses security vulnerabilities in Tor's anonymity system for users, though it is incremental as it builds on existing detection concepts.
The authors tackled the problem of detecting misbehaving Tor relays with HSDir capability by introducing a framework called honey onions, which estimated that at least 110 nodes were snooping on hidden services over a 72-day study period.
In the last decade, Tor proved to be a very successful and widely popular system to protect users' anonymity. However, Tor remains a practical system with a variety of limitations, some of which were indeed exploited in the recent past. In particular, Tor's security relies on the fact that a substantial number of its nodes do not misbehave. In this work we introduce, the concept of honey onions, a framework to detect misbehaving Tor relays with HSDir capability. This allows to obtain lower bounds on misbehavior among relays. We propose algorithms to both estimate the number of snooping HSDirs and identify the most likely snoopers. Our experimental results indicate that during the period of the study (72 days) at least 110 such nodes were snooping information about hidden services they host. We reveal that more than half of them were hosted on cloud infrastructure and delayed the use of the learned information to prevent easy traceback.