Attacks on Onion Discovery and Remedies via Self-Authenticating Traditional Addresses
This addresses security and privacy risks for users of Tor onion services, offering an incremental improvement to existing discovery mechanisms.
The paper identifies novel vulnerabilities in Tor Browser's onion discovery mechanisms that enable hijacking and tracking of user connections, and proposes Self-Authenticating Traditional Addresses (SATAs) as a remedy to counter these attacks while extending self-authenticated access to non-Tor browsers.
Onion addresses encode their own public key. They are thus self-authenticating, one of the security and privacy advantages of onion services, which are typically accessed via Tor Browser. Because of the mostly random-looking appearance of onion addresses, a number of onion discovery mechanisms have been created to permit routing to an onion address associated with a more meaningful URL, such as a registered domain name. We describe novel vulnerabilities engendered by onion discovery mechanisms recently introduced by Tor Browser that facilitate hijack and tracking of user connections. We also recall previously known hijack and tracking vulnerabilities engendered by use of alternative services that are facilitated and rendered harder to detect if the alternative service is at an onion address. Self-authenticating traditional addresses (SATAs) are valid DNS addresses or URLs that also contain a commitment to an onion public key. We describe how the use of SATAs in onion discovery counters these vulnerabilities. SATAs also expand the value of onion discovery by facilitating self-authenticated access from browsers that do not connect to services via the Tor network.