[metrics-team] Exploring Tor's Activity Through Long-term Passive TLS Traffic Measurement
David Fifield
david at bamsoftware.com
Fri Sep 9 20:46:02 UTC 2016
I just found this paper by Johanna Amann and Robin Sommers:
http://icir.org/johanna/papers/pam16tor.pdf
"Exploring Tor's Activity Through Long-term Passive TLS Traffic Measurement"
Abstract:
Tor constitutes one of the pillars of anonymous online
communication. It allows its users to communicate while
concealing from observers their location as well as the Internet
resources they access. Since its rst release in 2002, Tor has
enjoyed an increasing level of popularity with now commonly more
than 2,000,000 simultaneous active clients on the network.
However, even though Tor is widely popular, there is only little
understanding of the large-scale behavior of its network
clients. In this paper, we present a longitudinal study of the
Tor network based on passive analysis of TLS trac at the
Internet uplinks of four large universities inside and outside
of the US. We show how Tor traffic can be identified by
properties of its autogenerated certificates, and we use this
knowledge to analyze characteristics and development of Tor's
traffic over more than three years.
Interesting, to me, was their use of TLS fingerprinting (Section 4),
which we worry about in a censorship context, for identification of Tor
traffic at their passive taps.
More information about the metrics-team
mailing list