TorMult: Introducing a Novel Tor Bandwidth Inflation Attack

TL;DR

This paper introduces TorMult, a new bandwidth inflation attack on Tor that exploits resource sharing among relays, enabling attackers to significantly inflate perceived bandwidth and potentially control a large portion of the network.

Contribution

The paper presents a novel attack vector, TorMult, with two variants, demonstrating its effectiveness through private network tests and theoretical analysis.

Findings

Inflates measured bandwidth close to the number of relays in the cluster

Achieves control over half of Tor traffic with just 10 servers and 109 relays

Demonstrates significant threat to Tor's anonymity and resource sharing practices

Abstract

The Tor network is the most prominent system for providing anonymous communication to web users, with a daily user base of 2 million users. However, since its inception, it has been constantly targeted by various traffic fingerprinting and correlation attacks aiming at deanonymizing its users. A critical requirement for these attacks is to attract as much user traffic to adversarial relays as possible, which is typically accomplished by means of bandwidth inflation attacks. This paper proposes a new inflation attack vector in Tor, referred to as TorMult, which enables inflation of measured bandwidth. The underlying attack technique exploits resource sharing among Tor relay nodes and employs a cluster of attacker-controlled relays with coordinated resource allocation within the cluster to deceive bandwidth measurers into believing that each relay node in the cluster possesses ample resources. We propose two attack variants, C-TorMult and D-TorMult, and test both versions in a private Tor test network. Our evaluation demonstrates that an attacker can inflate the measured bandwidth by a factor close to n using C-TorMult and nearly half n*N using D-TorMult, where n is the size of the cluster hosted on one server and N is the number of servers. Furthermore, our theoretical analysis reveals that gaining control over half of the Tor network's traffic can be achieved by employing just 10 dedicated servers with a cluster size of 109 relays running the TorMult attack, each with a bandwidth of 100MB/s. The problem is further exacerbated by the fact that Tor not only allows resource sharing but, according to recent reports, even promotes it.