Distinguishing Tor From Other Encrypted Network Traffic Through Character Analysis
Pitpimon Choorod, Tobias J. Bauer, Andreas A{\ss}muth
TL;DR
This paper investigates whether the number of encryption layers in network traffic can be used to distinguish Tor traffic from other encrypted data, which is crucial for privacy and censorship circumvention.
Contribution
It introduces a novel analysis of encryption layer patterns in network traffic to differentiate Tor from non-Tor encrypted communications.
Findings
Hex digit frequency analysis can identify Tor traffic.
Multiple encryption layers influence traffic distinguishability.
Encryption patterns vary significantly between Tor and non-Tor traffic.
Abstract
For journalists reporting from a totalitarian regime, whistleblowers and resistance fighters, the anonymous use of cloud services on the Internet can be vital for survival. The Tor network provides a free and widely used anonymization service for everyone. However, there are different approaches to distinguishing Tor from non-Tor encrypted network traffic, most recently only due to the (relative) frequencies of hex digits in a single encrypted payload packet. While conventional data traffic is usually encrypted once, but at least three times in the case of Tor due to the structure and principle of the Tor network, we have examined to what extent the number of encryptions contributes to being able to distinguish Tor from non-Tor encrypted data traffic.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Hate Speech and Cyberbullying Detection · Digital Media Forensic Detection
Methodstravel james