VaulTor: Putting the TEE in Tor

TL;DR

VaulTor enhances Tor's hidden services by using trusted execution environments and volunteer vaults to improve security against deanonymization without significant performance loss.

Contribution

Introduces VaulTor, a novel architecture integrating TEEs and volunteer vaults to protect hidden services from deanonymization attacks.

Findings

Reduces deanonymization risk by decreasing service uptime requirements.

Achieves minimal performance degradation (2.6-5.5%) in content access.

Provides a scalable, secure architecture for Tor hidden services.

Abstract

Online services that desire to operate anonymously routinely host themselves as 'Hidden Services' in the Tor network. However, these services are frequently threatened by deanonymization attacks, whereby their IP address and location may be inferred by the authorities. We present VaulTor, a novel architecture for the Tor network to ensure an extra layer of security for the Hidden Services against deanonymization attacks. In this new architecture, a volunteer (vault) is incentivized to host the web application content on behalf of the Hidden Service. The vault runs the hosted application in a Trusted Execution Environment (TEE) and becomes the point of contact for interested clients. This setup can substantially reduce the uptime requirement of the original Hidden Service provider and hence significantly decrease the chance of deanonymization attacks against them. We also show that the VaulTor architecture does not cause any noticeable performance degradation in accessing the hosted content (the performance degradation ranges from 2.6-5.5%).