Transparent Discovery of Hidden Service

Abstract

Tor's hidden services provide both sender privacy and recipient privacy to users. A hot topic in security of Tor is how to deanonymize its hidden services. Existing works proved that the recipient privacy could be revealed, namely a hidden server's real IP address could be located. However, the hidden service's circuit is bi-directionally anonymous, and the sender privacy can also be revealed. In this letter, we propose a novel approach that can transparently discover the client of the hidden service. Based on extensive analysis on the hidden service protocol, we find a combination of cells which can be used to generate a special traffic feature with the cell-padding mechanism of Tor. A user can implement some onion routers in Tor networks and monitor traffic passing through them. Once the traffic feature is discovered, the user confirms one of the controlled routers is chosen as the entry router, and the adjacent node is the client. Compared with the existing works, our approach does not disturb the normal communication of the hidden service. Simulations have demonstrated the effectiveness of our method.