AbstractsComputer Science

Torminator: A Tor fingerprinting suite

by Petter Salminen

Institution: KTH Royal Institute of Technology
Year: 2015
Keywords: Engineering and Technology; Electrical Engineering, Electronic Engineering, Information Engineering; Other Electrical Engineering, Electronic Engineering, Information Engineering; Teknik och teknologier; Elektroteknik och elektronik; Annan elektroteknik och elektronik; Master of Science in Engineering - Computer Science and Technology; Civilingenjörsexamen - Datateknik; Master of Science - Computer Science; Teknologie masterexamen - Datalogi
Record ID: 1351547
Full text PDF: http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-163201


Tor is a very popular anonymisation software and network. For which we created Torminator, a fingerprinting suite written in the Java programming language. Fingerprinting is an attack type applicable to Tor utilising side-channel information from the network packets. With side-channel data, we can analytically access information that purportedly been hidden by design by Tor. Because Tor is a low-latency, low-overhead by design, it will leak communication patterns with intermediate (thus total) communication size. In our case this may able us figure out to which site/service the Tor user is using. This means that anyone with access to user’s traffic can use the fingerprinting attack to partly compromise the provided anonymity. By investigating such attacks, it may help us to better understand how to withstand and resist attacks from powerful adversaries such as state agencies. Torminator automatises the process for gathering fingerprints. It uses the official Tor Browser through its GUI to enter websites to recreate the real world scenario. This gives us real and reliable fingerprints without having to employ a human to do anything, as Torminator simulates user interaction on Tor Browser for us. We can also give Torminator a list of websites to fingerprint, making it easy to generate lots of fingerprints for a great number given sites. A contribution of Torminator, is that we improved on the previous de facto standard of the fingerprints collected from the available tools from previous works. We have gathered fingerprints and have now a dataset of 65792 fingerprints. Fingerprints like these can be used with machine learning techniques to teach a machine to recognise web-pages by reading the packet size and directions saved in the fingerprint files.