Inflow: Inverse network flow watermarking for detecting hidden servers

Alfonso Iacovazzi, Sanat Sarda, Yuval Elovici

IEEE INFOCOM 2018-IEEE Conference on Computer Communications, 747-755, 2018

TOR is a well-known and established anonymous network that has increasingly been abused by services distributing and hosting content, in most cases images and videos, that are illegal or morally deplorable (e.g., child pornography content). Law enforcement continually tries to identify the users and providers of such content. State of the art techniques to breach TOR’s anonymity are usually based on passive and active network traffic analysis, and rely on the ability of the deanonymization entity to control TOR’s edge communication. Despite this, locating hidden servers and linking illegal content with those providing and spreading this content remains an open and controversial issue. In this paper, we describe Inflow, a new technique to identify hidden servers based on inverse flow watermarking. Inflow exploits the influence of congestion mechanisms on the traffic passing through the TOR network. Inflow drops …