EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Cell-Sequence-Based Covert Signal for Tor De-Anonymization Attacks

Ran Xin, Yapeng Wang (), Xiaohong Huang (), Xu Yang and Sio Kei Im
Additional contact information
Ran Xin: Faculty of Applied Sciences, Macao Polytechnic University, Macao 999078, China
Yapeng Wang: Faculty of Applied Sciences, Macao Polytechnic University, Macao 999078, China
Xiaohong Huang: Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
Xu Yang: Faculty of Applied Sciences, Macao Polytechnic University, Macao 999078, China
Sio Kei Im: Faculty of Applied Sciences, Macao Polytechnic University, Macao 999078, China

Future Internet, 2025, vol. 17, issue 9, 1-26

Abstract: This research introduces a novel de-anonymization technique targeting the Tor network, addressing limitations in prior attack models, particularly concerning router positioning following the introduction of bridge relays. Our method exploits two specific, inherent protocol-level vulnerabilities: the absence of a continuity check for circuit-level cells and anomalous residual values in RELAY_EARLY cell counters, working by manipulating cell headers to embed a covert signal. This signal is composed of reserved fields, start and end delimiters, and a payload that encodes target identifiers. Using this signal, malicious routers can effectively mark data flows for later identification. These routers employ a finite state machine (FSM) to adaptively switch between signal injection and detection. Experimental evaluations, conducted within a controlled environment using attacker-controlled onion routers, demonstrated that the embedded signals are undetectable by standard Tor routers, cause no noticeable performance degradation, and allow reliable correlation of Tor users with public services and deanonymization of hidden service IP addresses. This work reveals a fundamental design trade-off in Tor: the decision to conceal circuit length inadvertently exposes cell transmission characteristics. This creates a bidirectional vector for stealthy, protocol-level de-anonymization attacks, even though Tor payloads remain encrypted.

Keywords: privacy; Tor; deanonymization attack; network security (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/9/403/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/9/403/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:9:p:403-:d:1742075

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-09-05
Handle: RePEc:gam:jftint:v:17:y:2025:i:9:p:403-:d:1742075