Proposal / Submission Type

Peer Reviewed Paper

Location

Richmond, Virginia

Start Date

11-6-2013 3:50 PM

Abstract

The Tor network is a low-latency overlay network for TCP flows that is designed to provide privacy and anonymity to its users. It is currently in use by many as a means to avoid censorship of both information to be shared and information to be retrieved. This paper details the architecture of the Tor network as a platform for evaluating the current state of forensic analysis of the Tor network. Specific attempts to block access to the Tor network are examined to identify (a) the processes utilized to identify Tor nodes, and (b) the resulting exposure of potentially inculpatory evidence. Additional known, but yet to be perpetrated, attacks are examined for a more holistic view of the state of forensics of the Tor network. Based on the combination of these studies, there is some evidence that a specific, individual flow of traffic over the Tor network is attributable to a single entity. However, the content of that flow has not been compromised within the Tor network. As such, the inculpatory evidence required for legal action is limited at this time.

Keywords: Tor, Forensic Analysis, Privacy & Anonymity

 
Jun 11th, 3:50 PM

First Glance: An Introductory Analysis of Network Forensics of Tor

Richmond, Virginia

The Tor network is a low-latency overlay network for TCP flows that is designed to provide privacy and anonymity to its users. It is currently in use by many as a means to avoid censorship of both information to be shared and information to be retrieved. This paper details the architecture of the Tor network as a platform for evaluating the current state of forensic analysis of the Tor network. Specific attempts to block access to the Tor network are examined to identify (a) the processes utilized to identify Tor nodes, and (b) the resulting exposure of potentially inculpatory evidence. Additional known, but yet to be perpetrated, attacks are examined for a more holistic view of the state of forensics of the Tor network. Based on the combination of these studies, there is some evidence that a specific, individual flow of traffic over the Tor network is attributable to a single entity. However, the content of that flow has not been compromised within the Tor network. As such, the inculpatory evidence required for legal action is limited at this time.

Keywords: Tor, Forensic Analysis, Privacy & Anonymity