Skip to main content

Identifying and Characterizing Sybils in the Tor Network

Author(s): Winter, Philipp; Ensafi, Roya; Loesing, Karsten; Feamster, Nick

To refer to this page use:
Abstract: Being a volunteer-run, distributed anonymity network, Tor is vulnerable to Sybil attacks. Little is known about real-world Sybils in the Tor network, and we lack practical tools and methods to expose Sybil attacks. In this work, we develop sybilhunter, a system for detecting Sybil relays based on their appearance, such as configuration; and behavior, such as uptime sequences. We used sybilhunter’s diverse analysis techniques to analyze nine years of archived Tor network data, providing us with new insights into the operation of real-world attackers. Our findings include diverse Sybils, ranging from botnets, to academic research, and relays that hijacked Bitcoin transactions. Our work shows that existing Sybil defenses do not apply to Tor, it delivers insights into realworld attacks, and provides practical tools to uncover and characterize Sybils, making the network safer for its users.
Publication Date: 2016
Citation: Winter, Philipp, Roya Ensafi, Karsten Loesing, and Nick Feamster. "Identifying and Characterizing Sybils in the Tor Network." In 25th USENIX Security Symposium (2016): pp. 1169-1185.
Pages: 1169 - 1185
Type of Material: Conference Article
Journal/Proceeding Title: 25th USENIX Security Symposium
Version: Final published version. This is an open access article.

Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.