More Web Proxy on the site http://driver.im/

research-article

Detection and Analysis of Tor Onion Services

Authors:

Martin Steinebach,

Marcel Schäfer,

Alexander Karakuz,

Katharina Brandl,

York YannikosAuthors Info & Claims

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Article No.: 66, Pages 1 - 10

https://doi.org/10.1145/3339252.3341486

Published: 26 August 2019 Publication History

Abstract

Tor onion services can be accessed and hosted anonymously on the Tor network. We analyze the protocols, software types, popularity and uptime of these services by collecting a large amount of .onion addresses. Websites are crawled and clustered based on their respective language. In order to also determine the amount of unique websites a de-duplication approach is implemented. To achieve this, we introduce a modular system for the real-time detection and analysis of onion services. Address resolution of onion services is realized via descriptors that are published to and requested from servers on the Tor network that volunteer for this task. We place a set of 20 volunteer servers on the Tor network in order to collect .onion addresses. The analysis of the collected data and its comparison to previous research provides new insights into the current state of Tor onion services and their development. The service scans show a vast variety of protocols with a significant increase in the popularity of anonymous mail servers and Bitcoin clients since 2013. The popularity analysis shows that the majority of Tor client requests is performed only for a small subset of addresses. The overall data reveals further that a large amount of permanent services provide no actual content for Tor users. A significant part consists instead of bots, services offered via multiple domains, or duplicated websites for phishing attacks. The total amount of onion services is thus significantly smaller than current statistics suggest.

References

[1]

DuckDuckGo.com. Duckduckgo traffic. https://duckduckgo.com/traffic, 2019. {Online; As seen on 01 February 2019}.

[2]

Torproject.org. User metrics. https://metrics.torproject.org/userstats-relay-country.html, 2019. {Online; As seen on 01 February 2019}.

[3]

Securedrop.org. Secure drop - share documents securely with these organizations. https://securedrop.org/, 2019. {Online; As seen on 05 February 2019}.

[4]

A. J. Martin. Iranian web crackdown drives surge in privacy technology. https://news.sky.com/story/iranian-web-crackdown-drives-surge-in-privacy-technology-11191740, 2019. {Online; As seen on 05 February 2019}.

[5]

J. Buxton and T. Bingham. The rise and challenge of dark net drug markets. 2015.

[6]

A. Biryukov and Weinmann R. Pustogarov, I. Trawling for tor hidden services: Detection, measurement, deanonymization. 2013 IEEE Symposium on Security and Privacy, 2013.

Digital Library

[7]

A. Biryukov, Weinmann R. Pustogarov, I., and F. Thill. Content and popularity analysis of tor hidden services. 2013.

[8]

G. Owen and N. Savage. Empirical analysis of tor hidden services. IET Information Security (Volume: 10, Issue: 3, 5 2016), 2015.

[9]

Torproject.org. Metrics torproject.org. https://metrics.torproject.org/, 2018. {Online; As seen on 16 November 2018}.

[10]

Torproject.org. Tor dev manual. https://www.torproject.org/docs/tor-manual-dev.html.en, 2019. {Online; As seen on 03 January 2019}.

[11]

Nmap.org. Nmap manual - chapter 15. nmap reference guide. https://nmap.org/book/man-version-detection.html, 2019. {Online; As seen on 03 January 2019}.

[12]

Nmap.org. Nmap manual - chapter 14. understanding and customizing nmap data files. https://nmap.org/book/nmap-services.html, 2019. {Online; As seen on 03 January 2019}.

[13]

Torproject.org. Configuring onion services for tor. https://www.torproject.org/docs/tor-onion-service.html.en, 2019. {Online; As seen on 23 January 2019}.

[14]

K. Hayashi. Backdoor.aimvision. https://www.symantec.com/security-center/writeup/2002-061316-4604-99, 2002. {Online; As seen on 01 February 2019}.

[15]

D. Knowles. Backdoor.ultor. https://www.symantec.com/security-center/writeup/2002-101713-3321-99, 2002. {Online; As seen on 01 February 2019}.

[16]

Speedguide.net. Port 1111 details. https://www.speedguide.net/port.php?port=1111, 2019. {Online; As seen on 01 February 2019}.

[17]

N. Desai. Summer reruns: Threat actors are sticking with malware that works. https://cofense.com/summer-reruns-threat-actors-sticking-malware-works/, 2018. {Online; As seen on 03 February 2019}.

[18]

pcmag.com. Police shut down the wall street market, a top dark web site. https://www.pcmag.com/news/368151/police-shut-down-the-wall-street-market-a-top-dark-web-site, 2019. {Online; As seen on 03 May 2019}.

[19]

The Pirate Bay. The pirate bay - about. https://thepiratebay.org/about, 2019. {Online; As seen on 04 February 2019}.

[20]

zona.media. Roskomnadzor blocked the website "rospravosudie" on complaint about the publication of personal data. https://zona.media/news/2018/07/18/rospravosudie, 2018. {Online; As seen on 05 February 2019}.

Cited By

Kühn PWittorf KReuter C(2024)Navigating the Shadows: Manual and Semi-Automated Evaluation of the Dark Web for Cyber Threat IntelligenceIEEE Access10.1109/ACCESS.2024.344824712(118903-118922)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3448247
Zabihimayvan MSadeghi RDoran D(2024)Security, information, and structure characterization of Tor: a surveyTelecommunication Systems10.1007/s11235-024-01149-y87:1(239-255)Online publication date: 20-May-2024
https://doi.org/10.1007/s11235-024-01149-y
Pastor-Galindo JGómez Mármol FMartínez Pérez G(2023)On the gathering of Tor onion addressesFuture Generation Computer Systems10.1016/j.future.2023.02.024145:C(12-26)Online publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.future.2023.02.024
Show More Cited By

Recommendations

Improving the Privacy of Tor Onion Services
Applied Cryptography and Network Security
Abstract
Onion services enable bidirectional anonymity for parties that communicate over the Tor network, thus providing improved privacy properties compared to standard TLS connections. Since these services are designed to support server-side anonymity, ...
Provably Avoiding Geographic Regions for Tor’s Onion Services
Financial Cryptography and Data Security
Abstract
Tor, a peer-to-peer anonymous communication system, is one of the most effective tools in providing free and open communication online. Many of the attacks on Tor’s anonymity occur when an adversary can intercept a user’s traffic; it is thus ... $_{}$ $_{}$
The onion router: understanding a privacy enhancing technology community
ASIST '16: Proceedings of the 79th ASIS&T Annual Meeting: Creating Knowledge, Enhancing Lives through Information & Technology

Internet technologies have made mass surveillance prevalent and much easier to carry out, while at the same time making personal privacy more difficult to protect. The ubiquity of personal data processing has raised public awareness about the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

August 2019

979 pages

ISBN:9781450371643

DOI:10.1145/3339252

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES '19

ARES '19: 14th International Conference on Availability, Reliability and Security

August 26 - 29, 2019

CA, Canterbury, United Kingdom

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
486
Total Downloads

Downloads (Last 12 months)61
Downloads (Last 6 weeks)5

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kühn PWittorf KReuter C(2024)Navigating the Shadows: Manual and Semi-Automated Evaluation of the Dark Web for Cyber Threat IntelligenceIEEE Access10.1109/ACCESS.2024.344824712(118903-118922)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3448247
Zabihimayvan MSadeghi RDoran D(2024)Security, information, and structure characterization of Tor: a surveyTelecommunication Systems10.1007/s11235-024-01149-y87:1(239-255)Online publication date: 20-May-2024
https://doi.org/10.1007/s11235-024-01149-y
Pastor-Galindo JGómez Mármol FMartínez Pérez G(2023)On the gathering of Tor onion addressesFuture Generation Computer Systems10.1016/j.future.2023.02.024145:C(12-26)Online publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.future.2023.02.024
Platzer FLux A(2022)A Synopsis of Critical Aspects for Darknet ResearchProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544444(1-8)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544444
Lux APlatzer F(2022)Online-Privatheitskompetenz und Möglichkeiten der technischen Umsetzung mit dem Anonymisierungsnetzwerk TorSelbstbestimmung, Privatheit und Datenschutz10.1007/978-3-658-33306-5_7(129-149)Online publication date: 6-Apr-2022
https://doi.org/10.1007/978-3-658-33306-5_7
Gehl R(2021)Dark web advertising: the dark magic system on Tor hidden service search enginesContinuum10.1080/10304312.2021.198325135:5(667-678)Online publication date: 7-Oct-2021
https://doi.org/10.1080/10304312.2021.1983251
Yannikos YDang QSteinebach M(2021)COMPARISON OF CYBER ATTACKS ON SERVICES IN THE CLEARNET AND DARKNETAdvances in Digital Forensics XVII10.1007/978-3-030-88381-2_3(39-61)Online publication date: 15-Oct-2021
https://doi.org/10.1007/978-3-030-88381-2_3
Ball MBroadhurst RNiven ATrivedi H(undefined)Data Capture and Analysis of Darknet MarketsSSRN Electronic Journal10.2139/ssrn.3344936
https://doi.org/10.2139/ssrn.3344936

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents