Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Collecting and analyzing Tor exit node traffic
Blekinge Institute of Technology, Faculty of Computing.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2021 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Background. With increased Internet usage occurring across the world journalists, dissidents and criminals have moved their operations online, and in turn, governments and law enforcement have increased their surveillance of their country’s networks. This has increased the popularity of programs masking users’ identities online such as the Tor Project. By encrypting and routing the traffic through several nodes, the users’ identity is hidden. But how are Tor users utilizing the network, and is any of it in the plain text despite the dangers of it? How has the usage of Tor changed compared to 11 years ago? Objectives. The thesis objective is to analyze captured Tor network traffic that reveals what data is sent through the network. The collected data helps draw conclusions about Tor usage and is compared with previous studies. Methods. Three Tor exit nodes are set up and operated for one week in the US, Germany, and Japan. We deploy packet sniffers performing a deep packet inspection on each traffic flow to identify attributes such as application protocol, number of bytes sent in a flow, and content-type if the traffic was sent in plain text. All stored data is anonymized. Results. The results show that 100.35 million flows were recorded, with 32.47%of them sending 4 or fewer packets in total. The most used application protocol was TLS with 55.03% of total traffic. The HTTP usage was 15.91% and 16% was unknown protocol(s). The countries receiving the most traffic were the US with over45% of all traffic, followed by the Netherlands, UK, and Germany with less than 10%of recorded traffic as its destination. The most frequently used destination ports were 443 at 49.5%, 5222 at 12.7%, 80 with 11.9%, and 25 at 9.3%.Conclusions. The experiment shows that it is possible to perform traffic analysis on the Tor network and acquire significant data. It shows that the Tor network is widely used in the world but with the US and Europe accounting for most of the traffic. As expected there has been a shift from HTTP to HTTPS traffic when compared to previous research. However, there is still unencrypted traffic on the network, where some of the traffic could be explained by automated tools like web crawlers. Tor users need to increase their awareness in what traffic they are sending through the network, as a user with malicious intent can perform the same experiment and potentially acquire unencrypted sensitive data.

Place, publisher, year, edition, pages
2021. , p. 62
Keywords [en]
Deep packet inspection, Traffic analysis, Tor network, The Onion router
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-21862OAI: oai:DiVA.org:bth-21862DiVA, id: diva2:1575255
Subject / course
Degree Project in Master of Science in Engineering 30,0 hp
Educational program
DVACD Master of Science in Computer Security
Presentation
2021-05-26, 10:00 (English)
Supervisors
Examiners
Available from: 2021-06-30 Created: 2021-06-29 Last updated: 2022-05-12Bibliographically approved

Open Access in DiVA

fulltext(762 kB)2289 downloads
File information
File name FULLTEXT01.pdfFile size 762 kBChecksum SHA-512
000c5f08dc5ca1fc0de2d6020cfaae7f088daf8d7e72560539d780439d92b1d812a6a11e1d0d07959a3d468b174a6635e046948166f5aa0fe1e3536476acad50
Type fulltextMimetype application/pdf

By organisation
Faculty of ComputingDepartment of Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 2289 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1947 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf