Inside Job: Applying Traffic Analysis to Measure Tor from Within

Rob Jansen, Marc Juárez, Rafa Galvez, Tariq Elahi, Claudia Díaz

Research output: Chapter in Book/Report/Conference proceedingConference contribution


In this paper, we explore traffic analysis attacks on Tor that are conducted solely with middle relays rather than with relays from the entry or exit positions. We create a methodology to apply novel Tor circuit and website fingerprinting from middle relays to detect onion service usage; that is, we are able to identify websites with hidden network addresses by their traffic patterns. We also carry out the first privacy preserving popularity measurement of a single social networking website hosted as an onion service by deploying our novel circuit and website fingerprinting techniques in the wild. Our results show: (i) that the middle position enables wide-scale monitoring and measurement not possible from a comparable resource deployment in other relay positions, (ii) that traffic fingerprinting techniques are as effective from the middle relay position as prior works show from a guard relay, and (iii) that an adversary can use our fingerprinting methodology to discover the popularity of onion services, or as a filter to target specific nodes in the network, such as particular guard relays.
Original languageEnglish
Title of host publication25th Annual Network and Distributed System Security Symposium, NDSS 2018
Place of PublicationSan Diego, California, USA
Number of pages15
Publication statusPublished - 21 Feb 2018
Event25th Annual Network and Distributed System Security Symposium - San Diego, United States
Duration: 18 Feb 201821 Nov 2018


Conference25th Annual Network and Distributed System Security Symposium
Abbreviated titleNDSS 2018
Country/TerritoryUnited States
CitySan Diego
Internet address


Dive into the research topics of 'Inside Job: Applying Traffic Analysis to Measure Tor from Within'. Together they form a unique fingerprint.

Cite this