25th USENIX Security Symposium has ended
Back To Schedule
Friday, August 12 • 4:00pm - 4:30pm
Identifying and Characterizing Sybils in the Tor Network

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Being a volunteer-run, distributed anonymity network, Tor is vulnerable to Sybil attacks. Little is known about real-world Sybils in the Tor network, and we lack practical tools and methods to expose Sybil attacks. In this work, we developsybilhunter, a system for detecting Sybil relays based on their appearance, such as configuration; and behavior, such as uptime sequences. We used sybilhunter’s diverse analysis techniques to analyze nine years of archived Tor network data, providing us with new insights into the operation of real-world attackers. Our findings include diverse Sybils, ranging from botnets, to academic research, and relays that hijacked Bitcoin transactions. Our work shows that existing Sybil defenses do not apply to Tor, it delivers insights into realworld attacks, and provides practical tools to uncover and characterize Sybils, making the network safer for its users.

Friday August 12, 2016 4:00pm - 4:30pm PDT
Zilker Ballroom 3

Attendees (7)