A Comprehensive Evaluation of the Impact on Tor Network Anonymity Caused by ShadowBridge
摘要
Tor bridges play an important role in the Tor network, yet a comprehensive security evaluation of these nodes has been largely overlooked. This paper presents our findings which uncover the existence of a specific subset of bridges, named ShadowBridges. These ShadowBridges actively redirect user traffic to subsequent hidden nodes, without the user’s awareness or consent. To address the lack of thorough security assessment of bridges, we conducted an evaluation of these ShadowBridges, and have engineered BridgeSniffer, a detection tool that operates through a collaborative effort between Tor clients and relays. Our deployment of BridgeSniffer has led to the identification of 90 hidden nodes across 9 countries, 17 Autonomous Systems (ASes), along with 47 ShadowBridges. Our analyses suggest that these ShadowBridges have been found to exhibit familial relationships, with a one-many family identified comprising 58 hidden node members. Our experimental findings reveal that ShadowBridges have led to a 30.8% increase in the number of ASes capable of monitoring user traffic, and improved the ability of 4.6% AS attackers to launch traffic confirmation attacks. In addition to these security concerns, ShadowBridges have been demonstrated to negatively affect the Tor network’s performance, evidenced by an increase in transmission delay across Tor circuits.