We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Attacks on Onion Discovery and Remedies via Self-Authenticating Traditional Addresses

Abstract: Onion addresses encode their own public key. They are thus self-authenticating, one of the security and privacy advantages of onion services, which are typically accessed via Tor Browser. Because of the mostly random-looking appearance of onion addresses, a number of onion discovery mechanisms have been created to permit routing to an onion address associated with a more meaningful URL, such as a registered domain name.
We describe novel vulnerabilities engendered by onion discovery mechanisms recently introduced by Tor Browser that facilitate hijack and tracking of user connections. We also recall previously known hijack and tracking vulnerabilities engendered by use of alternative services that are facilitated and rendered harder to detect if the alternative service is at an onion address.
Self-authenticating traditional addresses (SATAs) are valid DNS addresses or URLs that also contain a commitment to an onion public key. We describe how the use of SATAs in onion discovery counters these vulnerabilities. SATAs also expand the value of onion discovery by facilitating self-authenticated access from browsers that do not connect to services via the Tor network.
Comments: To appear in the ACM Workshop on Privacy in the Electronic Society (WPES '21)
Subjects: Cryptography and Security (cs.CR)
DOI: 10.1145/3463676.3485610
Cite as: arXiv:2110.03168 [cs.CR]
  (or arXiv:2110.03168v1 [cs.CR] for this version)

Submission history

From: Paul Syverson [view email]
[v1] Thu, 7 Oct 2021 03:48:23 GMT (45kb)

Link back to: arXiv, form interface, contact.