HOnions: Towards Detection And Identification Of Misbehaving Tor HSDirs

Amirali Sanatinia and Guevara Noubir

Over  the  last  decade  privacy  infrastructures  such  as  Tor proved to be very successful and widely used.  However, Tor remains a practical system with a variety of limitations and open to abuse.  Tor’s security and anonymity is based on the assumption that the large majority of the its relays are honest  and  do  not  misbehave.   Particularly  the  privacy  of the hidden services is dependent on the honest operation of Hidden Services Directories (HSDirs).  In this work we introduce, the concept of honey onions (HOnions), a framework to  detect  and  identify  misbehaving  and  snooping  HSDirs. After  the deployment of our  system and based on our experimental results during the period of 72 days, we detect and identify at least 110 such snooping relays.  Furthermore, we reveal that more than half of them were hosted on cloud infrastructure and delayed the use of the learned information to prevent easy traceback.