Detecting Traffic Snooping in Tor Using Decoys
Anonymous communication networks like Tor partially protect the confidentiality of their users' traffic by encrypting all intra-overlay communication. However, when the relayed traffic reaches the boundaries of the overlay network towards its actual destination, the original user traffic is inevitably exposed. At this point, unless end-to-end encryption is used, sensitive user data can be snooped by a malicious or compromised exit node, or by any other rogue network entity on the path towards the actual destination. The authors explore the use of decoy traffic for the detection of traffic interception on anonymous proxying systems. Their approach is based on the injection of traffic that exposes bait credentials for decoy services that require user authentication.