Torminator: A Tor fingerprinting suite : Or how the Tor-network might get a surprise attack from the future. “I’ll be back” – The Terminator

Abstract: Tor is a very popular anonymisation software and network. For which we created Torminator, a fingerprinting suite written in the Java programming language. Fingerprinting is an attack type applicable to Tor utilising side-channel information from the network packets. With side-channel data, we can analytically access information that purportedly been hidden by design by Tor. Because Tor is a low-latency, low-overhead by design, it will leak communication patterns with intermediate (thus total) communication size. In our case this may able us figure out to which site/service the Tor user is using. This means that anyone with access to user’s traffic can use the fingerprinting attack to partly compromise the provided anonymity. By investigating such attacks, it may help us to better understand how to withstand and resist attacks from powerful adversaries such as state agencies. Torminator automatises the process for gathering fingerprints. It uses the official Tor Browser through its GUI to enter websites to recreate the real world scenario. This gives us real and reliable fingerprints without having to employ a human to do anything, as Torminator simulates user interaction on Tor Browser for us. We can also give Torminator a list of websites to fingerprint, making it easy to generate lots of fingerprints for a great number given sites. A contribution of Torminator, is that we improved on the previous de facto standard of the fingerprints collected from the available tools from previous works. We have gathered fingerprints and have now a dataset of 65792 fingerprints. Fingerprints like these can be used with machine learning techniques to teach a machine to recognise web-pages by reading the packet size and directions saved in the fingerprint files.