Tor User De-Anonymization: Client-Side Originating Watermark

Traditional techniques for Tor user de-anonymization through a side-channel by means of traffic-watermarks are generally implemented through utilization/modulation of server-side originating traffic (SSOW). However, the effectiveness of SSOW is often hindered by significant amounts of traffic noise that accumulates along Tor’s communication pathways. In this thesis, we outline the key ideas behind our novel user de-anonymization technique that utilizes client-side originating watermarks (CSOW). We describe some potential ways this scheme could be implemented in practice while not requiring the control of any Tor node or other resource. We also demonstrate significantly superior real-world performance of our CSOW approach vs. those previously discussed in the literature. Finally, we propose the use of Long Short-Term Memory (LSTM) DNN for the purpose of more effective watermark detection. The real-world experimentations demonstrate excellent potential of our proposed LSTM-Based CSOW watermark detection system to accurately de-anonymize Tor users while keeping the number of false positives (e.g., users mistakenly accused of wrongdoing) at an absolute 0.