Using traffic analysis to identify The Second Generation Onion Router

Document Type

Conference Proceeding


IEEE Computer Society


Juan E. Guerrero


Faculty of Computing, Health and Science


School of Computer and Security Science / Security Research Centre (secAU)




This article was originally published as: Barker, J. E., Hannay, P. , & Szewczyk, P. S. (2011). Using traffic analysis to identify The Second Generation Onion Router. Paper presented at the IEEE/IFIP International Conference on Embedded and Ubiquitous Computing. Melbourne, Victoria. Original article available here


Anonymous networks provide security for users by obfuscating messages with encryption and hiding communications amongst cover traffic provided by other network participants. The traditional goal of academic research into these networks has been attacks that aim to uncover the identity of network users. But the success of an anonymous network relies not only on it's technical capabilities, but on adoption by a large enough user base to provide adequate cover traffic. If anonymous network nodes can be identified, the users can be harassed, discouraging participation. Tor is an example of widely used anonymous network which uses a form of Onion Routing to provide low latency anonymous communications. This paper demonstrates that traffic from a simulated Tor network can be distinguished from regular encrypted traffic, suggesting that real world Tor users may be vulnerable to the same analysis.


Link to publisher version (DOI)