A research paper resulting from the CMU Portugal Exploratory Research Project “DAnon – Supervised Deanonymization of Dark Web Traffic for Cybercrime Investigation” has been awarded the 2024 Best Portuguese Internet Research Award by the Portuguese Chapter of the Internet Society (ISOC).
The winning paper, “Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum,” was authored by Daniela Lopes, a CMU Portugal Affiliated Ph.D. student at INESC-ID and Instituto Superior Técnico working under the DAnon project. Her advisors and DAnon principal investigators, Nuno Santos (Técnico | INESC-ID) in Portugal and Nicolas Christin (CyLab, Carnegie Mellon University), co-authored the paper.
Upon receiving this prestigious recognition, Daniela highlighted: “Winning the ‘Best Portuguese Internet Research Award from the Internet Society 2024′ is an honor that profoundly validates our work in Tor network security. This recognition not only highlights the importance of our research but also reinforces our commitment to protecting users’ online privacy and freedom. The invaluable role of the CMU Portugal program in fostering multidisciplinary collaboration across universities, has been instrumental to our success. This award motivates us to continue our investigation with even greater dedication, knowing that our research has a real impact on protecting citizens’ digital rights worldwide.”
In the awarded publication, the team announced the discovery of a vulnerability in the Tor network that could potentially be exploited by third parties to subvert the purpose for which the network has been designed. This vulnerability was disclosed in advance to the Tor network development team, contributing to strengthening its security and resilience.
The research work, developed in close collaboration between Técnico I INESC ID and Carnegie Mellon under the CMU Portugal Program, shows, according to Daniela Santos “the importance of international, multi-disciplinary collaborations. The CMU Portugal program brought together researchers from Portuguese universities and Carnegie Mellon, harnessing our collective expertise to uncover a vulnerability in Tor that could undermine its goal of providing private and anonymous Internet access. Our work contributed to increasing Tor’s robustness, directly aligning with core objectives of the Internet Society to promote online privacy and combating digital censorship.”
The Tor network aims to provide users with a secure way to access the Internet privately and anonymously by routing encrypted traffic through multiple servers. This process is designed to prevent tracing the traffic’s origin, allowing users to avoid surveillance and censorship imposed by certain governments or authorities.
The paper was published in the proceedings of the 2024 edition of the renowned “Network and Distributed System Security (NDSS) and is publicly accessible here.
The Award event included a panel discussion with Maria Manuel Leitão Marques, Member of the European Parliament (2019-2024) and former minister of the Presidency; Robin Wilton, Director of “Internet Trust – Internet Society”, and Miguel Pupo Correia, Full Professor at Instituto Superior Técnico and researcher at INESC ID.
More about the award-winning research
Tor is a widely recognized low-latency anonymity network that enables users to bypass challenges like surveillance and censorship. A critical aspect of Tor’s effectiveness is its ability to resist flow correlation attacks, which is vital for ensuring anonymity. However, the feasibility of such attacks against Tor onion services has remained an unresolved challenge.
In their award-winning paper, the researchers introduce an effective flow correlation attack capable of deanonymizing onion service sessions within the Tor network. Their approach leverages a novel distributed technique called Sliding Subset Sum (SUMo), which can be deployed in a federated manner by a coalition of Internet Service Providers (ISPs) worldwide. By collecting Tor traffic at multiple vantage points, these ISPs employ a pipelined architecture that integrates machine learning classifiers with a unique similarity function inspired by the classic subset sum decision problem. This enables SUMo to deanonymize onion service sessions both effectively and efficiently.
Furthermore, the researchers explore potential countermeasures that the Tor community can adopt to mitigate the impact of these attacks, contributing valuable insights toward enhancing the network’s resilience against such threats.
More about the DAnon I CMU Portugal research team:
Daniela Lopes is a CMU Portugal doctoral student at INESC-ID and Instituto Superior Técnico. She received her BSc and MSc degrees in Computer Science and Engineering from Técnico, specializing in Cyber Security and Distributed Systems. Her main motivation is protecting users from censorship, privacy violations, and crime on the web.
Nicolas Christin, Department Head of the Software and Societal Systems (S3D) at CMU, is a long-time collaborator of CMU Portugal. Christin has advised 2 CMU Portugal Dual Degree Ph.D. Students, 1 Affiliated Ph.D. student (Daniela Lopes), and has served as project PI for CMU Portugal Exploratory Research Projects (ERPs) DAnon – Supervised Deanonymization of Dark Web Traffic for Cybercrime Investigation, PassCert – Exploring the Impact of Formal Verification on the Adoption of Password Security Software, and DoubleChain – Supporting ubiquitous and fully decentralized supply chain operations through blockchain technology. Christin was also a collaborator of the Large Scale Collaborative Research Project BuildingHope.
Nuno Santos is an Associate Professor from the Department of Computer Science and Engineering (DEI) at Instituto Superior Técnico (IST), University of Lisbon, and a senior researcher at INESC-ID Lisbon in the field of computer and networked systems security, where he leads the SysSec team, focusing on systems security and privacy He is the Portuguese PI of CMU Portugal Exploratory Research project DAnon.