{"title":"Tor网络的TLS证书及其特点","authors":"V. Lapshichyov","doi":"10.4018/ijsssp.2019070102","DOIUrl":null,"url":null,"abstract":"This article presents the results of an experimental study of the properties of SSL/TLS certificates of an anonymous Tor network, based on which it is concluded that there are several features that differ from other SSL/TLS certificates. At present, in the scientific literature and in the documentation of U.S. National Security Agency, and the U.K. Government Communications Headquarters devoted to the identification of Tor network traffic, two signs of SSL/TLS certificates are indicated - the name of the certificate subject, as well as the port of the certificate transmission and network connection. The results of an experimental study allow the authors to state with a high degree of probability that Tor network certificates can be identified in the data stream between the client and server of the specified network by their size, which is between 400 and 600 bytes. The list of features of the Tor network certificates is intended to develop software or add-ons to existing ones, which is used to block access of Internet users to Darknet resources or to limit the use of the Tor anonymous network service. Based on data on the distinguishing features of Tor network certificates, an algorithm is proposed for blocking access to the Internet for users of the Tor Bundle.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TLS Certificates of the Tor Network and Their Distinctive Features\",\"authors\":\"V. Lapshichyov\",\"doi\":\"10.4018/ijsssp.2019070102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article presents the results of an experimental study of the properties of SSL/TLS certificates of an anonymous Tor network, based on which it is concluded that there are several features that differ from other SSL/TLS certificates. At present, in the scientific literature and in the documentation of U.S. National Security Agency, and the U.K. Government Communications Headquarters devoted to the identification of Tor network traffic, two signs of SSL/TLS certificates are indicated - the name of the certificate subject, as well as the port of the certificate transmission and network connection. The results of an experimental study allow the authors to state with a high degree of probability that Tor network certificates can be identified in the data stream between the client and server of the specified network by their size, which is between 400 and 600 bytes. The list of features of the Tor network certificates is intended to develop software or add-ons to existing ones, which is used to block access of Internet users to Darknet resources or to limit the use of the Tor anonymous network service. Based on data on the distinguishing features of Tor network certificates, an algorithm is proposed for blocking access to the Internet for users of the Tor Bundle.\",\"PeriodicalId\":135841,\"journal\":{\"name\":\"Int. J. Syst. Softw. Secur. Prot.\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Syst. Softw. Secur. Prot.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/ijsssp.2019070102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Syst. Softw. Secur. Prot.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijsssp.2019070102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
TLS Certificates of the Tor Network and Their Distinctive Features
This article presents the results of an experimental study of the properties of SSL/TLS certificates of an anonymous Tor network, based on which it is concluded that there are several features that differ from other SSL/TLS certificates. At present, in the scientific literature and in the documentation of U.S. National Security Agency, and the U.K. Government Communications Headquarters devoted to the identification of Tor network traffic, two signs of SSL/TLS certificates are indicated - the name of the certificate subject, as well as the port of the certificate transmission and network connection. The results of an experimental study allow the authors to state with a high degree of probability that Tor network certificates can be identified in the data stream between the client and server of the specified network by their size, which is between 400 and 600 bytes. The list of features of the Tor network certificates is intended to develop software or add-ons to existing ones, which is used to block access of Internet users to Darknet resources or to limit the use of the Tor anonymous network service. Based on data on the distinguishing features of Tor network certificates, an algorithm is proposed for blocking access to the Internet for users of the Tor Bundle.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
