Implementing Traffic Correlation Attacks on Partially-Simulated Mobile Tor Traffic

Anonymity systems are still plagued by traffic correlation attacks, in which an attacker that is observing both ends of the communication can potentially deanonymize users by correlating low latency traffic streams going in and out of those systems. However, previous work has primarily studied traffic correlation attacks on non-mobile users, whereas the effect on mobile users is yet to be investigated. We take the first step at uncovering the new threat to mobile users by recreating traffic correlation attacks in a simulated cellular environment. We first used the network simulator NS-3 to perform traffic correlation attacks against mobile Tor clients by using previously captured, real-world Tor traffic to drive the simulation. We obtained a success rate of 85% when deanonymizing users. In addition, we programmed NS-3 to enable the simulated nodes to interact with real networks, which can further be used to connect the simulated Tor mobile client to the real Tor network for future evaluations.