Five Minutes of DDoS Brings down Tor: DDoS Attacks on the Tor Directory Protocol and Mitigations
- URL: http://arxiv.org/abs/2509.10755v1
- Date: Fri, 12 Sep 2025 23:50:43 GMT
- Title: Five Minutes of DDoS Brings down Tor: DDoS Attacks on the Tor Directory Protocol and Mitigations
- Authors: Zhongtang Luo, Jianting Zhang, Akshat Neerati, Aniket Kate,
- Abstract summary: We show that it is possible to cause a failure in the Tor directory protocol by targeting a majority of the authorities for only five minutes.<n>We show that it is cost-effective for as little as $53.28 per month to disrupt the protocol and to effectively bring down the entire Tor network.
- Score: 15.003611055701436
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: The Tor network offers network anonymity to its users by routing their traffic through a sequence of relays. A group of nine directory authorities maintains information about all available relay nodes using a distributed directory protocol. We observe that the current protocol makes a steep synchrony assumption, which makes it vulnerable to natural as well as adversarial non-synchronous communication scenarios over the Internet. In this paper, we show that it is possible to cause a failure in the Tor directory protocol by targeting a majority of the authorities for only five minutes using a well-executed distributed denial-of-service (DDoS) attack. We demonstrate this attack in a controlled environment and show that it is cost-effective for as little as \$53.28 per month to disrupt the protocol and to effectively bring down the entire Tor network. To mitigate this problem, we consider the popular partial synchrony assumption for the Tor directory protocol that ensures that the protocol security is hampered even when the network delays are large and unknown. We design a new Tor directory protocol that leverages any standard partial-synchronous consensus protocol to solve this problem, while also proving its security. We have implemented a prototype in Rust, demonstrating comparable performance to the current protocol while resisting similar attacks.
Related papers
- Password-Activated Shutdown Protocols for Misaligned Frontier Agents [6.9054075158485455]
We introduce password-activated shutdown protocols (PAS protocols)<n>PAS protocols are methods for designing frontier agents to implement a safe shutdown protocol when given a password.<n>We conduct experiments in a code-generation setting, finding that there are effective strategies for the red-team.
arXiv Detail & Related papers (2025-11-29T14:49:53Z) - Which LLM Multi-Agent Protocol to Choose? [30.16052895726503]
We introduce ProtocolBench, a benchmark that compares agent protocols along four measurable axes: task success, end-to-end latency, message or byte overhead, and under failures.<n>On ProtocolBench, protocol choice significantly influences system behavior.<n> Protocol completion is a learnable protocol router that selects per-scenario protocols from requirement and runtime signals.
arXiv Detail & Related papers (2025-10-20T04:53:19Z) - Adaptive Attacks on Trusted Monitors Subvert AI Control Protocols [80.68060125494645]
We study adaptive attacks by an untrusted model that knows the protocol and the monitor model.<n>We instantiate a simple adaptive attack vector by which the attacker embeds publicly known or zero-shot prompt injections in the model outputs.
arXiv Detail & Related papers (2025-10-10T15:12:44Z) - Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE [64.47951172662745]
Cuckoo Attack is a novel attack that achieves stealthy and persistent command execution by embedding malicious payloads into configuration files.<n>We formalize our attack paradigm into two stages, including initial infection and persistence.<n>We contribute seven actionable checkpoints for vendors to evaluate their product security.
arXiv Detail & Related papers (2025-09-19T04:10:52Z) - Voting-Based Semi-Parallel Proof-of-Work Protocol [45.776687601070705]
We first consider the existing parallel PoW protocols and develop hard-coded incentive attack structures.<n>We introduce a voting-based semi-parallel PoW protocol that outperforms both Nakamoto consensus and the existing parallel PoW protocols.
arXiv Detail & Related papers (2025-08-08T17:57:35Z) - Attacking and Improving the Tor Directory Protocol [14.733204402684215]
The Tor network enhances clients' privacy by routing traffic through an overlay network of volunteered intermediate relays.<n>The protocol is expected to be secure even when a minority of those authorities get compromised.<n>The current consensus protocol is flawed, allowing only a single compromised authority to create a valid consensus document with malicious relays.
arXiv Detail & Related papers (2025-03-24T05:04:41Z) - CryptoFormalEval: Integrating LLMs and Formal Verification for Automated Cryptographic Protocol Vulnerability Detection [41.94295877935867]
We introduce a benchmark to assess the ability of Large Language Models to autonomously identify vulnerabilities in new cryptographic protocols.
We created a dataset of novel, flawed, communication protocols and designed a method to automatically verify the vulnerabilities found by the AI agents.
arXiv Detail & Related papers (2024-11-20T14:16:55Z) - Sequencer Level Security [2.756899615600916]
We introduce the Sequencer Level Security (SLS) protocol, an enhancement to sequencing protocols of rollups.
We describe the mechanics of the protocol for both the transactions submitted to the rollup mempool, as well as transactions originating from Layer one.
We implement a prototype of the SLS protocol, Zircuit, which is built on top of Geth and the OP stack.
arXiv Detail & Related papers (2024-05-03T02:47:40Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Reconstructing Individual Data Points in Federated Learning Hardened
with Differential Privacy and Secure Aggregation [36.95590214441999]
Federated learning (FL) is a framework for users to jointly train a machine learning model.
We propose an attack against FL protected with distributed differential privacy (DDP) and secure aggregation (SA)
arXiv Detail & Related papers (2023-01-09T18:12:06Z) - Towards Flexible Anonymous Networks [0.5735035463793009]
We propose a new software architecture for volunteer-based distributed networks.
FAN shifts the dependence away from protocol tolerance without losing the ability for developers to ensure the continuous evolution of their software.
arXiv Detail & Related papers (2022-03-07T22:58:36Z) - Learning Emergent Random Access Protocol for LEO Satellite Networks [51.575090080749554]
We propose a novel grant-free random access solution for LEO SAT networks, dubbed emergent random access channel protocol (eRACH)
eRACH is a model-free approach that emerges through interaction with the non-stationary network environment.
Compared to RACH, we show from various simulations that our proposed eRACH yields 54.6% higher average network throughput.
arXiv Detail & Related papers (2021-12-03T07:44:45Z) - Round-robin differential phase-time-shifting protocol for quantum key
distribution: theory and experiment [58.03659958248968]
Quantum key distribution (QKD) allows the establishment of common cryptographic keys among distant parties.
Recently, a QKD protocol that circumvents the need for monitoring signal disturbance, has been proposed and demonstrated in initial experiments.
We derive the security proofs of the round-robin differential phase-time-shifting protocol in the collective attack scenario.
Our results show that the RRDPTS protocol can achieve higher secret key rate in comparison with the RRDPS, in the condition of high quantum bit error rate.
arXiv Detail & Related papers (2021-03-15T15:20:09Z) - Quantum direct communication protocols using discrete-time quantum walk [1.9551668880584971]
We propose two quan-tum direct communication protocols, a Quantum Secure Direct Communication (QSDC) protocoland a Controlled Quantum Dialogue (CQD) protocol using discrete-time quantum walk on a cycle.
The proposed protocols are unconditionally secure against various attacks such as the intercept-resend attack, the denial of service attack, and the man-in-the-middle attack.
arXiv Detail & Related papers (2020-04-07T11:16:09Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.