Toward a Comprehensive Insight Into the Eclipse Attacks of Tor Hidden Services

Tor hidden services (HSs) are used to provide anonymity services to users on the Internet without disclosing the location of the servers so as to enable freedom of speech. However, existing Tor HSs use decentralized architecture that makes it easier for an adversary to launch DHT-based attacks. In this paper, we present practical Eclipse attacks on Tor HSs that allow an adversary with an extremely low cost to block arbitrary Tor HSs. We found that the dominant cost of this attack is IP address resources, the experimental results show that we can use only three IP addresses to eclipse an arbitrary HS with 100% success probability. To understand the severity of the Eclipse attack problems on Tor HSs, and its security implications, we present the first formal analysis to evaluate the extent of threat such vulnerabilities may cause and quantify the costs of Eclipse attacks involved in our attack via probabilistic analysis. Theoretical analysis suggests that adversaries with a modest number of IP address resources can block a large number of HSs at any time. Finally, we discuss countermeasures and future works.