Stealthy Traffic Analysis of Low-Latency Anonymous Communication Using Throughput Fingerprinting

Anonymity systems such as Tor aim to enable users to communicate in a manner that is untraceable by adversaries that control a small number of machines. To provide efficient service to users, these anonymity systems make full use of forwarding capacity when sending traffic between intermediate relays. In this paper, we show that doing this leaks information about the set of Tor relays in a circuit (path). We present attacks that, with high confidence and based solely on throughput information, can (a) reduce the attacker’s uncertainty about the bottleneck relay of any Tor circuit whose throughput can be observed, (b) exactly identify the guard relay(s) of a Tor user when circuit throughput can be observed over multiple connections, and (c) identify whether two concurrent TCP connections belong to the same Tor user, breaking unlinkability. Our attacks are stealthy, and cannot be readily detected by a user or by Tor relays. We validate our attacks using experiments over the live Tor network. We find that the attacker can substantially reduce the entropy of a bottleneck relay distribution of a Tor circuit whose throughput can be observed-the entropy gets reduced by a factor of 2 in the median case. Such information leaks from a single Tor circuit can be combined over multiple connections to exactly identify a user’s guard relay(s). Finally, we are also able to link two connections from the same initiator with a crossover error rate of less than 1.5% in under 5 minutes. Our attacks are also more accurate and require fewer resources than previous attacks on Tor.

💡 Research Summary

The paper introduces a novel class of stealthy attacks on the Tor anonymity network that rely exclusively on observing the throughput of Tor circuits. Unlike prior attacks that require active traffic manipulation, malicious content insertion, or large‑scale congestion, these attacks are passive and can be carried out by an adversary who can monitor a user’s traffic (e.g., an ISP) or who runs a modest number of “one‑hop probe” circuits that connect directly to individual relays.

The authors first demonstrate that Tor relays exhibit significant heterogeneity in their forwarding capacities, which causes the overall circuit throughput to be limited by the bottleneck relay. By measuring the throughput of a target circuit and correlating it with the throughput of probe circuits that each traverse a single relay, they can compute the probability that a given relay is the bottleneck. In practice, this reduces the entropy of the bottleneck‑relay distribution by roughly a factor of two for a median circuit, and the reduction is even larger when the bottleneck is a low‑bandwidth relay.

Building on this observation, the second attack aggregates information across multiple circuit rebuilds. Because Tor clients select a small, fixed set of three guard relays, repeatedly identifying the same relay as a bottleneck across many circuits allows the adversary to pinpoint the user’s guard(s) with near‑perfect accuracy after about ten circuit constructions. This is a powerful stepping‑stone: many previously proposed de‑anonymization techniques assume knowledge of a user’s guard relays, and the throughput‑based method provides that knowledge with far fewer resources than earlier side‑channel attacks.

The third attack targets stream linkability. Tor multiplexes several TCP streams over a single circuit; when two streams share the same bottleneck relay, the relay’s scheduler alternates service between them, causing each stream’s throughput to drop to zero during the other’s service period. This creates a strong negative correlation between the two throughput time series. By monitoring the streams for only five minutes, the attacker can determine with less than 1.5 % error whether the streams were carried over the same circuit, dramatically outperforming earlier latency‑based linking attacks that suffered 17 % error rates and required malicious JavaScript injection.

Experimental validation was performed on the live Tor network. The authors released their source code and analysis scripts, confirming that (a) the bottleneck‑relay entropy reduction is consistent across diverse network conditions, (b) guard‑relay identification succeeds in 100 % of trials after a modest number of observations, and (c) stream linking achieves the claimed low error rate.

The threat model assumes the attacker can observe the throughput of a target circuit (e.g., by being on the path between the client and the guard, or by operating a compromised ISP) and can launch a modest number of probe circuits. No active interference with the target traffic is required, making the attacks difficult for users or Tor relays to detect.

In the discussion, the authors argue that the attacks exploit fundamental design choices in Tor: bandwidth‑weighted relay selection, the fixed guard set, and the multiplexing of streams on a single circuit. They propose several mitigations: (1) more uniform bandwidth allocation during relay selection, (2) dynamic load‑balancing to avoid persistent bottlenecks, and (3) adding random padding or noise to the observed throughput to obscure the fine‑grained patterns used by the attacks. Each mitigation, however, incurs performance penalties or added complexity, highlighting a trade‑off between anonymity and efficiency.

Overall, the paper expands the landscape of side‑channel attacks on low‑latency anonymity systems by showing that simple throughput observations—something an adversary can obtain without injecting any traffic—are sufficient to significantly compromise user anonymity. It underscores the need for Tor designers to consider not only timing and packet‑size leaks but also the statistical properties of throughput when evaluating the security of future anonymity networks.