Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum
Daniela Lopes
Network and Distributed System Security (NDSS) Symposium 2024 · Day 1 · Tor and Mixed Networks
In a significant presentation at the NDSS Symposium, Daniela Lopes unveiled SUMo, a novel and highly effective **flow correlation attack** specifically engineered to deanonymize Tor onion service sessions. Tor, widely lauded as a critical low-latency anonymity network, provides essential client-side and server-side anonymity, particularly through its **onion services** which allow service providers to operate discreetly without revealing their physical network locations. This research directly challenges the perceived anonymity guarantees of these services by demonstrating the practical feasibility of linking a client's Tor traffic to the underlying IP address of the onion service it accesses.