Onions Got Puzzled: On the Challenges of Mitigating Denial-of-Service Problems in Tor Onion Services
Jinseo Lee
34th USENIX Security Symposium (USENIX Security '25) · Day 2 · Network Security 2: Routing and DoS
This talk, presented by Jinseo Lee from KAIST, delves into the persistent and evolving challenge of **Denial-of-Service (DoS)** attacks against **Tor Onion Services**. While Tor is renowned for providing anonymity to both clients and servers, this very design makes traditional DoS mitigation techniques largely ineffective. The presentation highlights a critical vulnerability in Tor's recently adopted Proof of Work (PoW) puzzle defense, introducing a novel attack called **Onion Inflation**. This attack, which was developed in collaboration with Coven Kim and advisor Muk, demonstrates how a low-volume attacker can trick an onion service into drastically escalating the computational burden on legitimate users, effectively degrading service and causing widespread timeouts.
AI review
Solid academic security research that identifies a genuine, previously undisclosed vulnerability in Tor's deployed PoW puzzle defense. The Onion Inflation attack is a real contribution — not a repackaged finding — and the theoretical proof of the congestion/inflation trade-off gives the work lasting value beyond the immediate fix.