CN115242674B - Hidden service tracking system based on Torr protocol time sequence characteristic - Google Patents

Hidden service tracking system based on Torr protocol time sequence characteristic Download PDF

Info

Publication number
CN115242674B
CN115242674B CN202210876836.2A CN202210876836A CN115242674B CN 115242674 B CN115242674 B CN 115242674B CN 202210876836 A CN202210876836 A CN 202210876836A CN 115242674 B CN115242674 B CN 115242674B
Authority
CN
China
Prior art keywords
signal
module
record
signals
circuit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210876836.2A
Other languages
Chinese (zh)
Other versions
CN115242674A (en
Inventor
邹福泰
秦怡
郑天铭
吴越
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
Original Assignee
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University filed Critical Shanghai Jiaotong University
Priority to CN202210876836.2A priority Critical patent/CN115242674B/en
Publication of CN115242674A publication Critical patent/CN115242674A/en
Application granted granted Critical
Publication of CN115242674B publication Critical patent/CN115242674B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Technology Law (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a hidden service tracking system based on a Torr protocol time sequence characteristic, and relates to the field of tracking and tracing in a Torr anonymous network. The system comprises a signal sending module, a signal detection module, a task issuing module, a record receiving module and a record matching module. By virtue of the timing characteristics of the Tor protocol, signals are sent in the circuit leading to the hidden service, which signals carry sufficient information to enable a tracker to more accurately track the Tor client running the hidden service. The invention can accurately, stably and efficiently track a plurality of hidden services.

Description

Hidden service tracking system based on Torr protocol time sequence characteristic
Technical Field
The invention relates to the field of tracking and tracing in a Torr anonymous network, in particular to a hidden service tracking system based on Torr protocol time sequence characteristics.
Background
Privacy and security are becoming increasingly a focus of attention as the internet goes all the way into people's lives. Traditional cryptography techniques can guarantee the integrity and confidentiality of user data transmitted over a network, but cannot hide the identity information of the user. In order to protect the privacy of users, anonymous communication techniques have emerged that use relay nodes to forward data between users and servers to mask the identities of the users, achieving the effect of anonymous communication.
Tor (The one Router, onion routing) anonymous networks are one of The most popular anonymous communication technologies that provide a hidden service mechanism that enables a service provider to provide services to The outside without exposing its own real IP address. The essence of the hidden service is that a plurality of relay nodes are randomly selected to establish a circuit between the Tor client and the Tor server, and data interacted between the Tor client and the Tor server are forwarded by the relay nodes. In the communication process, the interaction data are encrypted, each relay node on the circuit does not know the transmission content, and the Tor client and the Tor server do not know the identity of the other party. The hidden service has good anonymity and is often utilized by illegal personnel to conduct illegal criminal activities, which brings great obstruction to network law enforcement departments.
For hidden service tracking, academia proposes a plurality of tracking methods, and the core idea of the methods is to establish a circuit leading to the Tor server and send a special signal on the circuit to prompt relay nodes on the circuit that their neighbor nodes may have operated the hidden service. If the relay node controlled by the tracker happens to be selected as a node on a circuit and is directly connected with the server, the relay node receiving the signal can confirm that the neighbor node is the Tor server running the hidden service, so that the hidden service tracking task is completed.
The existing hidden service tracking method has some defects, including less information carrying quantity of signals, easy interference of external factors on the signals, too complex signal sending method and the like. This makes the probability that the tracker erroneously recognizes the node as a Tor server higher, and cannot track multiple Tor servers at the same time, eventually resulting in low tracking efficiency. The existing method has no tracking method which has high accuracy and strong robustness and can simultaneously track a plurality of Torr servers.
Accordingly, those skilled in the art have been working to develop a hidden service tracking system based on the timing characteristics of the Tor protocol, which can accurately, stably and efficiently track a plurality of hidden services.
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, the technical problem to be solved by the present invention is how to implement a hidden service tracking system with high accuracy, strong stability and support for multi-target tracking.
In order to achieve the above purpose, the invention provides a hidden service tracking system based on the timing characteristics of the Tor protocol, which comprises a signal sending module, a signal detecting module, a task issuing module, a record receiving module and a record matching module;
the signal sending module receives the signal sending task issued by the task issuing module, establishes a circuit leading to the hidden service end, sends a series of special data packets in the circuit to represent a signal, and reports the signal sending record to the record receiving module;
the signal detection module is arranged to a relay node of the Torr anonymous network in advance, continuously detects special signals in a circuit passing through the signal detection module, records the related information of neighbor nodes if the signals exist in the circuit, and reports signal detection records to the record receiving module;
the task issuing module receives a hidden service list to be tracked, and continuously issues tasks to the signal sending module, so that the signal sending module is required to circularly send special signals to the hidden service to be tracked;
the record receiving module is used for continuously receiving the records reported by the signal sending module and the signal detecting module and storing the two records into corresponding databases;
the record matching module extracts the signal sending record and the signal detection record from the database, matches the signals stored in the two records, and outputs the successfully matched record to the user.
Further, the method comprises the following steps:
step 1, a tracker inputs a list containing hidden services to be tracked to a task release module;
step 2, the task issuing module generates a signal sending task for each hidden service to be tracked and issues the task to the signal sending module;
step 3, for each signal sending task, the signal sending module establishes a circuit leading to the corresponding hidden service, sends signals on the circuit, packages the sent signals and the corresponding hidden service in a signal sending record, and uploads the signal sending record to the record receiving module;
step 4, the record receiving module receives the signal sending record and stores the record into a sending record database;
step 5, the signal detection module continuously detects signals in the circuit, if the signals exist in the circuit, the signals and neighbor nodes in the circuit are packaged into a signal detection record, and the signal detection record is reported to the record receiving module;
step 6, the record receiving module receives the signal detection record and stores the record into a detection record database;
and 7, the record matching module sequentially processes each detection record in the detection record database, searches the transmission record with the same signal from the transmission record database for the detection record, and presents the matched transmission record and detection record to the user to complete the hidden service tracking task.
Further, the step 3 includes the following steps:
step 3.1, the signal sending module controls the Torr client to establish an idle circuit leading to the Torr client running with the hidden service;
step 3.2, the signal transmitting module randomly generates signals, wherein the signals have 32 signal units, and the signals comprise a signal unit 0 and a signal unit 1;
step 3.3, the signal transmitting module sequentially transmits each signal unit in the signal until all the signal units are transmitted; to send signal element 0, it controls the Tor client to send a RELAY_BEGIN_NOPORT packet and wait to receive a RELAY_END packet; for transmitting the signal unit 1, it controls the Tor client to continuously transmit two RELAY_BEGIN_NOPORT packets and wait to receive two RELAY_END packets;
and 3.4, the signal transmitting module stores the successfully transmitted signal and the corresponding hidden service in the signal transmitting record, and uploads the signal transmitting record to the record receiving module.
Further, the task issuing module requires the signaling module to signal hidden services in the tracking list cyclically.
Further, the task issuing module assigns a number to each signal sending module, the first 8 signal units of the signal are consistent with the binary value of the number, and the last 24 signal units of the signal are random combinations of 0 and 1.
Further, after the signal transmission module finishes signal transmission, the circuit is disconnected and a signal transmission record is generated.
Further, the signaling record includes a hidden service identifier, a transmitted signal, a transmission start time, and a transmission end time.
Further, the signal detection module judges whether the relay node is running or not after starting, and if the relay node is exited, cleaning work is done and the process is finished.
Further, the relay node sends the data packet quadruple to the signal detection module every time it receives data packets from other nodes.
Further, the data packet quadruple comprises a circuit identifier to which the data packet belongs, a data packet type, an arrival time and a transmission direction.
In a preferred embodiment of the present invention, a hidden service tracking system based on the timing characteristics of the Tor protocol is provided, which is capable of accurately, stably and efficiently tracking a plurality of hidden services.
The invention provides a hidden service tracking system based on a Torr protocol time sequence characteristic, which comprises the following steps:
the signal sending module receives the signal sending task issued by the task issuing module, establishes a circuit leading to the hidden service end, sends a series of special data packets in the circuit to represent a signal, and reports the signal to the record receiving module.
And the signal detection module is arranged to the relay node of the Torr anonymous network in advance, continuously detects special signals in a circuit passing through the signal detection module, records the related information of the neighbor nodes if the signals exist in the circuit, and reports the signal detection record to the record receiving module.
The task issuing module receives a hidden service list containing a plurality of to-be-tracked, continuously issues tasks to the signal sending module, and requires the signal sending module to circularly send special signals to the to-be-tracked hidden service.
The record receiving module is used for continuously receiving the records reported by the signal sending module and the signal detecting module and storing the two records into corresponding databases.
And the record matching module extracts the signal sending record and the signal detection record from the database, matches signals stored in the two records, and outputs the successfully matched record to the user.
In a tracking system, the invention designs a set of signal sending, detecting and matching algorithm. The implementation process of the algorithm comprises the following steps:
step 101, a tracker inputs a list containing a plurality of hidden services to be tracked to a task release module;
step 102, a task issuing module generates a signal sending task for each hidden service to be tracked, and issues the task to the signal sending module;
step 103, for each signal sending task, the signal sending module establishes a circuit leading to the corresponding hidden service, sends a signal on the circuit, encapsulates the sent signal and the corresponding hidden service in a signal sending record, and uploads the signal sending record to the record receiving module;
104, the record receiving module receives the signal sending record and stores the record into a sending record database;
step 105, the signal detection module continuously detects signals in the circuit, if the signals exist in the circuit, the signals and neighbor nodes in the circuit are packaged into a signal detection record, and the signal detection record is reported to the record receiving module;
step 106, the record receiving module receives the signal detection record and stores the record into a detection record database;
step 107, the record matching module processes each detection record in the detection record database in turn, and for one detection record, it searches the transmission record having the same signal from the transmission record database, and presents the matched transmission record and detection record to the user, so as to complete the task of hidden service tracking.
In the above steps, the signal transmission module implements a signal transmission algorithm by means of the timing characteristics of the Tor protocol, and the implementation of this algorithm includes the following steps:
step 103-1, the signal sending module controls the Torr client to establish an idle circuit leading to the Torr client running with the hidden service;
step 103-2, the signal transmitting module randomly generates a signal, wherein the signal has 32 signal units, and the signal comprises a signal unit 0 and a signal unit 1;
step 103-3, the signal transmitting module sequentially transmits each signal unit in the signals until all the signal units are transmitted; to send signal element 0, it controls the Tor client to send a RELAY_BEGIN_NOPORT packet and wait to receive a RELAY_END packet; for transmitting the signal unit 1, it controls the Tor client to continuously transmit two RELAY_BEGIN_NOPORT packets and wait to receive two RELAY_END packets;
step 103-4, the signal sending module stores the successfully sent signal and the corresponding hidden service in the signal sending record, and uploads the signal sending record to the signal receiving module.
Compared with the prior art, the invention has the following obvious substantial characteristics and obvious advantages:
1. according to the hidden service tracking system based on the timing characteristics of the Torr protocol, signals are sent in the circuit leading to the hidden service by means of the timing characteristics of the Torr protocol, and the signals can carry sufficient information, so that a tracker can more accurately track the Torr client side running the hidden service.
2. The hidden service tracking system has strong robustness and can effectively resist the influence caused by network transmission delay jitter and network congestion.
3. The hidden service tracking system has definite structural division, is easy to realize, and can be rapidly deployed into the Torr anonymous network to generate an effect;
4. the hidden service tracking system supports the simultaneous tracking of a plurality of hidden services, different tracking tasks cannot interfere with each other before, and the tracking tasks cannot be influenced by other Torr users.
5. The hidden service tracking system based on the Torr protocol time sequence characteristic can accurately, stably and efficiently track a plurality of hidden services.
The conception, specific structure, and technical effects of the present invention will be further described with reference to the accompanying drawings to fully understand the objects, features, and effects of the present invention.
Drawings
FIG. 1 is a schematic diagram of the overall structure of a hidden service tracking system according to a preferred embodiment of the present invention;
FIG. 2 is a schematic diagram of the task issuing module operation flow according to a preferred embodiment of the present invention;
FIG. 3 is a schematic diagram of the operation of the signaling module according to a preferred embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating the operation of the signal detection module according to a preferred embodiment of the present invention;
FIG. 5 is a schematic diagram showing the operation of the record receiving module according to a preferred embodiment of the present invention;
FIG. 6 is a flow chart illustrating the operation of the record matching module according to a preferred embodiment of the present invention.
Detailed Description
The following description of the preferred embodiments of the present invention refers to the accompanying drawings, which make the technical contents thereof more clear and easy to understand. The present invention may be embodied in many different forms of embodiments and the scope of the present invention is not limited to only the embodiments described herein.
In the drawings, like structural elements are referred to by like reference numerals and components having similar structure or function are referred to by like reference numerals. The dimensions and thickness of each component shown in the drawings are arbitrarily shown, and the present invention is not limited to the dimensions and thickness of each component. The thickness of the components is exaggerated in some places in the drawings for clarity of illustration.
The invention provides a hidden service tracking system based on the time sequence characteristic of a Torr protocol, which consists of a task issuing module, a signal sending module, a signal detecting module, a record receiving module and a record matching module. The signal detection module needs to operate with a relay node, and the signal detection module and the relay node are deployed in advance into the Tor anonymous network by a tracker so that the signal detection module and the relay node can be selected as nodes on a circuit by a Tor server for operating hidden services, and therefore the signal detection module can detect signals.
The general structure of the hidden service system is as shown in fig. 1:
the tracker prepares a list containing a plurality of hidden services to be tracked and inputs the tracking list to the task publishing module. The task issuing module processes hidden services in the tracking list in a round robin fashion, which generates a signaling task for each hidden service, and then assigns the task to an available signaling module.
After receiving the task including the hidden service, the signal transmitting module establishes a circuit leading to the hidden service, generates a signal and transmits the signal to the hidden service through the previously established circuit. After the signal is sent, the signal sending module turns off the circuit and then reports the sent signal and other related information to the record receiving module.
The signal detection modules are bound with the relay nodes, and the signal detection modules and the relay nodes are deployed in the Torr anonymous network in advance by the tracker, so that the tracker can deploy the signal detection modules and the relay nodes as much as possible, and the tracking success probability is improved. The main task of the signal detection module is to detect signals in the circuit passing through the signal detection module, and if signals are detected, the signal detection module can report the detected signals and related information to the record receiving module.
And finally, the record matching module performs signal matching according to the data reported by the signal sending module and the signal detecting module. If it finds that the reported transmitted signal and the detected signal are consistent, it is possible to locate the true IP address of the dark web site, and thus present the tracking result to the tracker.
FIG. 2 illustrates the workflow of the task publishing module: after the start, the task publishing module enters a loop, the head of the loop can judge whether the user chooses to exit, if so, the module is ended, otherwise, the main body of the loop is entered. In the loop body, the task issuing module takes out one hidden service from the hidden service tracking list input by the tracker (the pointer of the list automatically points to the next hidden service after the hidden service is taken out), and searches for an idle available signaling module. The task issuing module then generates a signaling task that requires the signaling module to send a signal to the hidden service. After the task is released, the task release module judges whether the tail of the tracking list is reached, if so, the task release module returns to the first list item and returns to the head of the circulation to continue to release the next round of signal transmission task. In the above process, the task issuing module requests the signaling module to cyclically signal the hidden services in the tracking list. This is because, when a signal is transmitted to the hidden service at a time, the signal detection module is not necessarily selected as a relay node on the circuit by the Tor server, and thus the signal cannot be detected. And sending signals to the hidden service for a plurality of times, wherein the signal detection module may be selected as a node on the circuit when a certain signal sending task is executed, so that the signals can be detected and positioned to the Torr server to complete the tracking task.
The workflow of the signaling module is shown in fig. 3: after the start-up, the device waits for receiving the instruction and sends a task instruction to make corresponding actions according to the received exit instruction and the signal. When the signaling module receives the signaling task instruction, it first generates a signal whose length is fixed to 32 (other values can be set), i.e., a signal is composed of 32 signal units (signal unit 0 or signal unit 1). Each signal sending module is assigned a unique number by the task issuing module, the first 8 signal units of the signal are consistent with the binary value of the number, and the last 24 signal units of the signal are random combinations of 0 and 1. Therefore, signals generated by different signal transmission modules do not collide, and signals generated by the same signal transmission module multiple times are different.
Next, the signal transmission module establishes a circuit leading to the hidden service, sequentially extracts a signal unit from the generated signal, transmits a corresponding number of RELAY_BEGIN_NOPORT packets and waits to receive the same number of RELAY_END packets, and repeats the above operation until all signal units are transmitted. Wherein, the signal unit 0 corresponds to 1 RELAY_BEGIN_NOPORT data packet and 1 RELAY_END data packet; the signal unit 1 corresponds to 2 RELAY_BEGIN_NOPORT packets and 2 RELAY_END packets. Responding to the RELAY_BEGIN_NOPORT packet with the RELAY_END packet is a timing characteristic of the Torr protocol.
After the signal transmission is finished, the signal transmission module breaks the circuit and generates a signal transmission record: < hide service identifier, signal sent, send start time, send end time >, and upload the send record to record receiving module. And finally, the signal sending module enters a receiving instruction state and waits for the next instruction.
Fig. 4 depicts the operational flow of the signal detection module: judging whether the relay node is still running or not after the relay node is started, and if the relay node is exited, performing cleaning work and ending; otherwise, it waits to receive a packet from the relay node. The relay node is adapted to send the quadruple (representing a data packet) of < the circuit identifier to which the data packet belongs, the type of the data packet, the arrival time, and the transmission direction > to the signal detection module each time it receives the data packet from the other node. The signal detection module maintains a circuit record for each circuit that contains the quadruplets of all transmitted packets on the circuit. After receiving the data packet sent by the relay node, the signal detection module adds the data packet to the corresponding circuit record.
The signal detection module processes each circuit record in a circulating way, and judges whether the circuit is in a closed state or not according to whether a DESTROY data packet exists in the circuit record. If the circuit has been turned off, it attempts to detect a signal from the circuit. Once the signal is detected, the signal detection module reports a detection record to the record receiving module: < last node IP address, detected signal, signal start time, signal end time > and delete the corresponding circuit record. The last node refers to a node that initiates a circuit setup request to the relay node. After the signal detection module processes all the circuit records, the state of waiting for receiving the data packet is returned, and the processing of the next batch is continued.
The workflow of the record receiving module is relatively simple, as shown in fig. 5: when receiving the signal sending record reported by the signal sending module, the system stores the record into a sending record database; when the signal detection record reported by the signal detection module is received, the record is stored in a detection record database.
Fig. 6 illustrates the workflow of a record matching module, which is responsible for matching a send record with a detect record. The record matching module has a parameter delta representing the upper time limit that it takes to transfer a packet from one side of the circuit to the other, the value of this parameter being set to 3 seconds. After start-up, the record matching module enters a loop to monitor and detect whether a new record appears in the record database. Every time a new detection record arrives, the record matching module extracts a signal with a starting time of t s The signal end time is t e The detected signal is sig. Subsequently, it searches the transmission record database for a signal transmission start time satisfying the condition that the signal transmission start time is located at (t s -δ,t s ) The signal transmission end time is at (t e -δ,t e ) And the transmitted signal is equal to the transmission record of the three conditions sig. If there is a transmission record satisfying the above condition and the last node IP address stored in the detection record does not belong to any known relay node, then it can be determined that the real IP address of the hidden service in the transmission record is the IP address in the detection record, and the record matching module finally outputs the result to the tracker.
The foregoing describes in detail preferred embodiments of the present invention. It should be understood that numerous modifications and variations can be made in accordance with the concepts of the invention without requiring creative effort by one of ordinary skill in the art. Therefore, all technical solutions which can be obtained by logic analysis, reasoning or limited experiments based on the prior art by the person skilled in the art according to the inventive concept shall be within the scope of protection defined by the claims.

Claims (8)

1. The hidden service tracking system based on the Torr protocol time sequence characteristics is characterized by comprising a signal sending module, a signal detection module, a task release module, a record receiving module and a record matching module;
the signal sending module receives the signal sending task issued by the task issuing module, establishes a circuit leading to the hidden service end, sends a series of special data packets in the circuit to represent a signal, and reports the signal sending record to the record receiving module;
the signal detection module is arranged to a relay node of the Torr anonymous network in advance, continuously detects special signals in a circuit passing through the signal detection module, records the related information of neighbor nodes if the signals exist in the circuit, and reports signal detection records to the record receiving module;
the task issuing module receives a hidden service list to be tracked, and continuously issues tasks to the signal sending module, so that the signal sending module is required to circularly send special signals to the hidden service to be tracked;
the record receiving module is used for continuously receiving the records reported by the signal sending module and the signal detecting module and storing the two records into corresponding databases;
the record matching module extracts a signal sending record and a signal detection record from the database, matches signals stored in the two records, and outputs the successfully matched record to a user;
the method comprises the following steps:
step 1, a tracker inputs a list containing hidden services to be tracked to a task release module;
step 2, the task issuing module generates a signal sending task for each hidden service to be tracked and issues the task to the signal sending module;
step 3, for each signal sending task, the signal sending module establishes a circuit leading to the corresponding hidden service, sends signals on the circuit, packages the sent signals and the corresponding hidden service in a signal sending record, and uploads the signal sending record to the record receiving module;
step 4, the record receiving module receives the signal sending record and stores the record into a sending record database;
step 5, the signal detection module continuously detects signals in the circuit, if the signals exist in the circuit, the signals and neighbor nodes in the circuit are packaged into a signal detection record, and the signal detection record is reported to the record receiving module;
step 6, the record receiving module receives the signal detection record and stores the record into a detection record database;
step 7, the record matching module sequentially processes each detection record in the detection record database, and for the detection records, the record matching module searches the transmission records with the same signals from the transmission record database, and presents the matched transmission records and detection records to a user to complete a hidden service tracking task;
the step 3 comprises the following steps:
step 3.1, the signal sending module controls the Torr client to establish an idle circuit leading to the Torr client running with the hidden service;
step 3.2, the signal transmitting module randomly generates signals, wherein the signals have 32 signal units, and the signals comprise a signal unit 0 and a signal unit 1;
step 3.3, the signal transmitting module sequentially transmits each signal unit in the signal until all the signal units are transmitted; to send signal element 0, it controls the Tor client to send a RELAY_BEGIN_NOPORT packet and wait to receive a RELAY_END packet; for transmitting the signal unit 1, it controls the Tor client to continuously transmit two RELAY_BEGIN_NOPORT packets and wait to receive two RELAY_END packets;
and 3.4, the signal transmitting module stores the successfully transmitted signal and the corresponding hidden service in the signal transmitting record, and uploads the signal transmitting record to the record receiving module.
2. The system of claim 1, wherein the task issuing module requests the signaling module to periodically signal the hidden services in the tracking list.
3. The system of claim 1, wherein each signal transmission module is assigned a number by the task issuing module, the first 8 signal units of the signal are identical to the binary value of the number, and the last 24 signal units of the signal are random combinations of 0 and 1.
4. The system of claim 1, wherein the signaling module is configured to disconnect the circuit and generate a signaling record after signaling.
5. The system of claim 4, wherein the signaling record comprises a hidden service identifier, a transmitted signal, a transmission start time, and a transmission end time.
6. The system of claim 1, wherein the signal detection module determines whether the relay node is operating after the start-up, and if the relay node has exited, then the cleaning operation is performed and ends.
7. The system of claim 1, wherein the relay node sends the four-tuple of packets to the signal detection module each time a packet is received from another node.
8. The system of claim 7, wherein the packet quadruple comprises a circuit identifier to which the packet belongs, a packet type, a time of arrival, and a direction of transmission.
CN202210876836.2A 2022-07-25 2022-07-25 Hidden service tracking system based on Torr protocol time sequence characteristic Active CN115242674B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210876836.2A CN115242674B (en) 2022-07-25 2022-07-25 Hidden service tracking system based on Torr protocol time sequence characteristic

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210876836.2A CN115242674B (en) 2022-07-25 2022-07-25 Hidden service tracking system based on Torr protocol time sequence characteristic

Publications (2)

Publication Number Publication Date
CN115242674A CN115242674A (en) 2022-10-25
CN115242674B true CN115242674B (en) 2023-08-04

Family

ID=83674721

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210876836.2A Active CN115242674B (en) 2022-07-25 2022-07-25 Hidden service tracking system based on Torr protocol time sequence characteristic

Country Status (1)

Country Link
CN (1) CN115242674B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005043938A (en) * 2003-07-22 2005-02-17 Fuji Xerox Co Ltd Access controller and its method
CN102624706A (en) * 2012-02-22 2012-08-01 上海交通大学 Method for detecting DNS (domain name system) covert channels
CN102664881A (en) * 2012-04-13 2012-09-12 东南大学 Method for positioning hidden service under hypertext transfer protocol 1.1
CN102664904A (en) * 2012-05-16 2012-09-12 东南大学 Hidden file transfer service positioning method in passive mode
CN107276978A (en) * 2017-04-25 2017-10-20 中国科学院信息工程研究所 A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method
CN108494769A (en) * 2018-03-21 2018-09-04 广州大学 The source tracing method of service is hidden in a kind of Tor Anonymizing networks
CN110493369A (en) * 2019-08-27 2019-11-22 王晓阳 Method, system and the detection device that a kind of pair of concealment electronic equipment is detected
CN111131145A (en) * 2019-11-08 2020-05-08 西安电子科技大学 Management query system and method for hiding communication key nodes
CN113938299A (en) * 2021-10-12 2022-01-14 北京哈工创新计算机网络与信息安全技术研究中心 Transaction tracing method for hidden service node of bit currency

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9680798B2 (en) * 2014-04-11 2017-06-13 Nant Holdings Ip, Llc Fabric-based anonymity management, systems and methods

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005043938A (en) * 2003-07-22 2005-02-17 Fuji Xerox Co Ltd Access controller and its method
CN102624706A (en) * 2012-02-22 2012-08-01 上海交通大学 Method for detecting DNS (domain name system) covert channels
CN102664881A (en) * 2012-04-13 2012-09-12 东南大学 Method for positioning hidden service under hypertext transfer protocol 1.1
CN102664904A (en) * 2012-05-16 2012-09-12 东南大学 Hidden file transfer service positioning method in passive mode
CN107276978A (en) * 2017-04-25 2017-10-20 中国科学院信息工程研究所 A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method
CN108494769A (en) * 2018-03-21 2018-09-04 广州大学 The source tracing method of service is hidden in a kind of Tor Anonymizing networks
CN110493369A (en) * 2019-08-27 2019-11-22 王晓阳 Method, system and the detection device that a kind of pair of concealment electronic equipment is detected
CN111131145A (en) * 2019-11-08 2020-05-08 西安电子科技大学 Management query system and method for hiding communication key nodes
CN113938299A (en) * 2021-10-12 2022-01-14 北京哈工创新计算机网络与信息安全技术研究中心 Transaction tracing method for hidden service node of bit currency

Also Published As

Publication number Publication date
CN115242674A (en) 2022-10-25

Similar Documents

Publication Publication Date Title
CN108494769B (en) Tracing method for hidden service in Tor anonymous network
KR102519197B1 (en) Computer implemented systems and methods for propagation and communication of data in networks such as blockchain networks
US7428586B2 (en) System and method for discovering undiscovered nodes using a registry bit in a point-to-multipoint network
CN102130915A (en) Clock-based replay protection
CN110224935B (en) Method and device for processing multicast data message
JPH07307751A (en) Full duplex communication between terminal stations in tokenring local area network
CN110474818B (en) Block chain network sniffer, network sniffing method and optimization method
CN102006242A (en) Routing method of router and router
EP3128713B1 (en) Page push method and system
Saurabh et al. ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters
CN106470213A (en) A kind of source tracing method of attack message and device
EP0407279A1 (en) Communication network between user equipment
CN108768882A (en) A kind of processing method and system of protocol massages
CN104852826A (en) Loop detecting method and device
Chou et al. Behavior anomaly detection in SDN control plane: a case study of topology discovery attacks
CN112995040A (en) Message path tracing method and device based on equipment identification calculation
CN115242674B (en) Hidden service tracking system based on Torr protocol time sequence characteristic
CN112202795B (en) Data processing method, gateway equipment and medium
CN112822208A (en) Internet of things equipment identification method and system based on block chain
Saharan et al. Prevention of DrDoS amplification attacks by penalizing the attackers in SDN environment
WO2021164236A1 (en) Message processing method and device
JP2003258910A (en) System and method for analyzing illegal access route
CN113472736A (en) Method, device, equipment and readable medium for internal and external network data transmission
CN112054953A (en) Multimedia instant messaging method, system, terminal equipment and computer storage medium
CN106487643A (en) A kind of information storage means of instant messaging and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant