Hidden Services Directory

Posted by seomypassion12 on November 9th, 2023

Hidden services directory are sites that run on Tor to protect their users’ privacy. These sites are often used to illegally host illicit content or services.

To connect to a hidden service, a client first retrieves its Hidden wiki descriptor from a set of six responsible Hidden Service Directors (HSDir). This descriptor is time based and changes every hour.
Authentication

A hidden service is a server that is not directly addressable on the Internet. Instead, it is accessed using its onion pseudo-URL. This URL is a 16-character string of numbers and letters that is generated from the hidden service’s public key. The server’s network location is hidden from the global/public Internet, and it only communicates with its clients over the Tor network.

Authentication on Tor is based on a cryptographic protocol called TLS, which uses public-key encryption to encrypt data between the client and the hidden service. This protects against eavesdropping and man-in-the-middle attacks. It also prevents the hidden service from being tampered with by an adversary. It is important to note that this encryption only protects the communication between the hidden service and its clients; it does not secure the data from an attacker that may be running on the same network as the HS.

The first step is to connect to the HS. To do this, the client sends a cookie to the HS (step 1). Then the hidden service decrypts the cookie and finds its synchronization point and one-time key. It then creates a connection chain to the synchronization point and sends a one-time key to it. Once the synchronization point receives the one-time key, it sends it to the client (step 8).

Once the HS decrypts the cookie, it checks whether the one-time key matches the SHA-1 hash of its own public key. If the match is true, the HS confirms its identity to the client and establishes a connection. The HS then starts sending the client traffic.

To prevent these attacks, the HS must adhere to a set of input protections that it has to implement. These include the use of dummy packets and filler packets to mask its IP. In addition, the HS should not send any information about its own traffic to the outside world.

Aside from the security issues, there are other problems with Tor’s Hidden Services Directory. For example, many of them offer illegal services, such as money laundering and hiring a killer or a thief. This makes it difficult for law enforcement to find these sites. Also, these services often change their onion address names to avoid detection. This is why some governments are introducing laws to combat these types of services.
Load distribution

Hidden services can be hammered by clients, and the current architecture is not built to handle that kind of load. The Hidden Services directory servers (HSDirs) are regular Tor relays, and their capacity is not sufficient to handle a lot of connections to one particular service. This is a major problem for many large, popular sites that want to migrate to Hidden Services. The solution is to introduce a mechanism to distribute load across multiple HSDirs, but this requires an overhaul of the current architecture and many other problems.

The current architecture of the Tor Hidden Service directory is based on the principle that each hidden service has a responsible HS directories, or "directories", which store its descriptors for 24 hours and then send it to other HSDirs. This allows the HSDirs to verify that the descriptor was uploaded by the Hidden Service itself, rather than by a malicious actor. This is important for security because it prevents the emergence of fake or compromised HSDirs, and ensures that clients connect to the correct service.

To increase the scalability of the system, a hidden service can publish its descriptor to a fixed number of Introduction Points. Each Hidden Service is responsible for choosing between one and ten of these Introduction Points, based on a self-estimation of its popularity. Unfortunately, if the service is busy, the Introduction Points can be overwhelmed by client requests and may not be available for lookups for a while.

A more effective solution would be to allow hidden services to switch their long-term keypairs from time to time. This would allow the Hidden Service to reestablish failed circuits to old Introduction Points, and also make it harder for malicious actors to track the popularity of the service through its HSDir counts.

Another improvement would be to allow Hidden Services to use Valet nodes, which can provide a high level of protection against malicious attacks on the service. However, this requires a significant implementation and deployment effort, so it is unlikely to happen soon. Until then, users should keep their Valet nodes secure and avoid connecting to untrusted or rogue hosts.
Privacy

Despite the fact that Tor provides excellent privacy, many people use it to host illegal content. These services are often command and control centers for botnets or resources serving adult content. For this reason, there is a need to develop techniques that can classify HS clients and prevent their usage of malicious services. These methods may also be applied to broader research into the behaviour of Tor users and help fight cybercrime.

The current state of research on HS is fragmented. While most studies focus on identifying HS at the directory level and classifying their content, fewer address how to effectively collect and analyse their content. In addition, most articles are focused on security and propose methods to protect against attacks or make circuits more secure.

Obtaining statistics on HS is difficult for several reasons: no central entity stores the entire list of onion addresses, and the addresses are finished in.onion, preventing them from being discovered by traditional search engines. Moreover, hidden services rarely link to each other, a factor that hinders their discovery. This makes it difficult for researchers to determine the popularity of a hidden service.

One study found that the most popular HS are command and control centers for botnets, followed by resources that offer illicit content. However, there are also a number of HS that are dedicated to human rights and freedom of speech. These HS can be used by people living in oppressive regimes to publish and share information with the rest of the world.

In order to publish a hidden service, Bob must generate two service descriptors and upload them to 6 responsible HS directories. These HS directories are chosen deterministically based on the consensus and the onion address. Once the responsible HS directories have published his descriptor, he can use the information to reach his hidden service.

To ensure privacy, citizens connect to a hidden service using the rendezvous protocol, which does not reveal the citizen’s real IP address. Instead, the citizen uses a pseudo-URL that points to a Tor relay. This relay verifies the identity of the server and the network location. The citizen then sends a request to the server, which translates the request into an encrypted message and forwards it to the actual server.
Security

Hidden services are a popular feature of Tor that allow users to host and run applications over the Tor network while hiding their true location. They are designed to provide privacy and security for both users and service providers. To ensure that hidden services remain secure, the Tor project maintains a set of guidelines for their operation and implementation. These guidelines include using HTTP over TCP rather than SSL, not exposing port numbers, and making sure that the service isn’t visible on clearnet. These guidelines are designed to prevent deanonymization attacks, which can be carried out by monitoring a service’s traffic.

During the process of connecting to a hidden service, a client needs to retrieve two service descriptors. One of these is the public key, while the other contains a list of introduction points. Hidden services publish these descriptors to a group of responsible hidden service directories (HSDir’s) every hour. These HSDir’s are Tor relays that have been responsible for the service in the past 24 hours and have received a special flag from the directory authorities. The client can then use the retrieved information to connect to the hidden service over a 7-hop circuit.

The most significant advancements in research on ACS in the last three years have been related to content classification and torhid service discovery, with an emphasis on improving crawling and.onion address discovery techniques. These improvements will allow for more accurate classifications and will make it easier to fight illegal content hosted on Tor hidden services.

Hidden services have received increased media attention recently due to the popularity of the Silk Road market place, an online black market. This has prompted researchers to focus on these areas of interest, with most papers focusing on security issues and presenting attacks or proposing protection methods.

One such attack, presented by Xu and Wang [82], allows an attacker to deanonymise the operator of a hidden service by exploiting a weakness in the Tor protocol. The attack works by observing the traffic signature that is sent to the hidden service immediately after its descriptor is uploaded. This signature is then detected at the guard node, allowing an adversary to discover the operator’s identity.