Critical traffic analysis on the tor network

Tor is a widely-used anonymity network with more than two million daily users. A special feature of Tor is the hidden service architecture. Hidden services are a popular method for anonymous communication or sharing web contents anonymously. A specialty in Tor is that all data packets that are sent are structured completely identical for security reasons. They are encrypted using the TLS protocol and have a fixed size of exactly 512 bytes. In an earlier implementation, Tor was an example of networks without generated traffic noise to make traffic analysis more difficult. In this work we describe a method to deanonymize any hidden service on Tor based on traffic analysis, which is a threat to anonymity online. This method allows an attacker with modest resources to deanonymize any hidden services in less than 12.5 days.