Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance by injecting Decoys inside TOR!

Recently, I spoke at the C0C0N X Security & Hacking Conference 2017 held at Le Meridien, Kochi. The talk focussed on the 'Hiddenness' of TOR Hidden Services specific to the detection of HS Directory Surveillance by injecting Decoys or Honeypots inside the TOR network. Here’s the digest of the presentation.


What is TOR?
The Onion Router – Gateway to Anonymity
How TOR works?
Establishing the Circuit
Directory Authorities - The Gatekeepers of TOR

Introduction to TOR Hidden Services (HS)
Why run a TOR HS? - Sneak peek into HS features
How TOR HS works? - HS Rendezvous Protocol

Analysis of hiddenness of TOR HSs 
Research Hypothesis - Are TOR HS really Hidden?
The HS Honeypot Approach
Setting up the Onion Decoy Project

Live Demo
Hosting Tor Hidden Service in seconds with Docker Containers
How to setup Honeypots (aka Onion Decoys) inside TOR Network
Live probing of Onion Decoys to detect intrusions by attackers

Results of the Onion Decoy Experiment 
Private Hidden Services are not really hidden

Conclusion & Takeaways
Everything can be a Honeypot, if you don’t know it fully
The more you hide, The more somebody wants to know why



The Source Code of the Onion Decoy Project is available at https://github.com/OnionDecoy


Below is the presentation for the delivered talk.

Digital Disruption - Facts to ponder!

Why didn’t a cab driver think of Ola or Uber? 

Why didn’t a Shopping Mall owner think of Flipkart? 

Why didn’t a Theatre owner think of BookMyShow? 

Why didn’t Airtel or Vodafone think of Paytm? 

Why didn’t Taj or Marriott think of GoIbibo? 

The answer to all above, and the myriad of all other companies displaced by digital disruption, is that at some point they became so busy and coupled with the ongoing need to meet or exceed the quarterly numbers, that they forgot to look far enough outside of their business to see the disruption ahead. A quite convincing reason why so many companies fail to face the disruption is that when someone from the outside uses digital disruption to disrupt you, the strategy most often invoked is to protect and defend the status quo. It is amazing how much time and money organizations spend protecting and defending their current ‘cash cows’. In the past this was a valid strategy that did produce good results. But digital disruption is different. Because it tends to be game-changing with a very low cost of entry, it is not hard for a small startup to quickly disrupt not only a big business, but even an entire industry.

But, why all this is happening now? What is digital disruption?

The Art of Living - Alapati Sarath

"Life is Beautiful" i was told, "It could be as you want it to be" i heard, "Take it as it comes" i thought being a cool person not thinking much about the problems that i may have face one day i was relaxed. But when a person has to face a problem Unexpectedly its

ECIL GET Interview Experience 2012 - Raj Srivastava

May I come in Sir?
Yes, Come in.

Good Morning all. May I sit down?
Sure, Please be seated.

So Mr. Raj, Tell me about yourself?