洋蔥路由匿名網路的主要功能是為了保護使用者在網際網路上的隱私性，並且除了隱匿客戶端的網路IP位址之外，還能夠作為突破某些資訊封鎖、過濾或監視網路環境的工具，可以讓使用者安全地進行隱匿通訊。
在本篇論文中，我們主要的研究目的是想了解在使用洋蔥路由匿名網路時，使用者會遭遇到哪些潛在的資安風險與弱點威脅。因此，我們嘗試以攻擊者的角度切入來找出這個問題的答案，利用洋蔥路由匿名網路的系統架構並結合中間人攻擊的概念，設計了一個可實際運作、具高度隱匿性且能被動式地對客戶端策動攻擊行動的實驗系統架構來進行相關實作。
透過本篇論文的研究過程及實驗結果，我們討論實驗系統架構的影響範圍，並依據最終的實驗數據資料，分析使用洋蔥路由匿名網路的安全性及潛在的資安威脅與風險。最後，討論目前現有之防禦方法及未來可研究的方向並總結全文。

The main function of Tor anonymity network is to protect the privacy of internet users. In addition to hiding the IP addresses of Tor clients, it is also a tool to make a breakthrough in the environment of information blocking, filtering and monitoring. Tor users can use it to do a secret communication securely.
In this thesis, our research purpose is to know that user encounters what the information security risks and the threat of the weakness when they use Tor anonymity network. Consequently, we try to use the thinking of the attackers to find out this answer of this question. We use the network architecture of Tor anonymity network and the concept of man-in-the-middle attack to design an experimental architecture which is high anonymity and attacks users passively to do related implement.
We discuss the scope of affecting according to our research and the experimental results in this thesis, and we analysis the security of Tor anonymity network and the potential risks and threats by the final experimental data. Finally, we discuss the current methods of defense and the future work, and make conclusions.

引用文獻

[1] Ms. Smith : “No Conspiracy Theory Needed: Tor Created for U.S. Gov't Spying” , 2011.3.28 , http://www.networkworld.com/community/blog/no-conspiracy-theory-needed-tor-created-us-go
[2] Ms. Smith : “25 More Ridiculous FBI Lists: You Might Be A Terrorist If” , 2012.2.6 , http://www.networkworld.com/community/blog/25-more-ridiculous-fbi-lists-you-might-be-terrorist-if
[3] Mike Wheatley : “Japan’s Cops Want Tor Network Banned After Cyber-Terror Cat Humiliation” , 2013.4.22 , http://siliconangle.com/blog/2013/04/22/japans-cops-want-tor-network-banned-after-cyber-terror-cat-humiliation/
[4] Paul Syverson , “Onion Routing Brief Selected History” , 2005 , http://www.onion-router.net/History.html
[5] David M. Goldschlag, Michael G. Reed, and Paul F. Syverson, “Hiding Routing Information” , Springer-Verlag LLNCS, 1174, pp. 137-150, 1996
[6] Wikipedia : “Tor (anonymity network)” , 2013.5.24 , http://en.wikipedia.org/wiki/Tor_(anonymity_network)
[7] Roger Dingledine , Nick Mathewson , Paul Syverson , “Tor:The Second-Generation Onion Router” , Proceedings of the 13th conference on USENIX Security Symposium - Volume 13(USENIX) , p21 , San Diego, CA , 2004
[8] Roger Dingledine , Jacob Appelbaum , “The Tor software ecosystem” , 29th Chaos Communication Congress (29c3) , Hamburg , German , 2012.12.27-30
[9] “Tor Metrics Portal: Users” , 2013 , https://metrics.torproject.org
[10] “Orbot: Mobile Anonymity + Circumvention - The Guardian Project” , 2013 , https://guardianproject.info/apps/orbot
[11] Yong Guan,Xinwen Fu,R.Bettati & Wei Zhao. , “An Optimal Strategy for Anonymous Communication Protocols” , In Proceedings of the 22nd IEEE International Conference on Distributed Computing Systems(ICDCS 2002) , pp 257-266 , Vienna , Austria , 2002.07.02-05
[12] M.Wright,M.Adler,B.N.Levine & C.Shields. , “An Analysis of the Degradation of Anonymous Protocols” , In Proceedings of the 2002 ISOC Symposium on Network and Distributed System Security(NDSS 2002) , San Diego , California , USA , 6-8 February 2002
[13] D.Chaum , “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms” , Communications of the ACM , 24(2) , pp 84-90 , 1981
[14] A. Acquisti, R. Dingledine, and P. Syverson. , “On the Economics of Anonymity” , Financial Cryptography , LNCS 2742 , pp 84-102 , Springer-Verlag , 2003
[15] A. Back, I. Goldberg, and A. Shostack , “Freedom systems 2.1 security issues and analysis” , Zero Knowledge Systems, Inc. , May 2001
[16] B. N. Levine, M. K. Reiter, C. Wang, and M. Wright ,” Timing Attacks in Low-Latency Mix Systems” , Financial Cryptography , LNCS 3110 , pp 251-265 , Springer-Verlag , 2004
[17] Philipp Winter , Stefan Lindskog , “How the Great Firewall of China is Blocking Tor” , Free and Open Communications on the Internet (FOCI) , USENIX , Bellevue , WA , USA , 2012
[18] Tor Project : obfsproxy , https://www.torproject.org/projects/obfsproxy.html.en
[19] Tor , 2013.07.18 , http://zh.wikipedia.org/wiki/Tor
[20] Tor Documentation , https://www.torproject.org/docs/documentation.html.en
[21] Paul Syverson , “A Peel of Onion” , Annual Computer Security Applications Conference (ACSAC) , Orlando, Florida , USA , 2011.12.05-09
[22] What is a Tor Relay? , https://www.eff.org/torchallenge/what-is-tor
[23] Tor : Hidden Service Protocol , https://www.torproject.org/docs/hidden-services.html.en
[24] Tor Rendezvous Specification , https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt
[25] Tor directory protocol version 3 , https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=dir-spec.txt
[26] 萬超，”針對TOR的節點選擇攻擊技術研究”，中華人民共和國國防科學技術大學，碩士論文，2009年。
[27] What are Entry Guards? , https://www.torproject.org/docs/faq#EntryGuards
[28] D. McCoy, K. Bauer, D. Grunwald, P. Tavriz , “Shining Light in Dark Places : A Study of Anonymous Network Usage” , Technical Report CU-CS - 1032-07. 2007. 8
[29] Philipp Winter , Stefan Lindskog , “How China Is Blocking Tor” , Free and Open Communications on the Internet(FOCI) , USENIX , Bellevue , Washington , USA , 2012
[30] 殭屍網路，2013.3.12，https://zh.wikipedia.org/wiki/%E6%AE%AD%E5%B1%8D%E7%B6%B2%E7%B5%A1
[31] 什麼是殭屍網路/傀儡網路 Botnet，2009.11.10，http://domynews.blog.ithome.com.tw/post/1252/58742
[32] Tyler Hudak , “An Introduction Into the World of Botnets” , http://www.korelogic.com/Resources/Presentations/botnets_issa.pdf
[33] Chao Li , Wei Jiang , Xin Zou , “Botnet: Survey and Case Study” , Innovative Computing, Information and Control (ICICIC) Fourth International Conference, Kaohsiung , Taiwan ,Republic of China , 2009.12.07-09
[34] G Data Software : “Botnet command server hidden in Tor” , 2012.10.09 , http://blog.gdatasoftware.com/blog/article/botnet-command-server-hidden-in-tor.html
[35] Brian Donohue : “Tor-Powered Botnet Linked to Malware Coder’s AMA on Reddit” , 2012.12.11 , http://threatpost.com/tor-powered-botnet-linked-malware-coder-s-ama-reddit-121112
[36] Claudio Guarnieri , Skynet, “a Tor-powered botnet straight from Reddit” , 2012.12.06 , https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit
[37] Dennis Brown , “Resilient Botnet Command and Control with Tor“ , Hack In The Box (HITB) , Kuala Lumpur, Malaysia , 2010.10
[38] Cyber-crime responsible for huge rise in Tor use , 2013.09.06 , http://www.itproportal.com/2013/09/06/cyber-crime-responsible-huge-rise-tor-use/
[39] 中間人攻擊，2013.06.04，http://zh.wikipedia.org/wiki/%E4%B8%AD%E9%97%B4%E4%BA%BA%E6%94%BB%E5%87%BB
[40] Toni : “Testing TOR Nodes for Man-in-the-Middle Attacks” , 2007.11.20 , http://www.f-secure.com/weblog/archives/00001321.html
[41] Kim Zetter : “Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise” , 2007.09.10 , http://www.wired.com/politics/security/news/2007/09/embassy_hacks
[42] A. Christensen et al. : “Practical Onion Hacking : Find the real address of Tor clients” , Fort Consult , October 2006.
[43] L. Overlier and P. Syverson. : “Locating Hidden Servers” , In Proceedings of the 2006 IEEE Symposium on Security and Privacy, 15 pp. – 114 , May 2006.
[44] M. Wright, M. Adler, B. N. Levine, and C. Shields. : “The predecessor attack: An analysis of a threat to anonymous communications systems” , In ACM Trans. Inf. Syst. Secur. , pages 489–522, 2004.
[45] Timothy G. Abbott , Katherine J. Lai , Michael R. Lieberman , Eric C. Price : “Browser-Based Attacks on Tor” , 7th International Symposium , vol 4776 , pp 184-199 , Ottawa , Canada , 2007.06.20-22
[46] NoScript , http://noscript.net
[47] Entry Guards , 2013.10.16 , https://blog.torproject.org/category/tags/entry-guards
[48] BREACH : “REVIVING THE CRIME ATTACK” , 2013.07.12 , BlackHat 2013