Publications
2025
- Onions Got Puzzled: On the Challenges of Mitigating Denial-of-Service Problems in Tor Onion ServicesJinseo Lee, Hobin Kim, and Min Suk KangIn Proceedings of the 34th USENIX Security Symposium, Seattle, WA, USA, 2025
Denial-of-service (DoS) attacks present significant challenges for Tor onion services, where strict anonymity requirements render conventional mitigation strategies inapplicable. In response, the Tor community has recently revived the client puzzle idea in an official update to address real-world DoS attacks, leading to its adoption by several major onion services. In this paper, we uncover a critical vulnerability in the current puzzle system in Tor through a novel family of attacks, dubbed ONIONFLATION. The proposed attacks artificially inflate the required puzzle difficulty for all clients without causing noticeable congestion at the targeted service, rendering any existing onion service largely unusable at an attack cost of a couple of dollars per hour. Our ethical evaluation on the live Tor network demonstrates the impact of these attacks, which we have reported to the Tor Project and received acknowledgment. Our analysis reveals an undesirable trade-off in the client puzzle mechanism, which is the root cause of the discovered vulnerability, that forces the Tor onion system to choose between inflation resistance and congestion resistance, but not both. We offer practical guidance for Tor onion services aimed at balancing the mitigation of these attacks.
@inproceedings{lee25onions, author = {Lee, Jinseo and Kim, Hobin and Kang, Min Suk}, title = {Onions Got Puzzled: On the Challenges of Mitigating {Denial-of-Service} Problems in Tor Onion Services}, booktitle = {Proceedings of the 34th USENIX Security Symposium}, series = {USENIX Security '25}, year = {2025}, location = {Seattle, WA, USA}, numpages = {19}, publisher = {USENIX Association}, address = {Berkeley, CA, USA}, }
2024
- Measuring DNS-over-HTTPS Downgrades: Prevalence, Techniques, and Bypass StrategiesJinseo Lee, David Mohaisen, and Min Suk KangProc. ACM Netw., Nov 2024
DNS-over-HTTPS (DoH) is a privacy-enhancing protocol that encrypts plaintext query data in DNS resolution. However, DoH often faces accessibility challenges due to phenomena known as DoH downgrades, where DoH queries are reverted to plaintext DNS queries. Unlike downgrades in other security protocols, which are undoubtedly malicious, the act of downgrading DoH queries can be both desirable and undesirable depending on the context; e.g., enterprise networks are officially advised to avoid or downgrade DoH for security reasons. Recent research has drawn attention to the deeper examination of the phenomena of DoH downgrades, focusing on the prevalence, techniques, and potential bypass strategies. However, existing studies on DoH downgrades have several limitations, notably that they severely overestimate the severity of DoH downgrades across the globe as they lack any distinction between desirable and undesirable downgrades of DoH. In this work, we conduct a large-scale measurement study to provide a more accurate depiction of the DoH downgrade landscape. By minimizing the influence of desirable downgrades of DoH in our measurement probes, we show a skewed long-tail distribution of DoH downgrades across the globe. Our stateful probing techniques also reveal hidden DoH filtering mechanisms that were previously undetected. Furthermore, we design near perfect bypass strategies against existing DoH downgrades. Our study expands our limited understanding of DoH downgrades, offering a more accurate, fine-grained, and comprehensive view of the phenomena.
@article{lee24measuring, author = {Lee, Jinseo and Mohaisen, David and Kang, Min Suk}, title = {Measuring DNS-over-HTTPS Downgrades: Prevalence, Techniques, and Bypass Strategies}, year = {2024}, issue_date = {December 2024}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {2}, number = {CoNEXT4}, url = {https://doi.org/10.1145/3696385}, doi = {10.1145/3696385}, journal = {Proc. ACM Netw.}, month = nov, articleno = {28}, numpages = {22}, keywords = {bypass, dns privacy, dns-over-https, downgrade, measurement}, }