A research paper titled “Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum”, authored by INESC-ID, CMU Portugal and Instituto Superior Técnico PhD student, Daniela Lopes, won the 2024 “Best Portuguese Internet Research” by the Portuguese Chapter of the Internet Society (ISOC). The work was co-authored by her advisors, INESC-ID researcher Nuno Santos’ and Nicolas Cristin from Carnegie Mellon University.

The paper was published in the proceedings of the 2024 edition of the “Network and Distributed System Security (NDSS) Symposium” and resulted from the CMU Portugal Exploratory Research Project “DAnon – Supervised Deanonymization of Dark Web Traffic for Cybercrime Investigation,”. It announces a vulnerability in the Tor network, which is intended to provide users with private and anonymous Internet access, eliminating any possibility of tracing the origin of traffic. Malicious users can, however, take advantage of this and get around the surveillance imposed in some countries by censorship agencies or authorities, undermining the network’s purpose. 

The identification of this issue was disclosed to the Tor network development team, contributing to increase its robustness. The jury highlighted the contribution of this paper to the protection of citizens’ rights online and against abusive surveillance and censorship on political or racial grounds, both goals of the Internet Society.

The award ceremony took place yesterday, December 11, at Instituto Superior Técnico, following a panel discussion on “Cryptography: the need and the dilemma”, featuring Miguel Pupo Correia, INESC-ID board member and researcher, Maria Manuel Leitão Marques, European Parliament Member and former Minister for the Presidency, and Robin Wilton, director of the “Internet Trust – Internet Society”. 

The paper is accessible here.