<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta />
    <article-meta>
      <title-group>
        <article-title>Security Threats and Attacks on Tor</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Maria Khan, Muhammad Saddique,</string-name>
          <email>Icrg.csit@gmail.com</email>
          <xref ref-type="aff" rid="aff2">2</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Muhammad Zohaib</string-name>
          <email>e.m.xohaib@gmail.com</email>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Imran Ahmad</string-name>
          <email>imran.ahmad@riphah.edu.pk</email>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>In: A. Editor, B. Coeditor (eds.): Proceedings of the XYZ</string-name>
          <xref ref-type="aff" rid="aff3">3</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>Electrical and Electronics Engineering Department, Near East University</institution>
          ,
          <addr-line>North</addr-line>
          <country country="CY">Cyprus</country>
        </aff>
        <aff id="aff1">
          <label>1</label>
          <institution>Faculty of Computing, Riphah International University</institution>
          ,
          <addr-line>Lahore</addr-line>
          ,
          <country country="PK">Pakistan</country>
        </aff>
        <aff id="aff2">
          <label>2</label>
          <institution>Umar Pirzada, Afzaal Ali, Bilal Wadud, Cecos University of IT &amp; Emerging Sciences</institution>
          ,
          <addr-line>Peshawar</addr-line>
          ,
          <country country="PK">Pakistan</country>
        </aff>
        <aff id="aff3">
          <label>3</label>
          <institution>Workshop</institution>
          ,
          <addr-line>Location, Country, DD-MMM-YYYY, published at, http://ceur-ws.org</addr-line>
        </aff>
      </contrib-group>
      <abstract>
        <p>The Internet is in use nowadays all over the world. While using the Internet, the identities of the sender and receiver are not hidden; to hide the sender and receiver identities anonymous communication was introduced. There are many anonymous communication systems developed but, the Onion Router (Tor) is the most deployed anonymous communication system that provides online anonymity and privacy. There are vast security threats/attacks on Tor that are to be considered. In this article, the current attacks on Tor - an e ort to categorize them for further analysis are discussed.</p>
      </abstract>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>-</title>
      <p>David Chaum rst introduced Anonymous
communication networks as a building block for anonymity. In
the sending and receiving of a message the mix acts
as a keep-convey relay that is used to veil the link
between sender and receiver [6]. Here the few mix based
designs that have been proposed and carried out for
secret email are the best particularly Babel [7],
Mixmaster [8], and the fresher Mix minion [9]. For e-mail,
their latency is acceptable, but for web, browsing it is
un-suitable for communicating applications.
Copyright c by the paper's authors. Copying permitted for
private and academic purposes.</p>
      <p>Additional systems were also developed on the
assumption that a mix will take low latency tra c. To
anonymize the conversation of phone calls ISDN mixes
[10], is designed, and for anonym zing web-mixes [12],
it also follows the same pattern. At the University of
Dresden the Java Anon Proxy (JAP) is based on this
idea and it is ful lled and running.</p>
      <p>Tor is a connected network for anonymizing TCP
streams over the Internet [1]. It can report boundaries
in design of previous Onion Routing [2-5], by
building up unspoiled forward con dentiality, then
bottleneck control, then data purity or integrity, then
customizable exit policies, then index servers, and then
location-hidden services using meeting points. Tor
works on real-world internet, which requires no
special power or core adjustments, and needs little
simultaneity or direction between nodes, and delivers
a sane compromise between e ciency, usability and
anonymity. With the constant and even ever
increasing attention that TOR is witnessing, we provide, in
this paper, a fresh view of the security threats and
attacks on TOR. These attacks are groups in categories
based on their types Section 2, provides a literature
review. While the design goals and non-design goals
of Tor are outlined in section 3. The threat model for
Tor is presented in section 4. Section 5 overviews Tor
design. And section 6 presents the di erent types of
security threats/attacks against Tor. In section 7, we
conclude the paper.
2</p>
    </sec>
    <sec id="sec-2">
      <title>Literature Review</title>
      <p>Before onion routing, an implementation based on
a simple model by David Chaum of the University
of California, Berkeley [13], was introduced to solve
the problem of source and destination identi cation
through tra c analysis. To hide the identity of sender
from the receiver entity, Chaum mix was introduced.
In this approach, we have all sent back and forth all the
tra c from sender to receiver which goes over a proxy
that is able to disinfect the sender and/or the receiver
information if needed; however, since the sender is the
main focus of the problem then the receivers identity
is kept as it. In this case to keep the path of sender
and receiver identities, the only thing is the proxy.
While sending the information to receiver the message
is encrypted and decrypted by the series of public and
private keys of Chaum mixes.</p>
      <p>A. Onion routing: Onion routers are special proxies
that forward/relay the data between sender and
receiver. A normal user-level process is run by each
router without any special privileges. There is a TLS
connection between onion routers. The onion routers
accept TDC data streams and mingle them through
the circuits. The exit router of the circuit is linked to
the destination.</p>
      <p>
        B. TOR: The Second Generation Onion Routing: Tor
[
        <xref ref-type="bibr" rid="ref8">14, 15, 16</xref>
        ], the onion router, is the largest and the
most deployed anonymous communication system in
the present era. It is used in more than 78 countries
with 6755 relays to give online secrecy and privacy. In
recent years, Tor has become a research hotspot in the
anonymous communication systems world.
3
3.1
      </p>
    </sec>
    <sec id="sec-3">
      <title>Design Goals/Non-Goals Of Tor</title>
      <sec id="sec-3-1">
        <title>Design Goals:</title>
        <p>Systems designed for anonymity are lowlatency, to
follow to annoy attackers from joining communication
partners, or from joining many communications to or
from a speci c user. For this purpose; however, some
ideas have been introduced Tors development.
Simple design: In simple design the parameters of
security and the protocol design are well-understood. In
simple design extra features execute implementation
and di culty expenses; and by accumulation
unveri ed methods to the design risks mobility, legibility,
and simplicity of security examination. The purpose of
Tor is to utilize a reserved and non-variant system that
mingles the best known ways to protective anonymity.
Usability: Due to anonymity, systems hide users
among users, and it is a weak system if it has a low
number of users because a system which has less users;
and thus, provides less anonymity. Usability is not
only versatility but also a defense requirement [17,
18]. Therefore, Tor not only needs adapting to context
aware applications. Moreover, Tor should not
introduce prohibitive intervals. Tor requires few
conformation decisions as potential. And nally, on all common
platforms Tor should be easy to implement; No
variation is required for the operating system to make it
unidenti ed (Tor currently runs on Linux, UNIX, and
others).</p>
        <p>Mobility: In the real world it is used and its design is
deployed. For example, asking more bandwidth than
volunteers want to give so that it should not be costly
to run, by giving permission to attackers to join onion
routers in illegal events. Moreover, it should not put
a burden on operators, for core patches, or di erent
proxies for each protocol nor should it be problematic
or expensive to implement. |In addition, there is no
need for non-anonymous parties (just like websites) for
our software to be run. This goal cannot be achieved
for known users talking to unidenti ed servers.
Flexibility: The protocol is well identi ed and also
exible, so Tor could be a platform for future research.
We have many open issues in low-latency anonymous
networks, just like making dummy tra c or stopping
Sybil attacks [19], it can be solved freely from the
problems, which are dug up by Tor. Hopefully future
systems will not be necessary to recreate Tors design.
3.2</p>
      </sec>
      <sec id="sec-3-2">
        <title>Non-goals:</title>
        <p>In preferring simple and deployable designs, it also has
openly delayed numerous imaginable goals, because
they are answered in some place, or because they have
not been answered yet.</p>
        <p>No protocol standardization: Tor has no-protocol
normalization like Privoxy. If a sender wants to be
unidenti ed from the other party while using di cult and
random protocols e.g. HTTP, Tor has to be wrapped
with ltering proxy like Privoxy to cover di erence
between clients and remove protocol features that reveal
identity. With this portion Tor is capable of providing
services that are not known to the network but enough
to the server such as SSH. Similarly, Tor is unable to
add tunneling for protocols like UDP; this should be
provided by some other service if possible.</p>
        <p>Not protected against end-to-end attacks: Tor doesnt
completely resolve correlation attacks. Some solutions
are still proposed such as running your own onion
router.</p>
        <p>Non steganography: Tor does not hide who is attached
to the network.</p>
        <p>Not peer-to-peer: In a non-peer-to-peer distributing
surrounding where Tarzan and Morph Mix aim to scale
with many small life servers, many of them are
controlled by an opponent. But there are still some
debatable issues in this method [20, 21].
4</p>
      </sec>
    </sec>
    <sec id="sec-4">
      <title>Threat Model</title>
      <p>During the analytical study of anonymity designs a
worldwide passive opponent is the most regularly
assumed threat. But similar to other applied low-latency
systems, In Tor we have no safety against such a strong
opponent. As another possibility, we consider an
opponent who can monitor some part of the network tra c.
In Tor an opponent can remove, introduce, modify, or
postpone tra c. And in Tor the opponent can control
his own onion routers. In addition, an opponent can
also adjust certain portions of the onion router. The
objective of an opponent is to identify both the sender
and receiver. In low-latency anonymity systems
layered encryptions are used. While an adversary can
observe both the ends so a passive attack can settle
a doubt that client is communicating with server, but
only if the e ectiveness/timing and volume
architectures of the tra c on the connection are su ciently
distinct. While active attackers can induce timing
signatures on the tra c to compel distinct architectures.</p>
      <p>Now an adversary wants to make a link with a client
through her communication associates; an adversary
can also try to make the pro le behavior of client. The
adversary can also accumulate passive attacks by
detecting the edges of the tra c and correlating tra c
coming and leaving the network by looking for packet
size, timing. By negotiating routers or keys an
adversary can also mount active attacks; or by
reproducing tra c; particularly refusing service to trustable
routers to move users to compromised routers, or
refusing services to users to observe the data stoppage
somewhere else in the network too; or through
introducing designs into tra c that can be traced later. An
opponent can compel and undermine the index servers
to provide users opposing opinions of network status.
Moreover, the adversary can exert an e ort to
minimize the networks reliability by compromising relays
or by introducing damaging activities from coherent
nodes and an opponent is struggling to make them
reserve; thus making the network unreliable ushes
users to other communication systems having
minimum anonymity, where they can compromise them
easily.
5</p>
    </sec>
    <sec id="sec-5">
      <title>Thor Design</title>
      <p>Tor works on the principle of onion routing [1]; the
data is moved forward through a number of nodes with
layers of encryption, one layer is removed by each node
in the network. In a telescoping fashion the tunnel is
constructed and routed across the network. In the
tunnel each node knows only the previous node and
the upcoming node in the path. In reality, the rst
entry node knows the beginning of the tunnel, but it
does not identify the destination, and the exit node
knows the destination but not the beginning. But if
the nodes are observed they can do the tra c analysis
to nd the link of tunnel.</p>
      <p>In Tor nodes are led with the index service which
is reliable. In Tor each node shows its own IP address,
its public key and its exit policies for proving services.
In a span of time one can nd the bandwidth value
that is found by looking for the highest bandwidth
perceived by the node. Uptime of each node is also
upheld by directory server. Tor route creation
algorithm, implemented by the Tor beginner will have to
choose all nodes with better policies and then it can
choose a random node from the list, with the group
in uenced by the speci ed bandwidth.</p>
      <p>Wright et al, [10, 11], rstly describes guard nodes
which can defend against the predecessors attack. For
its path each client can select three nodes and can
select entry nodes from all of Guard nodes based on
a high uptime that has a bandwidth over a certain
threshold value.
6</p>
    </sec>
    <sec id="sec-6">
      <title>Types of Security Threats/Attacks On Tor</title>
      <p>6.1</p>
      <sec id="sec-6-1">
        <title>Passive Attacks:</title>
        <p>Tracking users tra c: by monitoring users connection
show not show his/her data but will show the similar
tra c patterns.</p>
        <p>Monitoring users data: Data at the end is encrypted,
not the connection. In order to hide application data
tra c, Tor can use Privoxy and ltering services.
Selections distinguish ability: Tor allows clients to
select con guration selection. With this clients who are
fewer might give up maximum anonymity by looking
di erent.</p>
        <p>End-to-end timing correlation: the safety currently
presented against such analysis to hide the link
between the OP and the rst entry node by running a
Tor relay or behind the rewall.</p>
        <p>End-to-end size correlation: observing the data
packets will be useful in the analysis of end points of tra c.
6.2</p>
      </sec>
      <sec id="sec-6-2">
        <title>Active Attacks:</title>
        <p>Compromise keys: An attacker who comes to know a
relays identity key replaces that relay forever.
Run a recipient: An opponent controlling a web server
knows the timing outlines of the users who are linking
to it, and can introduce random outlines in its replies.
Run an onion proxy: Sometimes, it might be necessary
for the proxy to execute remotely. Identi cation of
onion proxy is the identi cation of all the links that
will occur as a consequence.</p>
        <p>Denial of service: An attacker can over load the
random nodes to cut o its link from the network.
6.3</p>
      </sec>
      <sec id="sec-6-3">
        <title>Index Directory Attacks:</title>
        <p>Destroy index servers: If some index servers vanished,
the remaining can still convey the details of the
network and create a consensus index. If most of them
are destroyed, then the directory will not have enough
signatures for the users.</p>
        <p>Subvert an index server: By hijacking a directory
server, an opponent can in uence the last index to
some extent.
6.4</p>
      </sec>
      <sec id="sec-6-4">
        <title>Attacks against meeting points:</title>
        <p>
          Make many requests: An opponent can cut o the Bob
service by overloading his entry points with requests.
Compromise a meeting point: A meeting point is not
going to respond further on a circuit, since all data
tra c is encrypted going through the meeting point
with a session key which is a mutual key of Alice and
Bob [
          <xref ref-type="bibr" rid="ref1">22, 23</xref>
          ].
        </p>
        <p>Circuit clogging attack: In a circuit clogging attack,
the premise is that a client creates a circuit and
connects to a server using that circuit. The server or parts
of the content of the server (for example an advertising
frame) is malicious. The malicious content alternates
between sending a lot of data and sending very little
data. The three Tor relays that show an increase in
network latency in the monitoring are most likely: the
three relays used in the circuit by the client. A
detection scheme for clients is also proposed. If it detects a
high and unexpected increase in network latency, the
user can disconnect from the server and destroy the
a ected circuit [24].</p>
        <p>Sniper Attack: Denial of service (DoS) attack against
Tor that may be used to anonymously and selectively
disable arbitrary Tor relays. The attack can be used
to deanonymize hidden services by selectively disabling
relays, heavily in uencing paths to those in control of
the adversary [25].
onion routers to create a denial-of-service attack. If
the looping phase attack is successful, then the
malicious onion routers are more likely to be selected in
circuits, because the other legitimate onion routers are
busy. This advantage of the adversary can be used to
execute further attacks.</p>
        <p>AS and global level attacks: An autonomous system is
an independent network, and an Internet that consists
of these ASes. For instance, when sending a message
using Tor, the tra c goes through di erent multiple
autonomous systems. More importantly, if both the
entry and exit onion routers are located at the same
AS, then a statistical correlation attack can be
performed on the AS-level [26], [27].
6.5</p>
        <p>Tra</p>
        <p>c and time analysis based attacks:
Low-Cost Tra c Analysis of Tor: presents an attack
that includes tra c-analysis techniques and how an
initiators, otherwise, unrelated streams can be linked
back. The term low-cost means that the attacker is
not required to be a global adversary, in fact only a
partial view of the network is assumed.</p>
        <p>A cell counter based attack against Tor: introduces a
tra c analysis based active watermarking technique
that reveals the communication partners in a Tor
circuit.</p>
        <p>Browser-Based Attacks on Tor: presents a time based
attack that exploits browser behavior when tampering
HTTP tra c [28-32]. A Practical Congestion Attack
on Tor Using Long Paths: is an attack that reveals an
entire path of a user in a modern Tor network.
Passive-Logging Attacks against Anonymous
Communications: Systems examine a predecessor attack and
an intersection attack. The predecessor attack
provides probability values to reveal the users identity.
In intersection attack the adversary keeps a list of
addresses that have been active when the victim has
contacted his destination.
7</p>
      </sec>
    </sec>
    <sec id="sec-7">
      <title>Conclusion</title>
      <p>This paper described the complete architecture of Tor;
i.e., its circuit establishment and workings. Moreover,
some attacks are described, which had been conducted
on Tor to con rm that when two parties are
communicating with each other over Tor by observing patterns,
such as timing and volume of tra c, they can disable
Tors network
Entry and exit onion router selection attacks: The
malicious onion proxy creates loops in circuits to target
[1]</p>
      <p>Roger Dingledine, Nick Mathewson and Paul
Syverson. Tor: the second-generation onion
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
router, in Proceedings of the 13thconference
on USENIX Security Symposium - Volume
13, 2004, pp. 2121.</p>
      <p>David Goldschlag, Michael Reed and Paul
Syverson. Hiding routing information,
information Hiding, rst international workshop,
Springer Verlag LNCS 1174, on May 1996,
pp. 137150.</p>
      <p>Michael Reed, Paul Syverson and David
Goldschlag. Anonymous connections and
onion Routing. IEEE Journal on Selected
Areas in Communications, 16(4), on May 1998,
pp. 482494.</p>
      <p>Paul Syverson, Michael Reed and David
Goldschlag. Onion Routing access con
gurations. In DARPA Information Survivability
Conference and Exposition (DISCEX 2000),
volume 1, pp. 3440.</p>
      <p>Paul Syverson, Gene Tsudik, Michael Reed
and Carl Landwehr. Towards an Analysis of
Onion RoutingSecurity. Workshop on
DesignIssue in Anonymity and Un observability,
Springer-Verlag, LNCS 2009, on July 2000,
pp. 96114.</p>
      <p>David Chaum. Untraceable electronic mail,
return addresses, and digital pseudonyms.
Communications of the ACM 24(2), on
February 1981, pp.8488.</p>
      <p>George Danezis, Roger Dingledine and Nick
Mathewson. Mix minion: Design of a type
III anonymous remailer protocol. In IEEE
Symposium on Security and Privacy,
Berkeley, CA, 11-14 May 2003.</p>
      <p>Ceki Gulcu and Gene Tsudik. Mixing E-mail
with Babel. In Network and Distributed
Security Symposium, NDSS 96, San Diego,
California, on February 1996, pp. 216.</p>
      <p>Ulf Moeller, Lance Cottrell, Peter Palfrader
and Len Sassaman. Mixmaster protocol
version 2. Technical report, Network Working
Group, on May 25 2004.</p>
      <p>
        Andreas P tzmann, Birgit P tzmann and
Michael Waidner. ISDN-mixes:
Untraceable communication with very small
bandwidth overhead. Conference on
Communication in DistributedSystems, volume 267
of Informatik-Fachberichte, Springer-Verlag,
February 1991, pp. 451463.
[11]
[12]
[13]
[14]
[15]
[
        <xref ref-type="bibr" rid="ref8">16</xref>
        ]
[17]
[18]
[19]
[20]
[21]
      </p>
      <p>Rainer Bohme, George Danezis, Claudia
Diaz, Stefan Kopsell and Andreas P tzmann.
Mix cascades vs. peer-to-peer: Is one concept
superior. In Privacy Enhancing Technologies
(PET 2004), Toronto, Canada, May 2004.</p>
      <p>Oliver Berthold, Hannes Federrath and
Stefan Kopsell. Web Mixes: A system for
anonymous and unobservable Internet
access. Designing Privacy Enhancing
Technologies, volume 2009 of LNCS, Springer-Verlag,
July 2000, pp. 115129.</p>
      <p>David Chaum. Untraceable electronic mail,
return addresses, and digital pseudonyms.
ACM Communication, volume 24(2), on
1981, pp. 8488.
https://www.torproject.org/ accessed on 24
December, 2017.</p>
      <p>Roger Dingledine, Nick Mathewson and Paul
Syverson. Tor: the second-generation onion
router, in Proceedings of the 13thconference
on USENIX Security Symposium - Volume
13, 2004, pp. 2121.</p>
      <p>David Goldschlag, Michael Reed and Paul
Syverson. Hiding Routing Information, in
Proceedings of Information Hiding: First
International Workshop, Ed. Springer-Verlag,
LNCS 1174, May 1996.</p>
      <p>Alessandro Acquisti, Roger Dingledine and
Paul Syverson. On the economics of
anonymity, in Springer-Verlag, LNCS 2742,
2003, pp. 84-88.</p>
      <p>Bassam Zantout and Ramzi Haraty. I2P
Data Communication System. Proceedings of
the Tenth International Conference on
Networks (ICN 2011), St. Maarten, The
Netherlands Antilles, pp. 401-409, January 2011.</p>
      <p>Michael Freedman and Robert Morris.
Tarzan: A peer-to-peer anonym zing network
layer. In 9th ACM Conference on
Computer and Communications Security (CCS
2002),Washington, DC, on November 2002,
pp. 193-206.</p>
      <p>Marc Rennhard and Bernhard Plattner.
Practical anonymity for the masses with
morph mix, in Springer-Verlag. LNCS
(forthcoming), 2004, pp. 233-250.</p>
      <p>John Douceur. The Sybil Attack. In
Proceedings of the 1st International Peer To Peer</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          <source>[22] [23] [24] [25] [26] [27] [28] [29] [30] [31] Systems Workshop (IPTPS)</source>
          ,
          <source>on Mar</source>
          <year>2002</year>
          , pp.
          <fpage>251</fpage>
          -
          <lpage>260</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          <string-name>
            <given-names>Roger</given-names>
            <surname>Dingledine</surname>
          </string-name>
          , Nick Mathewson and
          <string-name>
            <given-names>Paul</given-names>
            <surname>Syverson</surname>
          </string-name>
          .
          <article-title>Tor: the second-generation onion router</article-title>
          ,
          <source>in Proceedings of the 13thconference on USENIX Security Symposium - Volume 13.USENIX Association</source>
          ,
          <year>2004</year>
          , pp.
          <fpage>2121</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          <string-name>
            <given-names>Juha</given-names>
            <surname>Salo</surname>
          </string-name>
          . Recent Attacks On Tor. Aalto University, T-
          <volume>110</volume>
          .5290 Seminar on Network
          <source>Security Fall</source>
          <year>2010</year>
          , updated on 2012-
          <volume>05</volume>
          -06.
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          <string-name>
            <given-names>Chan</given-names>
            <surname>Tin</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Jiyoung</given-names>
            <surname>Shin</surname>
          </string-name>
          and
          <string-name>
            <given-names>Jiangmin</given-names>
            <surname>Yu</surname>
          </string-name>
          .
          <source>Revisiting Circuit Clogging Attacks on Tor Availability. Reliability and Security (ARES)</source>
          ,
          <source>2013 Eighth International Conference on 2-6 Sept</source>
          .
          <year>2013</year>
          , pp.
          <fpage>131</fpage>
          <lpage>140</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          <string-name>
            <given-names>Rob</given-names>
            <surname>Jansen</surname>
          </string-name>
          , FlorianTschorschz, Aaron Johnson and
          <string-name>
            <given-names>Bjorn</given-names>
            <surname>Scheuermannz</surname>
          </string-name>
          .
          <article-title>The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network</article-title>
          .
          <source>NDSS 14, on 23-26 February</source>
          <year>2014</year>
          , San Diego, CA, USA.
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          <string-name>
            <given-names>Steven</given-names>
            <surname>Murdoch</surname>
          </string-name>
          and
          <string-name>
            <given-names>George</given-names>
            <surname>Danezis</surname>
          </string-name>
          .
          <article-title>Lowcost tra c analysis of Tor, Published in Security and Privacy</article-title>
          .
          <source>2005 IEEE Symposium, on 8-11 May</source>
          <year>2005</year>
          , pp.
          <fpage>183</fpage>
          195
          <string-name>
            <given-names>B.</given-names>
            <surname>Zantout</surname>
          </string-name>
          and
          <string-name>
            <given-names>R. A.</given-names>
            <surname>Haraty</surname>
          </string-name>
          .
          <article-title>A Comparative Study between BitTorrent and NetCamo Data Communication Systems</article-title>
          .
          <source>International Journal of Computational Intelligence and Information Security. March</source>
          <year>2010</year>
          . Volume
          <volume>1</volume>
          ,
          <string-name>
            <surname>Number</surname>
            <given-names>2</given-names>
          </string-name>
          ,
          <year>2010</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          <string-name>
            <given-names>R. A.</given-names>
            <surname>Haraty</surname>
          </string-name>
          and
          <string-name>
            <given-names>B.</given-names>
            <surname>Zantout</surname>
          </string-name>
          .
          <article-title>The TOR Data Communication System</article-title>
          .
          <source>Journal of Communications and Networks. ISSN 1229-2370.</source>
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          Volume
          <volume>16</volume>
          , pp.
          <fpage>415</fpage>
          -
          <lpage>420</lpage>
          ,
          <year>August 2014</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          <string-name>
            <surname>Haraty. El Gamal</surname>
          </string-name>
          Public
          <article-title>-key Cryptosystem Using Reducible Polynomials over a Finite Field</article-title>
          .
          <source>Proceedings of the 13th International Conference on Intelligent &amp; Adaptive Systems and Software Engineering (IASSE2004)</source>
          . Nice, France.
          <year>July 2004</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          <source>Journal of Mathematics and Statistics</source>
          . ISSN:
          <fpage>1549</fpage>
          -
          <lpage>3644</lpage>
          . Volume
          <volume>2</volume>
          , Number 1.
          <year>2006</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          <string-name>
            <given-names>R. A.</given-names>
            <surname>Haraty</surname>
          </string-name>
          and
          <string-name>
            <given-names>B.</given-names>
            <surname>Zantout</surname>
          </string-name>
          <article-title>A Collaborative-based approach to Avoiding [32] Tra c Analysis and Assuring Data Integrity in Anonymous Systems. Computers in Human Behavior Journal</article-title>
          . Volume
          <volume>51</volume>
          ,
          <string-name>
            <surname>Part</surname>
            <given-names>B</given-names>
          </string-name>
          ,
          <year>October 2015</year>
          , Pages 780791.
        </mixed-citation>
      </ref>
      <ref id="ref12">
        <mixed-citation>
          <string-name>
            <given-names>Ramzi A.</given-names>
            <surname>Haraty</surname>
          </string-name>
          and
          <string-name>
            <given-names>Bassam</given-names>
            <surname>Zantout</surname>
          </string-name>
          .
          <article-title>The TOR Data Communication System A Survey</article-title>
          .
          <source>Proceedings of the Sixth IEEE International Workshop on Performance Evaluation of Communications in Distributed Systems and Web based Service Architectures (PEDISWESA2014)</source>
          . Madeira,
          <string-name>
            <surname>Portugal. June</surname>
          </string-name>
          <year>2014</year>
          .
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>