The Tor network is the most prominent system for providing anonymous communication to web users, with a daily user base of 2 million users. However, since its inception, it has been constantly targeted by various traffic fingerprinting and correlation attacks aiming at deanonymizing its users. A critical requirement for these attacks is to attract as much user traffic to adversarial relays as possible, which is typically accomplished by means of bandwidth inflation attacks. This paper proposes a new inflation attack vector in Tor, referred to as TorMult, which enables inflation of measured bandwidth. The underlying attack technique exploits resource sharing among Tor relay nodes and employs a cluster of attacker-controlled relays with coordinated resource allocation within the cluster to deceive bandwidth measurers into believing that each relay node in the cluster possesses ample resources. We propose two attack variants, C-TorMult and D-TorMult, and test both versions in a private Tor test network. Our evaluation demonstrates that an attacker can inflate the measured bandwidth by a factor close to n using C-TorMult and nearly half n*N using D-TorMult, where n is the size of the cluster hosted on one server and N is the number of servers. Furthermore, our theoretical analysis reveals that gaining control over half of the Tor network's traffic can be achieved by employing just 10 dedicated servers with a cluster size of 109 relays running the TorMult attack, each with a bandwidth of 100MB/s. The problem is further exacerbated by the fact that Tor not only allows resource sharing but, according to recent reports, even promotes it.

翻译：Tor网络是为网络用户提供匿名通信的最著名系统，每日用户基数达200万。然而自其诞生以来，始终遭受各类旨在去匿名化用户身份的流量指纹识别与关联攻击。此类攻击的关键前提是尽可能多地吸引用户流量至攻击者控制的中继节点，通常通过带宽膨胀攻击实现。本文提出Tor中一种新型膨胀攻击向量——TorMult，能够实现测量带宽的膨胀。该攻击技术利用Tor中继节点间的资源共享机制，通过部署攻击者控制的中继节点集群并在集群内协调资源分配，使带宽测量器误判集群内每个中继节点均拥有充足资源。我们提出两种攻击变体C-TorMult与D-TorMult，并在私有Tor测试网络中完成两种版本的验证。实验评估表明：采用C-TorMult时攻击者可将测量带宽膨胀近n倍，采用D-TorMult则可膨胀近n*N/2倍，其中n为单台服务器承载的集群规模，N为服务器数量。进一步理论分析显示，仅需部署10台专用服务器（每台服务器集群规模为109个中继节点），运行带宽为100MB/s的TorMult攻击即可控制Tor网络半数流量。值得关注的是，Tor不仅允许资源共享，近期报告更表明其正积极推进该机制，这使得问题愈发严峻。