The work “Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum”, co-authored by Bernardo Ferreira, LASIGE integrated member, was awarded Best Portuguese Internet Research of Internet Society 2024.

This article identifies and discloses a vulnerability in the Tor network that can be used by third parties to subvert the objectives for which the network was designed. The identification of the vulnerability was disclosed in advance to the Tor network development team, helping to increase its robustness.

The jury expressed the following assessment “The aim of the Tor network is to provide users with a way of accessing the Internet as privately and anonymously as possible, by routing encrypted traffic through multiple servers. In this way, it is hoped to eliminate any possibility of tracing the origin of traffic, allowing those who use it to circumvent the surveillance imposed in some countries by censorship agencies or authorities”.

The paper was published in the proceedings of the 2024 edition of the renowned “Network and Distributed System Security (NDSS) Symposium” by a team of researchers from different national and international institutions, who have been making the robustness of the Tor network one of their lines of research.

It is available here.