Repository logo
 

Network analysis of Dark Web traffic through the Geo-Location of South African Internet protocol address space

Thumbnail Image

Date

2019-04-16

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

This research was supported financially by the BankSeta, the Council on Scientific and Industrial Research and the National Research Foundation with the aim to log The Onion Router (TOR) traffic usage in South Africa. The recent public disclosure of mass surveillance of electronic communications, involving senior government authorities, has drawn the public attention to issues regarding Internet security privacy. For almost a decade, there has been several research efforts towards designing and deploying open source, trustworthy and reliable electronic systems that ensure anonymity and privacy of users. These systems operate by concealing the true network identity of the communicating parties against eavesdropping adversaries of which TOR is an example of such a system. Clients that use the TOR network construct circuits (paths) which are utilised to route multiple network streams. A circuit is considered secure if there is one non-malicious router in the circuit. Such systems have served as anti-censorship and anti-surveillance tools. The implementation of TOR allows an individual to access the Dark Web, an area of the Internet that is said to be of a much larger magnitude than the Surface Web. The Dark Web which has earned a reputation as a sort of immense black market, associated with terrorist groups, child pornography, human trafficking, sale of drugs, conspiracies and hacking research, has received significant national and international press coverage. However, to date little or no research has been conducted on the illicit usage of the Dark Web and no research has been conducted in the use or misuse of the Dark Web in South Africa. There has not been any study which characterises the usage of a real deployed anonymity service. Observations obtained are presented by participating in the TOR network and the primary goal of this study is to elicit Dark Web traffic by South Africans. Past researchers undertook Dark Web crawling focusing only on specific web content such as explicitly focusing on child exploitation and terrorist activity. The experiment design of this study further builds on experiments conducted in previous studies. The deanonymisation methodology utilised in this study will allow for the detection of exit routing traffic and the logging of all Dark Web traffics areas omitted from the previous studies. This study does not confine the declassification of onion addresses to specific content types and aims to log all exit routing traffics, undertake a comprehensive declassification of websites visited by clients and obtain the Internet Protocol Addresses (IP) of these clients. The analysis of the sample results reveals that in the South African context, Dark Web traffic is mainly directed to social media websites. There are however causes for concerns as there are illicit activities occurring that include the sale of drugs, visiting of child pornographic websites, and the sale of weapons. Finally, the study presents evidence that exit routing traffic by the TOR node is limited to a large number of different countries some of which have serious Internet censorship laws.

Description

Submitted in fulfillment of the requirements of the Doctor of Philosophy in Information Technology and Communication Technology, Department of Information Technology, Faculty Of Accounting And Informatics, Durban University Of Technology, Durban, South Africa. 2019.

Keywords

Citation

DOI

https://doi.org/10.51415/10321/3349

Endorsement

Review

Supplemented By

Referenced By