Skip to content
Log in

Traffic correlation attack

Definition

A deanonymisation technique that compares timing patterns and traffic volume at the entry point of a Tor circuit and at the destination, allowing an observer with visibility at both ends to probabilistically identify the user. Also called an end-to-end timing attack. It does not require breaking Tor's encryption.

Related terms

Blockchain analysis
The forensic examination of a cryptocurrency's public transaction ledger to trace the flow of funds between addresses, cluster addresses controlled by the...
Exit node
The third relay in a Tor circuit, which forwards decrypted traffic to the public internet destination. The destination server sees the exit...
I2P (Invisible Internet Project)
A peer-to-peer anonymity network that routes traffic through a distributed mesh of volunteer nodes using unidirectional tunnels. Unlike Tor, I2P is primarily...
Onion routing
A technique in which a message is encrypted in multiple layers, one per relay node, so that each relay decrypts only its...
Onion service (hidden service)
A server reachable through Tor using a .onion address derived from its public key. The server's real IP address is never exposed...

Explained in

  • Tor and Anonymity NetworksA deanonymisation technique that compares timing patterns and traffic volume at the entry point of a Tor circuit and at the destination, allowing an observer w...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account