Professor Minseok Kang's research team at KAIST has won the "Outstanding Paper Award" at an international security conference. The team is being recognized for setting a new milestone in global security research by identifying security vulnerabilities in the world's largest anonymous network, Tor, and proposing solutions.
On September 12, KAIST announced that Professor Kang's team from the Department of Computer Science recently participated in the "USENIX Security 2025" conference held in Seattle, United States, and received the Outstanding Paper Award.
The USENIX Security Symposium is considered the most prestigious conference in the field of information security. The Outstanding Paper Award is given to only the top 6% of all submitted papers.
(From left) Jinseo Lee, PhD candidate in the Department of Computer Science, Hobin Kim, Researcher, Minseok Kang, Professor. Provided by KAIST
At the conference, the research team discovered a potential Denial-of-Service (DoS) attack vulnerability in Tor and presented a method to address it.
Tor, an anonymity-based service, has become a leading privacy protection tool used by millions of people every day.
However, the team revealed that Tor's congestion detection mechanism is not secure. Through real-world network experiments, they demonstrated that a website could be paralyzed with just $2, which is only about 0.2% of the cost required for previous attacks.
Notably, the team was the first to show that Tor's security technique, which is intended to mitigate DoS attacks, could actually make such attacks more effective, drawing significant attention.
The research team went beyond merely identifying vulnerabilities; they used mathematical modeling to explain the underlying principles of the vulnerability and proposed guidelines to help Tor maintain a balance between anonymity and availability. These guidelines have been delivered to the Tor developers and are currently being gradually implemented through patches.
Earlier, in February, Roger Dingledine, the founder of Tor, visited KAIST to discuss collaboration with the research team. In June, the Tor administrators expressed their gratitude for the team's proactive disclosure and awarded them a bug bounty worth $800.
Professor Kang stated, "Although the security of the Tor anonymity system is actively studied worldwide, this is the first case of security vulnerability research on Tor in South Korea. The vulnerability we identified is extremely serious and drew considerable attention from many Tor security researchers at the conference."
He added, "Our team will continue comprehensive research, not only to strengthen the anonymity of the Tor system but also to cover areas such as criminal investigations using Tor technology."
This research was conducted with Jinseo Lee, a PhD candidate, as the first author, and Hobin Kim, a researcher (who graduated with a master's degree from the KAIST Graduate School of Information Security and is currently a PhD candidate at Carnegie Mellon University in the United States), as the second author.
Professor Kang's team was also selected for the Basic Research Program (Global Research Laboratory) by the Ministry of Science and ICT this year in recognition of their achievements. Based on this program, the team plans to establish domestic research collaborations with Ewha Womans University and Sungshin Women's University, and expand international cooperation with researchers in the United States and the United Kingdom to conduct in-depth research on Tor vulnerabilities and anonymity over the next three years.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
