27C3 on Tor
Eugen Leitl
eugen at leitl.org
Tue Dec 28 19:07:54 UTC 2010
(via arsetechnica)
http://arstechnica.com/tech-policy/news/2010/12/flaws-in-tor-anonymity-network-spotlighted.ars
Flaws in Tor anonymity network spotlighted
By John Borland, wired.com | Last updated about 4 hours ago
At the Chaos Computer Club Congress in Berlin, Germany on Monday, researchers
from the University of Regensburg delivered a new warning about the Tor
anonymizer network, a system aimed at hiding details of a computer user’s
online activity from spying eyes.
The attack doesn’t quite make a surfer’s activity an open book, but offers
the ability for someone on the same local network—a Wi-Fi network provider,
or an ISP working at law enforcement (or a regime’s) request, for example—to
gain a potentially good idea of sites an anonymous surfer is viewing.
“Developers have to be aware of this kind of attack, and develop
countermeasures,” said Dominik Herrmann, a Regensburg PhD student studying
profiling and fingerprinting attacks. “But that proves to be very difficult.”
The research, performed by a variety of collaborators in Germany working on
anonymity measures, represents a warning for privacy-conscious users wary of
spying eyes, whether behind Net-unfriendly borders or simply corporate
firewalls.
Tor is essentially an online mask, rather than a tool that hides the fact or
content of communication itself. The project’s developers are addressing the
problem of traffic analysis—essentially the threat that an attacker or
observer might be able to tease out a person’s identity, location,
profession, social network or other information about the message content by
analyzing a message’s unencrypted headers.
To hide this information, the Tor system routes messages around a winding
path of volunteer servers across the Net, with each relay point knowing only
the address of the previous and next step in the pathway.
Once this circuit has been established, neither an eavesdropper nor a
compromised relay will theoretically have the ability to determine both the
source and destination of a given piece of communication. According to the
Tor project’s latest metrics, the network has drawn between 100,000 and
300,000 users per day over the last several months.
Herrmann and his fellow researchers say there’s a partial flaw in this
arrangement, however. A potential eavesdropper on the end user’s own network
still has the ability to analyze the patterns of data being returned, and in
many cases will be able to develop a reasonable guess about the source of the
communication.
An attacker—perhaps an ISP instructed by law enforcement or a government to
engage in such surveillance—would first have to develop a list of potential
sites that the target might be visiting, or that it was interested in
monitoring. It would then run the Tor system itself, testing the way these
sites appeared when accessed through Tor, developing a database of
“fingerprints” associated with the sites of interest.
Once the target of the surveillance went online, the eavesdropper would
capture the packet stream as it crossed the local network and compare the
source data with its fingerprint database with the help of pattern
recognition software. Any match would be only statistical, giving somewhere
between 55 percent and 60 percent certainty, Herrmann said—not enough to
provide hard evidence in court, but likely more certainty than many people
seeking privacy might be comfortable with.
Different online destinations will carry different susceptibility to
fingerprinting, of course. Unusual sites, with characteristics such as very
heavy or large graphic use, can be more easily identified, Herrmann said. By
the same token, the easiest way for a website to fool such an eavesdropper
would be to make its site look as closely as possible like another popular
site—mimicking the look of the Google site, for example, one of the most
commonly accessed pages on the Web.
Users themselves can guard against this type of fingerprint-based
eavesdropping relatively easily, Herrmann noted. Downloading or requesting
more than one site at a time through the network will muddy the pattern
enough that certainty will be very difficult for the eavesdropper to
establish.
The research many not dissuade many from using Tor, which remains one of the
most promising approaches for individuals seeking to hide aspects of their
identity or online activity. But it may well make them work harder.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list