Researchers Demo Tor Network Vulnerability

The Tor network is once again under attack, but this time from researchers who claim that they want to ensure ongoing anonymity for Internet users.

The researchers revealed a vulnerability that could allow authorities to discover a Tor user’s location, but have also published some defences that Tor users can employ.

Representatives of the Tor project are apparently evaluating that defence for possible inclusion in future versions of the Tor software.

Tor Vulnerability

The Tor service is famous for keeping users’ identity and location a secret, but the popular anonymity network has been under attack for a while now.

It is thought to have 2.5 million daily users, and the Tor network allows people living under repressive regimes to conceal their Web-browsing habits from surveillance. Websites that host content deemed to be subversive have used Tor to hide the locations of their servers for example.

But now researchers at MIT and the Qatar Computing Research Institute (QCRI) have demonstrated a vulnerability in Tor’s design. At the Usenix Security Symposium this summer, they demonstrated that an adversary could infer a hidden server’s location, or the source of the information reaching a given Tor user, by analysing the traffic patterns of encrypted data passing through a single computer in the Tor network.

“Anonymity is considered a big part of freedom of speech now,” said Albert Kwon, an MIT graduate student in electrical engineering and computer science and one of the paper’s first authors. “The Internet Engineering Task Force is trying to develop a human-rights standard for the Internet, and as part of their definition of freedom of expression, they include anonymity. If you’re fully anonymous, you can say what you want about an authoritarian government without facing persecution.”

Kwon worked with joint first author Mashael AlSabah, an assistant professor of computer science at Qatar University; Srini Devadas, the Edwin Sibley Webster Professor in MIT’s Department of Electrical Engineering and Computer Science; David Lazar, another graduate student in electrical engineering and computer science; and QCRI’s Marc Dacier.

Their attack on Tor requires that the adversary’s computer serve as the guard on a Tor circuit. “Since guards are selected at random, if an adversary connects enough computers to the Tor network, the odds are high that, at least on some occasions, one or another of them would be well-positioned to snoop,” said the researchers.

It is during the data exchange that patterns can be detected by machine-learning algorithms, which could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit.

“Breaking Tor’s encryption wasn’t necessary,” said the researchers. “Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 percent accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 percent certainty, identify it as the service’s host.”

Tor Attacks

To defend against this type of attack, “We recommend that they mask the sequences so that all the sequences look the same,” AlSabah said. “You send dummy packets to make all five types of circuits look similar.”

This is not the first time that Tor has been the subject of a security scare.

This time last year, the Tor Project warned its users of a lengthy campaign which it said may have unmasked Tor users. It blamed researchers at Carnegie-Mellon University, funded by the US government.

The Russian government has previously offered four million roubles for a way to eavesdrop on conversations on the secret network.

Can you look after your personal data online? Take our quiz!