[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: 27C3 on Tor



This doesn't seem like much of a flaw as it is a design decision. See
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#Youshouldsendpaddingsoitsmoresecure.
I'm not trying to dismiss the researcher but maybe someone can give
some insight into how critical this is to the Tor project and what
avenues for remediation there are if any. Anyone have a video of the
presentation?

--
Onionroutor


On Tue, Dec 28, 2010 at 2:07 PM, Eugen Leitl <eugen@xxxxxxxxx> wrote:
>
> (via arsetechnica)
>
> http://arstechnica.com/tech-policy/news/2010/12/flaws-in-tor-anonymity-network-spotlighted.ars
>
> Flaws in Tor anonymity network spotlighted
>
> By John Borland, wired.com | Last updated about 4 hours ago
>
> At the Chaos Computer Club Congress in Berlin, Germany on Monday, researchers
> from the University of Regensburg delivered a new warning about the Tor
> anonymizer network, a system aimed at hiding details of a computer user’s
> online activity from spying eyes.
>
> The attack doesn’t quite make a surfer’s activity an open book, but offers
> the ability for someone on the same local network—a Wi-Fi network provider,
> or an ISP working at law enforcement (or a regime’s) request, for example—to
> gain a potentially good idea of sites an anonymous surfer is viewing.
>
> “Developers have to be aware of this kind of attack, and develop
> countermeasures,” said Dominik Herrmann, a Regensburg PhD student studying
> profiling and fingerprinting attacks. “But that proves to be very difficult.”
>
> The research, performed by a variety of collaborators in Germany working on
> anonymity measures, represents a warning for privacy-conscious users wary of
> spying eyes, whether behind Net-unfriendly borders or simply corporate
> firewalls.
>
> Tor is essentially an online mask, rather than a tool that hides the fact or
> content of communication itself. The project’s developers are addressing the
> problem of traffic analysis—essentially the threat that an attacker or
> observer might be able to tease out a person’s identity, location,
> profession, social network or other information about the message content by
> analyzing a message’s unencrypted headers.
>
> To hide this information, the Tor system routes messages around a winding
> path of volunteer servers across the Net, with each relay point knowing only
> the address of the previous and next step in the pathway.
>
> Once this circuit has been established, neither an eavesdropper nor a
> compromised relay will theoretically have the ability to determine both the
> source and destination of a given piece of communication. According to the
> Tor project’s latest metrics, the network has drawn between 100,000 and
> 300,000 users per day over the last several months.
>
> Herrmann and his fellow researchers say there’s a partial flaw in this
> arrangement, however. A potential eavesdropper on the end user’s own network
> still has the ability to analyze the patterns of data being returned, and in
> many cases will be able to develop a reasonable guess about the source of the
> communication.
>
> An attacker—perhaps an ISP instructed by law enforcement or a government to
> engage in such surveillance—would first have to develop a list of potential
> sites that the target might be visiting, or that it was interested in
> monitoring. It would then run the Tor system itself, testing the way these
> sites appeared when accessed through Tor, developing a database of
> “fingerprints” associated with the sites of interest.
>
> Once the target of the surveillance went online, the eavesdropper would
> capture the packet stream as it crossed the local network and compare the
> source data with its fingerprint database with the help of pattern
> recognition software. Any match would be only statistical, giving somewhere
> between 55 percent and 60 percent certainty, Herrmann said—not enough to
> provide hard evidence in court, but likely more certainty than many people
> seeking privacy might be comfortable with.
>
> Different online destinations will carry different susceptibility to
> fingerprinting, of course. Unusual sites, with characteristics such as very
> heavy or large graphic use, can be more easily identified, Herrmann said. By
> the same token, the easiest way for a website to fool such an eavesdropper
> would be to make its site look as closely as possible like another popular
> site—mimicking the look of the Google site, for example, one of the most
> commonly accessed pages on the Web.
>
> Users themselves can guard against this type of fingerprint-based
> eavesdropping relatively easily, Herrmann noted. Downloading or requesting
> more than one site at a time through the network will muddy the pattern
> enough that certainty will be very difficult for the eavesdropper to
> establish.
>
> The research many not dissuade many from using Tor, which remains one of the
> most promising approaches for individuals seeking to hide aspects of their
> identity or online activity. But it may well make them work harder.
>
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/