[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â October 15th, 2014

Tor Weekly News                                       October 15th, 2014

Welcome to the forty-first issue in 2014 of Tor Weekly News, the weekly
newsletter that covers whatâs happening in the Tor community.

Academic research into Tor: four recent studies

Major contributions to the development and security of Tor are often
made by academic researchers, either in a laboratory setting using
network simulators like ShadowÂ[1], or through measurement and analysis
of the live network itself (taking care not to harm the security or
anonymity of clients and services). Different aspects of Torâs
networking and security, from path selection to theoretical attacks,
have been analysed in three recently-published studies.

Otto Huhtaâs MSc thesisÂ[2] investigates the possibility that an
adversary in control of a non-exit relay could link two or more Tor
circuits back to the same client based on nothing more than timing
information. As Otto explainedÂ[3], âthis is mainly the result of the
fixed 10 minute circuit lifetime and the fact that the transition to
using a new circuit is quite sharp.â With the help of a machine
classifier, and the fact that any one client will build its circuits
through a fixed set of entry guards, the study suggested that such an
adversary âcan focus only on circuits built through these specific nodes
and quite efficiently determine if two circuits belong to the same
user.â There is no suggestion that this knowledge alone poses a serious
deanonymization risk to clients; however, wrote Otto, âour goal was not
to ultimately break the anonymity of any real user but instead to expose
a previously unknown threat so that it can be mitigated before anyone
actually devises an attack around it.â

Steven Murdoch published a paperÂ[4] on the optimization of Torâs node
selection probabilities showing, in Stevenâs wordsÂ[5], âthat what Tor
used to do (distributing traffic to nodes in proportion to their
contribution to network capacity) is not the best approach.â Prior to
publication of the study, âTor moved to actively measuring the network
performance and manipulating the consensus weights in response to
changes. This seems to have ended up with roughly the same outcome.Â[â]
However, the disadvantage is that it can only react slowly to changes in
network characteristics.â

Sebastian Urbach sharedÂ[6] a link to âDefending Tor from Network
Adversaries: A Case Study of Network Path PredictionâÂ[7], in which the
researchers analyze the effect of network features like autonomous
systemsÂ[8] and Internet exchangesÂ[9] on the security of Torâs path
selection, finding that âAS and IX path prediction significantly
overestimates the threat of vulnerability to such adversariesâ, and that
âthe use of active path measurement, rather than AS path modelsâ would
be preferable âin further study of Tor vulnerability to AS- and IX-level
adversaries and development of practical defenses.â

Meanwhile, Philipp Winter took to the Tor blogÂ[10] to summarize some
new findings concerning the the way in which the Chinese state Internet
censorship system (the âGreat Firewall of Chinaâ) acts upon blocked
connections, like those trying to reach Tor, as detailed in a recent
projectÂ[11] to which he contributed. Searching for spatial and temporal
patterns in Chinese censorship activity, the researchers found that
âmany IP addresses inside the China Education and Research Network
(CERNET) are able to connectâ to Tor in certain instances, while the
filtering of other networks â centrally conducted at the level of
Internet exchanges â âseems to be quite effective despite occasional
country-wide downtimesâ.

Each of these studies is up for discussion on the tor-dev mailing
listÂ[12], so feel free to join in there with questions and comments for
the researchers!

[2]:Âhttp://www0.cs.ucl.ac.uk/staff/G.Danezis/students/Huhta14-UCL-Msc.pdf [3]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-September/007517.html
[5]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-October/007601.html [6]:Âhttps://lists.torproject.org/pipermail/tor-relays/2014-October/005434.html

Miscellaneous news

Michael Rogers submittedÂ[13] patches against tor and jtorctl, making
two improvements to the performance of mobile hidden services: one
âavoids a problem where we'd try to build introduction circuits
immediately, all the circuits would fail, and we'd wait for 5 minutes
before trying againâ, and the other â[adds] a command to the control
protocol to purge any cached state relating to a specified hidden


Karsten Loesing publishedÂ[14] a ânon-functionalâ mock-upÂ[15] of a
possible redesign for the Tor Metrics portal, with notes on design
decisions: âFeedback much appreciated. This is the perfect time to
consider your ideas.â


Jeremy Gillula analyzed data relating to Tor node churn found in Tor
consensuses for September 2014, and foundÂ[16] that âon average, 0.003%
of nodes switch from being relay nodes to exit nodes in any given 1-hour
period, and 0.002% switch from being exit nodes to relay nodesâ.


Noel TorresÂ[17] and Andrew LewmanÂ[18] sent their status reports for
September. Roger Dingledine also sent out the report for SponsorFÂ[19].

[17]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-October/000674.html [18]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-October/000676.html [19]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-October/000675.html

Greg Norcie wonderedÂ[20] why the interval at which Tor switches to
using a new circuit was set at ten minutes, and Nick Mathewson
respondedÂ[21] that after the original period of thirty seconds was
found to be unworkable, the new number was selected in 2005 âmore or
less intuitivelyâ. Paul Syverson addedÂ[22] that the choice was âan
informed oneâ, taken after âa bunch of discussions concerning the
trade-offs between the overhead of the public-key operations of circuit
building and the pseudonymous profiling occurring at an exitâ.

[20]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-October/035212.html [21]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-October/035213.html [22]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-October/035217.html

Both Tor and Tails received their first cinematic creditsÂ[23] with the
premiÃre of âCITIZENFOURâÂ[24], a documentary film concerning the recent
disclosure of intelligence documents by Edward Snowden. Eagle-eyed
viewers might spot a well-known hostname in the filmâs trailerâÂ[25]


WhonixQubes reportedÂ[26] on progress in many areas of the Whonix+Qubes
project, which as the name implies is a combination of the WhonixÂ[27]
and QubesÂ[28] operating systems. Among other things, the system now
supports Whonix 9, a community forum has been set up, and greater
upstream integration is being discussed.


News from Tor StackExchange

"What happens when Tor always chooses the same path?" asks MarkÂ[29] and
wants to know which weaknesses this exposes. User194 believes that this
would prevent a âpredecessor attackâ and make the system stronger, while
Lisbeth writes: âThis makes your entire traffic highly fingerprintable
as compared to a standard random path. If your connections always used
A, B, and C nodes, it is statistically unlikely that many other people
are consistently using that same path, therefore itâs very easy to
correlate your traffic to your originating IP.â


Muncher visited a websiteÂ[30] which asked to add HidServAuth into the
torrc and wants to know if it is safe to do soÂ[31]. Jeff recommended
that this is safe because it doesnât divulge anything about the identity
of a user. Mirimir furthermore referred to a question where adrelanos
looks for documentationÂ[32].


Upcoming events

 Oct 15 13:30 UTC | little-t tor development meeting
                  | #tor-dev, irc.oftc.net
 Oct 17 17:00 CET | OONI development meeting
                  | #ooni, irc.oftc.net
 Oct 20 18:00 UTC | Tor Browser online meeting
                  | #tor-dev, irc.oftc.net
 Oct 21 17:00 UTC | little-t tor patch workshop
                  | #tor-dev, irc.oftc.net
 Oct 23 10:10 CET | Andrew @ Broadband World Forum
                  | Amsterdam, Netherlands
                  | http://broadbandworldforum.com/agenda/day-3/#81301

This issue of Tor Weekly News has been assembled by Lunar, qbi, and

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[33], write down your
name and subscribe to the team mailing listÂ[34] if you want to
get involved!

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to