======================================================================== Tor Weekly News August 6th, 2014 ======================================================================== Welcome to the thirty-first issue of Tor Weekly News in 2014, the weekly newsletter that covers what is happening in the Tor community. Tor and the RELAY_EARLY traffic confirmation attack --------------------------------------------------- Roger Dingledine ended several months of concern and speculation in the Tor community with a security advisory posted to the tor-announce mailing listÂ[1] and the Tor blogÂ[2]. In it, he gave details of a five-month-long active attack on operators and users of Tor hidden services that involved a variant of the so-called âSybil attackâ: the attacker signed up âaround 115 fast non-exit relaysâ (now removed from the Tor network), and configured them to inject a traffic header signal consisting of RELAY_EARLY cells to âtagâ any hidden service descriptor requests received by malicious relays â a tag which could then be picked up by other bad nodes acting as entry guardsÂ[3], in the process identifying clients which requested information about a particular hidden service. The attack is suspected to be linked to a now-cancelled talk that was due to be delivered at the BlackHat security conferenceÂ[4]. There have been several fruitful and positive research projects involving theoretical attacks on Torâs security, but this was not among them. Not only were there problems with the process of responsible disclosure, but, as Roger wrote, âthe attacker encoded the name of the hidden service in the injected signal (as opposed to, say, sending a random number and keeping a local list mapping random number to hidden service name)â, thereby â[putting] users at risk indefinitely into the futureâ. On the other hand, it is important to note that âwhile this particular variant of the traffic confirmation attack allows high-confidence and efficient correlation, the general class of passive (statistical) traffic confirmation attacks remains unsolved and would likely have worked just fine hereâ. In other words, the tagging mechanism used in this case is the innovation; the other element of the attack is a known weakness of low-latency anonymity systems, and defending against it is a much harder problem. âUsers who operated or accessed hidden services from early February through July 4 should assume they were affectedâ and act accordingly; in the case of hidden service operators, this may mean changing the location of the service. Accompanying the advisory were two new releases for both the stable and alpha tor branches (0.2.4.23 and 0.2.5.6-alpha); both include a fix for the signal-injection issue that causes tor to drop circuits and give a warning if RELAY_EARLY cells are detected going in the wrong direction (towards the client), and both prepare the ground for clients to move to single entry guards (rather than sets of three) in the near future. Relay operators should be sure to upgrade; a point-release of the Tor Browser will offer the same fixes to ordinary users. Nusenu suggestedÂ[5] that relay operators regularly check their logs for the new warning, âeven if the attack origin is not directly attributable from a relayâs point of viewâ. Be sure to read the full security advisory for a fuller explanation of the attack and its implications. [1]:Âhttps://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html [2]:Âhttps://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack [3]:Âhttps://www.torproject.org/docs/faq#EntryGuards [4]:Âhttps://blog.torproject.org/blog/recent-black-hat-2014-talk-cancellation [5]:Âhttps://lists.torproject.org/pipermail/tor-relays/2014-August/005046.html Why is bad-relays a closed mailing list? ---------------------------------------- Damian Johnson and Philipp Winter have been working on improving the process of reporting bad relaysÂ[6]. The process starts by having users report odd behaviors to the bad-relays mailing list. Only a few trusted volunteers receive and review these reports. Nusenu started a discussion on tor-talkÂ[7] advocating for more transparency. Nusenu argues that an open list would âlikely get more confirm/canât confirm feedback for a given badexit candidateâ, and that it would allow worried users to act faster than operators of directory authorities. Despite being âusually on the side of transparencyâ, Roger Dingledine describedÂ[8] being âstuckâ on the issue, âbecause the arms race is so lopsidedly against usâ. Roger explains: âwe can scan for whether exit relays handle certain websites poorly, but if the list that we scan for is public, then exit relays can mess with other websites and know theyâll get away with it. We can scan for incorrect behavior on various ports, but if the list of ports and the set of behavior we do is public, then again relays are free to mess with things we donât look for.â A better future and more transparency probably lies in adaptive test systems run by multiple volunteer groups. Until they come to existence, as a small improvement, Philipp Winter wroteÂ[9] it was probably safe to publish why relays were disabled, through âshort sentence along the lines of ârunning HTTPS MitMâ or ârunning sslstripââ. [6]:Âhttps://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays [7]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-July/034198.html [8]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html [9]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-July/034216.html Monthly status reports for July 2014 ------------------------------------ Time for monthly reports from Tor project members. The July 2014 round was opened by Georg KoppenÂ[10], followed by Philipp WinterÂ[11], Sherief AlaaÂ[12], LunarÂ[13], Nick MathewsonÂ[14], Pearl CrescentÂ[15], George KadianakisÂ[16], Matt PaganÂ[17], Isis LovecruftÂ[18], Griffin BoyceÂ[19], Arthur EdelsteinÂ[20], and Karsten LoesingÂ[21]. [10]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-July/000598.html [11]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-July/000599.html [12]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html [13]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html [14]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000604.html [15]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000605.html [16]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000608.html [17]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000609.html [18]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000610.html [19]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000611.html [20]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000612.html [21]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000614.html Lunar reported on behalf of the help deskÂ[22] and Mike Perry for the Tor Browser teamÂ[23]. [22]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000602.html [23]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000607.html Miscellaneous news ------------------ Anthony G. Basile announced a new release of tor-ramdisk, an i686 or x86_64 uClibc-based micro Linux distribution whose only purpose is to host a Tor server. Version 20140801Â[24] updates Tor to version 0.2.4.23, and the kernel to 3.15.7 with Gentooâs hardened patches. [24]:Âhttp://opensource.dyc.edu/pipermail/tor-ramdisk/2014-August/000132.html meejah has announcedÂ[25] a new command-line application. carmlÂ[26] is a versatile set of tools to âquery and control a running Torâ. It can do things like âlist and remove streams and circuits; monitor stream, circuit and address-map events; watch for any Tor event and print it (or many) out; monitor bandwidth; run any Tor control-protocol command; pipe through common Unix tools like grep, less, cut, etcetera; download TBB through Tor, with pinned certs and signature checking; and even spit out and run xplanet configs (with router/circuit markers)!â The application is written in Python and uses the txtorconÂlibraryÂ[27]. meejah describes it as early-alpha and warns that it might contain âserious, anonymity-destroying bugsâ. Watch out! [25]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-August/007295.html [26]:Âhttps://github.com/meejah/carml [27]:Âhttps://txtorcon.readthedocs.org/ Only two weeks left for the Google Summer of Code students, and the last round of reports but one: Juha Nurmi on the ahmia.fi projectÂ[28], Marc Juarez on website fingerprinting defensesÂ[29], Amogh Pradeep on Orbot and Orfox improvementsÂ[30], Zack Mullaly on the HTTPS Everywhere secure ruleset update mechanismÂ[31], Israel Leiva on the GetTor revampÂ[32], Quinn Jarrell on the pluggable transport combinerÂ[33], Daniel Martà on incremental updates to consensus documentsÂ[34], Noah Rahman on Stegotorus enhancementsÂ[35], and Sreenatha Bhatlapenumarthi on the Tor Weather rewriteÂ[36]. [28]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000600.html [29]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-August/000606.html [30]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-August/007282.html [31]:Âhttps://lists.eff.org/pipermail/https-everywhere/2014-August/002199.html [32]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-August/007284.html [33]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-August/007285.html [34]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-August/007287.html [35]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-August/007288.html [36]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-August/007293.html The Tails team is looking for testers to solve a possible incompatibility in one of the recommended installation procedures. If you have a running Tails system, a spare USB stick and some time, please helpÂ[37]. Donât miss the recommended command-line optionsÂ[38]! [37]:Âhttps://mailman.boum.org/pipermail/tails-testers/2014-July/000059.html [38]:Âhttps://mailman.boum.org/pipermail/tails-testers/2014-July/000060.html The Citizen Lab Summer InstituteÂ[39] took place at the University of Toronto from July 28 to 31. The event brought together policy and technology researchers who focus on Internet censorship and measurement. A lot of great work was presented including but not limited to a proposal to measure the chilling effect, ongoing work to deploy TelexÂ[40], and several projects to measure censorship in different countries. Some Tor-related work was also presented: Researchers are working on understanding how the Tor network is used for political purposes. Another project makes use of TCP/IP side channels to measure the reachability of Tor relays from within ChinaÂ[41]. [39]:Âhttps://citizenlab.org/summerinstitute/2014.html [40]:Âhttp://freehaven.net/anonbib/cache/usenix11-telex.pdf [41]:Âhttps://arxiv.org/pdf/1312.5739.pdf The Electronic Frontier Foundation wrote two blog posts to show why Tor is important for universities and how universities can help the Tor network. The first partÂ[42] explains why Tor matters, gives several examples of universities already contributing to the Tor network, and outlines a few reasons for hosting new Tor nodes. The second partÂ[43] gives actual tips on where to start, and how to do it best. [42]:Âhttps://www.eff.org/deeplinks/2014/08/tor-campus-part-i-its-been-done-and-should-happen-again [43]:Âhttps://www.eff.org/deeplinks/2014/08/tor-campus-part-ii-icebreakers-and-risk-mitigation-strategies Tor help desk roundup --------------------- Users occasionally ask if there is any way to set Tor Browser as the default browser on their system. Currently this is not possible, although it may be possible in a future Tor Browser releaseÂ[44]. In the mean time, Tails provides another way to prevent accidentally opening hyperlinks in a non-Tor browser. [44]:Âhttps://bugs.torproject.org/12763 Easy development tasks to get involved with ------------------------------------------- Tor Launcher is the Tor controller shipped with Tor Browser written in JavaScript. Starting with Firefox 14 the ânsILocalFileâ interface has been deprecated and replaced with the ânsIFileâ interfaceÂ[45]. What we should do is replace all instances of ânsILocalFileâ with ânsIFileâ and see if anything else needs fixing to make Tor Launcher still work as expected. If you know a little bit about Firefox extensions and want to give this a try, clone the repositoryÂ[46], make the necessary changes, run âmake packageâ, and tell us whether something broke in interesting ways. [45]:Âhttps://bugs.torproject.org/10573 [46]:Âhttps://gitweb.torproject.org/tor-launcher.git Upcoming events --------------- Aug. 6 19:00 UTC | little-t tor development meeting | #tor-dev, irc.oftc.net | Aug. 11 18:00 UTC | Tor Browser online meeting | #tor-dev, irc.oftc.net | https://lists.torproject.org/pipermail/tbb-dev/2014-August/000100.html | August 18 | Roger @ FOCI â14 | San Diego, California, USA | https://www.usenix.org/conference/foci14 | August 20-22 | Roger @ USENIX Security Symposium â14 | San Diego, California, USA | https://www.usenix.org/conference/usenixsecurity14 This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt Pagan, Philipp Winter, David Fifield, Karsten Loesing, and Roger Dingledine. Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project pageÂ[47], write down your name and subscribe to the team mailing listÂ[48] if you want to get involved! [47]:Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews [48]:Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk