Author Topic: TOR Anononymity No Longer Secure  (Read 1131 times)

0 Members and 1 Guest are viewing this topic.

Offline -SpectraL

  • Commandant
  • ****
  • Posts: 1,605
  • Sinking kidiots since 1989
    • View Profile
TOR Anononymity No Longer Secure
« on: November 21, 2014, 11:12:51 pm »


Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be ‘de-anonymised’ – their originating IP addresses revealed – by exploiting the ‘Netflow’ technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers.

Professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi, has co-published a series of papers over the last six years outlining the attack vector, and claims a 100% ‘decloaking’ success rate under laboratory conditions, and 81.4% in the actual wilds of the Tor network.

Chakravarty’s technique [PDF] involves introducing disturbances in the highly-regulated environs of Onion Router protocols using a modified public Tor server running on Linux - hosted at the time at Columbia University. His work on large-scale traffic analysis attacks in the Tor environment has convinced him that a well-resourced organisation could achieve an extremely high capacity to de-anonymise Tor traffic on an ad hoc basis – but also that one would not necessarily need the resources of a nation state to do so, stating that a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits.

Chakravarty says: “…it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods […] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection,”

The technique depends on injecting a repeating traffic pattern – such as HTML files, the same kind of traffic of which most Tor browsing consists – into the TCP connection that it sees originating in the target exit node, and then comparing the server’s exit traffic for the Tor clients, as derived from the router’s flow records, to facilitate client identification.


http://thestack.com/chakravarty-tor-traffic-analysis-141114

Offline aldra

  • Arch Disciple
  • ***
  • Posts: 623
  • albrecht drais
    • View Profile
Re: TOR Anononymity No Longer Secure
« Reply #1 on: November 21, 2014, 11:21:44 pm »
timing attack refined

again, it looks like this only affects clients trying to access standard internet sites as opposed to hidden services as it relates to correlation of data between controlled entry and exit nodes - the bit on the end about the multiple-hidden service raid is irrelevant.

Offline Goatwhore

  • Adherent
  • *
  • Posts: 41
    • View Profile
Re: TOR Anononymity No Longer Secure
« Reply #2 on: November 22, 2014, 01:07:10 am »
Article is nothing but sensationalism. They were able to deanonymize 81% of the traffic they analyzed under lab conditions, but if you actually read the paper, the author himself discusses the practical limitations of this attack.

Also see this response from the Tor devs:

https://blog.torproject.org/blog/traffic-correlation-using-netflows
mashleshmash [11|Dec 01:32 AM]:   god that 7 year old pussy was the best

Offline aldra

  • Arch Disciple
  • ***
  • Posts: 623
  • albrecht drais
    • View Profile
Re: TOR Anononymity No Longer Secure
« Reply #3 on: November 22, 2014, 01:12:27 am »
yeah, skimming over the included pdfs it looks as though he's getting an 80% success rate when he can get access to netflow data... which will not be the majority of the time in the real world

Offline -SpectraL

  • Commandant
  • ****
  • Posts: 1,605
  • Sinking kidiots since 1989
    • View Profile
Re: TOR Anononymity No Longer Secure
« Reply #4 on: November 22, 2014, 01:14:59 am »
Article is nothing but sensationalism. They were able to deanonymize 81% of the traffic they analyzed under lab conditions, but if you actually read the paper, the author himself discusses the practical limitations of this attack.

Also see this response from the Tor devs:

https://blog.torproject.org/blog/traffic-correlation-using-netflows

Actually, they got a 100% rate in the Lab and 81% in the wild, and that article you posted says nothing concrete at all to dispute it. More like just a lot of sputtering and denials.

Offline otangabang

  • Adherent
  • *
  • Posts: 63
    • View Profile
Re: TOR Anononymity No Longer Secure
« Reply #5 on: November 22, 2014, 02:21:39 am »
I wonder what anononononononononononymous thinks about this. Lol, I bet you didn't even do that on purpose.

is it me or is this not news at all beyond the specifics of the case study? Comparing traffic via injections is the way it was always theoretically possible to unmask users at exit nodes, the article just says it's easier to do than previously thought. Basically if the parameters are perfect, it's likely you can unmask traffic. Fucking "news" all right.

Javascript is a much bigger threat to anonymity. Whonix or even a fucking VPN (before or after tor) remedies these problems.

 

Offline komokazi

  • Disciple
  • ***
  • Posts: 280
  • I hate niggers
    • View Profile
Re: TOR Anononymity No Longer Secure
« Reply #6 on: November 22, 2014, 03:13:30 am »
Fear-mongering.
I hate niggers

Offline Goatwhore

  • Adherent
  • *
  • Posts: 41
    • View Profile
Re: TOR Anononymity No Longer Secure
« Reply #7 on: November 22, 2014, 04:05:48 am »
The most significant problem I see with this attack is the 6.4% rate of false positives. Assuming ~1000 users are connected to a given entry guard, it means that even if the client side traffic is visible to the operator of the rogue exit node, he will only be able to narrow it down to 64 possible routes.

More refinement can probably be done, but it seems like Tor's load balancing techniques already defeat timing confirmation to an extent.
mashleshmash [11|Dec 01:32 AM]:   god that 7 year old pussy was the best