Tor Traffic Can Be Deanonymized, Researchers Claim
Researchers at MIT and the Qatar Computing Research Institute (QCRI) have announced that they will be presenting a new paper at the Usenix Security Symposium, which details a new method of deanonymizing Tor encrypted traffic, as Ars Technica reports.
Their research does not try to decrypt Tor’s infamous layered encryption system, but merely uses machine-learning algorithms and a series of “lucky” situations to guess what services or sites the user is navigating.
To better understand some of the concepts, a simple description of the Tor network is needed, and more specifically of the “guard” server.
When a Tor user wants to access a website, their browser’s request is encrypted and passed onto the Tor network. The first server that picks it up is a “guard” server, which peels off some of the encryption and passes it on to another random selected server.
This goes on for a couple of steps until nothing is left of the encryption and the last server, the exit node, forwards the user’s browser request to the actual server that hosts the website.
If attackers add malicious servers to the Tor network, which at one point or another will be selected as “guards” for other users, using complex computer algorithms, intruders could guess some of the user’s traffic.
The more servers an attacker connects to the network, the higher their chances of becoming a guard.
A lot of luck is involved with the scientists’ method
According to researchers, “simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit.”
If the attacker can then pinpoint what kind of traffic is related to Web browsing, researchers say that, with an accuracy of 88%, the algorithms can also tell what sites users have been visiting.
Since the paper was not meant to disrupt the normal functioning of the Tor network, many scientists considering it a bastion of security and anonymity for users around the Globe, they’ve also recommended a way of counter-acting this privacy loophole.
“We recommend that they mask the sequences so that all the sequences look the same. You send dummy packets to make all five types of circuits look similar,” said Mashael AlSabah, assistant professor of computer science at Qatar University.
An official response to the research paper has been offered from the Tor Project by Roger Dingledine, the project leader, which can be read on their official website.
Via: Google Alert for ML