Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Open To Attack

Posted by kdawson on from the peeling-the-onion dept.

An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network."

11 of 109 comments (clear)

  1. Well, not just that. by James_Duncan8181 · · Score: 4, Interesting

    If the attacker advertises absolutely massive values (and hey, it's only a string) they can time out all of the packets and DoS the network too.

    This actually makes me wonder if there is a military/intel datacentre that does this already.

    --
    "To any truly impartial person, it would be obvious that I am right."
    1. Re:Well, not just that. by Kadin2048 · · Score: 5, Interesting

      The military and secretive NSA operations do not care about you or your open source proxy software. Stop trying to make yourself feel special by writing convoluted conspiracy theories.

      No, but the Chinese equivalent of the FBI probably cares a lot about what its citizens are doing on the net, and the ability of users living under hostile regimes to get unfettered network access is one of the goals of projects like Tor.

      There are people with resources besides the NSA.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    2. Re:Well, not just that. by Anonymous Coward · · Score: 2, Interesting

      Exactly. I used to work for a spook house. If I described what lengths they went to keep data secret, people here on slashdot would offer me a nice tin foil hat and a pair of plastic unbreakable no-sharp-edge spoons to play with, and offer me a coat (with long sleeves that seem to buckle in the back). The thing to remember though, is that with all the technology we had, we had to assume that everyone else had at least as much. Pointing a laser at a window 2 miles away and receiving the reflection (non-visible part of the spectrum) and comparing the source with the reflection would give you a vibration ...created by sound outside the glass, but also by sound inside the room. A mic outside would pickup sound outside the glass, filter that and all you are left with is sound inside the room ...from 2 miles away. It was considered old technology 15 years ago. Now imagine a country with 1.1 billion people. Imagine that they aren't all Albert Einstein. Imagine only 1% are engineers. Imagine only half are willing to work for the government. Imagine only 1% of the available engineers are really gifted. 1 in 10 is an electrical engineer. That leaves you with 5500 really gifted electrical engineers working for the government of this country with 1.1 billion people. Could 5500 really gifted engineers create a device at least as good as what I have described? Think hard!

  2. Anonymity Vs Performance in Multi-Hop Networks... by Roger+Wilcox · · Score: 5, Interesting

    ...is really what the article is about. Granted, I only read the abstract, but someone here at /. seems too intent on making a dramatic headline out of this.

    It has been known for some time that anyone with the resources to do so could launch an end-to-end attack on Tor. That someone with relatively few resources could launch the same attack is newsworthy, perhaps, but far more interesting is the observation that optimizing network traffic flow in order to improve performance is the direct cause of this weakness.

  3. Re:How Many Nodes Do You Need to Own? by TheRaven64 · · Score: 3, Interesting

    It doesn't tell you anything meaningful unless it tells you what the requirements on the distribution of the nodes is. You could, hypothetically, run a few thousand tor nodes on a single machine. Would this allow you to compromise a network of a few tens of thousands of nodes?

    --
    I am TheRaven on Soylent News
  4. Re:Could this be avoided? by Kadin2048 · · Score: 3, Interesting

    Well, if they knew the access point you were using (based on the IP address, which they'd then take to the ISP and demand to know the customer address), they'd just go down there and sniff packets for your MAC address. It's fairly trivial at that point to determine the direction that the radio signals are coming from. (There are guys that do it as a hobby.)

    Probably your best bet would be to use a spoofed MAC address, and change both the AP you connect to, the MAC address you report, and the PC's physical location, on a regular and frequent basis. That would make it difficult to determine whether you were a single location that's moving a lot and using different MAC addresses, or were multiple computers each just using the AP periodically.

    Still, there's no foolproof way to avoid discovery against an omnipotent adversary.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  5. COMSEC, not SIGINT by dr.badass · · Score: 4, Interesting

    This actually makes me wonder if there is a military/intel datacentre that does this already.

    Probably, but not for the reasons you think. Tor is known to be used by the military (how much is anybody's guess) for the same reasons anybody else would use it.

    --
    Don't become a regular here -- you will become retarded.
  6. Constant data stream by ishmalius · · Score: 3, Interesting

    Some military broadband links send a constant stream of encrypted data, whether real data or filler. This "hiding in plain sight" reduces the ability of someone to perform traffic analysis on the network in precisely such a manner. This would be awful on the Net, of course, if everyone did it. But people should be aware that encryption is not the only facet of communications security that they need to worry about.

  7. Even if you can't become both the entry/exit... by twistah · · Score: 4, Interesting

    Even if you aren't able to become both the entry and exit mode, using the technique of faking your bandwidth/uptime can lead to more traffic for your exit node, which means more passwords to sniff. Not everyone seems to realize that just because the Tor protocol is encrypted doesn't mean the exit node can't sniff unencrypted traffic. Granted, the exit node has no idea where the traffic came from, but often information such as login information for a personal account can give that away. That's even better than having just an IP. All it takes is to set yourself up as a Tor node (the uptime/bandwidth faking helps) and run a tool like Cain or dsniff.

  8. Re:Could this be avoided? by Anonymous Coward · · Score: 1, Interesting

    Mine is 000C7609A2A9. You can't just put any number (I'm not sure of the rules, maybe the first four digits have to be 000C or something) but simply adding or subtracting a small value to that works.

    The first 6 digits are the manufacturer. (minus a bit or two) Your NIC was made by MSI.
  9. Re:How Many Nodes Do You Need to Own? by mrogers · · Score: 2, Interesting

    TOR has never claimed to provide strong anonymity, you need something like Herbivore for that.

    Herbivore isn't vulnerable to traffic analysis but it's vulnerable to DoS: the attacker's nodes follow the secure entry protocol and get assigned to random cliques. Then they transmit in every round, jamming communication within their cliques. Jamming doesn't require any more bandwidth than normal participation in the protocol, and the source of the jamming can't be detected because communication within a clique is completely anonymous. With cliques of 128 nodes, an attacker who controls 1% of the nodes can jam 72% of the cliques at any given time. If the innocent nodes move to different cliques to escape the jamming, the attackers can move too.