Slashdot Mirror
Tor Open To Attack
An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network."
If the attacker advertises absolutely massive values (and hey, it's only a string) they can time out all of the packets and DoS the network too.
This actually makes me wonder if there is a military/intel datacentre that does this already.
"To any truly impartial person, it would be obvious that I am right."
"We show that even if an adversary can control a few malicious nodes -- 3 to 6 with a PlanetLab network of 60 honest servers -- the adversary can still compromise the identity of a significant fraction of the connections from new clients."
3 to 6 servers out of 60 is still 5 to 10 percent. That's fine for small networks, but for a network with hundreds or thousands of nodes, controlling 5 to 10 percent may become infeasible. Does this attack require the number of nodes to scale with network size?
We all know what to do, but we don't know how to get re-elected once we have done it
"Feb 25 16:16:02.628 [notice] Tor v0.1.1.xx. This is experimental software. Do not rely on it for strong anonymity."
Thus proving, once again, that Tor is only for the Quasi-anonymous group.
...is really what the article is about. Granted, I only read the abstract, but someone here at /. seems too intent on making a dramatic headline out of this.
It has been known for some time that anyone with the resources to do so could launch an end-to-end attack on Tor. That someone with relatively few resources could launch the same attack is newsworthy, perhaps, but far more interesting is the observation that optimizing network traffic flow in order to improve performance is the direct cause of this weakness.
From what I can tell, it sounds like an attack can be either minimized or avoided completely if there are enough "server" nodes in the network. The "server" nodes, or the nodes that are exposed to the potential naughtiness, are always in short supply due to people understandably not wanting the FBI to show up to their door, hauling them off to Guantanamo Bay for a round of government-sanctioned torture. The thing is, for the time being, we're seeing a proliferation of completely open (untraceable) wireless networks that could potentially solve this problem. If a relatively large number of geeks were to throw a machine at their local free wireless connections, then they could potentially help out the TOR network for people who don't have access to such an "open" network. Now, we will eventually see these wide open free-for-alls shut down once the feds get their heads out of their asses and start taking Net-based crime seriously. But for the time being, we should all pitch in and take advantage of these networks while we've got 'em. I'm working on putting together a few Frankenstein PC's now and they'll be sitting within range of my town's wireless network, and they'll be routing TOR traffic. If somebody does some truly nasty stuff, and it comes out via one of my TOR nodes, then all the federales will be able to see will be the MAC addresses of my network cards, and have no idea where to find said network cards on the wireless network.
I don't respond to AC's.
This actually makes me wonder if there is a military/intel datacentre that does this already.
Probably, but not for the reasons you think. Tor is known to be used by the military (how much is anybody's guess) for the same reasons anybody else would use it.
Don't become a regular here -- you will become retarded.
Even if you aren't able to become both the entry and exit mode, using the technique of faking your bandwidth/uptime can lead to more traffic for your exit node, which means more passwords to sniff. Not everyone seems to realize that just because the Tor protocol is encrypted doesn't mean the exit node can't sniff unencrypted traffic. Granted, the exit node has no idea where the traffic came from, but often information such as login information for a personal account can give that away. That's even better than having just an IP. All it takes is to set yourself up as a Tor node (the uptime/bandwidth faking helps) and run a tool like Cain or dsniff.
Hmmm... I'm sure Freenet didn't get this much attention when they discovered that their encryption code was only actually encrypting half the data (128 bits out of every 256 bit word). Must be because no-one actually uses Freenet...