Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacking and Defending the Tor Network

Posted by CmdrTaco on from the takes-a-codpiece-and-a-helmet dept.

Trailrunner7 writes "In a talk at the USENIX LEET workshop Tuesday, Nick Mathewson of the Tor Project discussed the group's recent challenges in responding to suppression efforts by governments in Egypt, China and elsewhere. What the Tor members have learned in these recent incidents is that while governments are becoming more up front about their willingness to shut off Internet access altogether or censor content, users are also becoming more resourceful. Mathewson said that the group is working on methods for alleviating the problems that national-level restrictions cause for Tor users. One method involves moving to a modular transport method in order to get around some of the throttling that ISPs perform on encrypted traffic in order to make Tor usage more difficult. In a separate talk at LEET, Stevens LeBlond of INRIA in France presented research on methods for tracing Tor users back to their IP address. One of the attacks, which LeBlond and his co-authors titled 'Bad Apple,' used an exit node that the researchers controlled in order to trace the streams of data sent by users of BitTorrent over Tor back to their IP addresses."

4 of 132 comments (clear)

  1. Never 100% safe by Tigger's+Pet · · Score: 5, Insightful

    I guess that the research demonstrated by Stevens LeBlond just goes to prove what most of us have known for a long time - even using TOR (and the same will go for any other type of encryption, IP masking etc) you are not 100% safe if somebody wants to work out who you are. The governments may not care too much if you are just sharing a few pirated movies around, although some companies may, but I can guarantee that those carrying out the real illegal activity, such as sharing child-pr0n, will be tracked down one way or another.
    All that TOR does is provides people who aren't really that switched-on with a false sense of security about their activities.

    1. Re:Never 100% safe by alan_dershowitz · · Score: 4, Informative

      The attack relies on the way Bittorrent is used and the fact that it uses UDP for contacting peers (which Tor doesn't route, causing only the tracker connection to be Torified) causing information leak; controlling an exit node to do a MitM); and the fact that Tor multiplexes multiple streams through the same node for performance reasons (meaning you can observe all the traffic that someone is going to through your exit node, once you've established who they are.)

      This attack won't work on you if:

      1. You are only using one app, in particular it won't work on you if all you're using is a browser and TorButton
      2. The same app is not sending data across both Tor and no-Tor
      3. The app in question can detect tampered-with data (SSL cert mismatch, etc.)
      4. As a precautionary measure, you are doing strict firewall egress filtering while using Tor.

      In short, if you are technically knowledgeable and careful, this attack doesn't apply to you. So, it's not the end of the road for Tor and anonymity, although it's a problem for "regular" people using Tor who can't be expected to keep track of all the ways their computer can unmask them.

  2. Re:One word by SuricouRaven · · Score: 4, Interesting

    Massive, massive overhead. Also, only any use for private communications where both parties have already exchanged some form of key.

  3. Re:One word by Locke2005 · · Score: 4, Interesting

    Correct on both counts. But any system that allows new people to join in without being referred by a trusted party invites participation by government infiltrators. Consider key exchange as a form of formal introduction, like a fraternity handshake.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.