Slashdot Mirror

← Back to Stories (view on slashdot.org)

81% of Tor Users Can Be De-anonymized By Analysing Router Information

Posted by timothy on from the keep-him-on-the-line dept.

An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'

10 of 136 comments (clear)

  1. Dear Tor users: by NoNonAlphaCharsHere · · Score: 5, Insightful

    By "can be" De-anonymized, we mean "have been".

    Sincerely,
    The NSA

    1. Re:Dear Tor users: by Anonymous Coward · · Score: 3, Insightful

      This is *years* old news, with many papers on the subject. Anyone who thought TOR was secure was wildly misinformed by the media, including slashdot.

  2. Can't be true by HornWumpus · · Score: 2, Insightful

    I've been repeatedly told I was paranoid regarding TOR traffic analysis by the the /. hive mind. So this can't be true.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    1. Re:Can't be true by HornWumpus · · Score: 3, Insightful

      Chesters, Silk Road #1, Silk road #2...More to come.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    2. Re:Can't be true by gstoddart · · Score: 5, Insightful

      "So, yes, some of us are still being paranoid. But that doesn't mean that we're not right."

      Spoken like a true paranoid.

      Why, thank you. That's the nicest thing anybody has said to me all week.

      Look, if the reality wasn't that the surveillance programs in place are far more invasive, sophisticated, and all encompassing than we've ever thought possible, I would happily be a slightly paranoid guy in the corner tilting at windmills. I'm OK with that. Everybody needs a hobby, and it's fun at parties.

      The reality is, stuff which we know to be happening is far more widespread than anybody would have believed. They've demonstrated themselves willing to lie to Congress. They get funding from alternate sources which they don't always tell us about. They don't always care about the niceties of the law.

      They've colluded with law enforcement to conceal their ways and means, and come up with ways to charge you and hide how they got there by writing a handbook of perjury and lying.

      They can use secret laws to make it illegal to tell anybody the scope of what they're actually doing.

      So, the problem becomes ... when a high degree of paranoia has been demonstrated to be not nearly paranoid enough ... being somewhat paranoid becomes pretty much mandatory.

      And these guys have made what would have been dismissed as merely paranoid ravings only a few years ago into something which is documented and commonplace.

      So, yeah, I sound paranoid. Because the people who make me paranoid have upped their game to the level where it's hard to imagine I'm being paranoid enough.

      --
      Lost at C:>. Found at C.
    3. Re:Can't be true by sl3xd · · Score: 3, Insightful

      Citation, please? Where are you getting the idea that exit nodes have huge bandwidth bills?

      For example: run a mac mini colo as an exit node, with unmetered bandwidth. $55/month, with 100 Mb of bandwidth, 24x7.

      Or some guy in Korea with 3-5 gigabits of bandwidth at their home for ~$40 USD/month?

      Or a university club running an exit point using approved university resources? (I know my alma matter does)

      Tor exit nodes are often just people hosting them on their own nickel, often at home. You can throttle the tor server to 56 Kib/s, and leave the rest for your own usage.

      --
      -- Sometimes you have to turn the lights off in order to see.
    4. Re:Can't be true by HornWumpus · · Score: 4, Insightful

      Imagine you are a spook who has compromised a 'secure' means of communication.

      Can you think of anything better to do with this then shut it down immediately? Should Bletchly park have gotten on the radio and told the Germans 'neener neener, we broke your codes you jerry morons.'?

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  3. Re:The only solution I can think of by Lunix+Nutcase · · Score: 4, Insightful

    How come we aren't don't doing more of that on government/corporate communications? I mean, turnabout is fair play, no?

    I don't know. Why are you not doing more of that? Most people are not doing it because they don't want to be sent to prison.

  4. Re:The only solution I can think of by gcnaddict · · Score: 3, Insightful

    How would you know if B never sends data back? B is sending junk data just as you are. To an outside observer, the amount of throughput by B would never change even if B sends an actual response.

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
  5. In other words by msobkow · · Score: 4, Insightful

    In other words, you're only "anonymous" if you don't matter.

    --
    I do not fail; I succeed at finding out what does not work.