Slashdot Mirror

← Back to Stories (view on slashdot.org)

81% of Tor Users Can Be De-anonymized By Analysing Router Information

Posted by timothy on from the keep-him-on-the-line dept.

An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'

4 of 136 comments (clear)

  1. Re:Can't be true by HornWumpus · · Score: 5, Interesting

    Can you say 'parallel construction'? I thought you could.

    There is a lot of evidence the TOR is simply a honey-pot.

    False positives are easily dealt with when a user generates traffic for any sort of period of time.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  2. It doesn't matter! by Anonymous Coward · · Score: 5, Interesting

    The whole point of tor for those who are morally and ethically sane, is that it makes monitoring the populus orders of magnitude more expensive!

    Forcing NSA and their ilk to actually target people individually, instead of just passivly collecting plain text data on everyone is exactly what needs to happen!

    Use Tor as much as possible, it is the only thing stopping complete internet surveillance.

  3. So don't use Tor at home? by rvw · · Score: 5, Interesting

    Basically what they are saying is that you should not use Tor at home or at work, but in other places, where you don't do your normal browsing. Make normal and Tor browsing mutually network exlusive!

    1. Re:So don't use Tor at home? by Bob9113 · · Score: 4, Interesting

      Basically what they are saying is that you should not use Tor at home or at work, but in other places, where you don't do your normal browsing.

      Close, but not quite ideal. You should use TOR at home to do strictly legitimate things, to create the haystack in which the needles can be hidden. Then, when you want to do something without being watched, you use TOR with clean hardware and connectivity. Also, when travelling to your clean connectivity, leave your cell phone and other tracking devices at home, and do it somewhere with lots of other people.

      --
      Stop-Prism.org: Opt Out of Surveillance