Academics Build a New Tor Client Designed To Beat the NSA

← Back to Stories (view on slashdot.org)

Academics Build a New Tor Client Designed To Beat the NSA

Posted by timothy on Thursday May 21, 2015 @07:50AM from the non-spy-vs-spy dept.

An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.

63 comments

Min score:

Reason:

Sort:

So where is the source code? by Anonymous Coward · 2015-05-21 07:53 · Score: 3, Informative

no source code == no story
1. Re:So where is the source code? by Anonymous Coward · 2015-05-25 03:28 · Score: 0
  
  Yet this, the source code is far clean up the finished work week ..
  https://lists.torproject.org/pipermail/tor-talk/2015-May/037912.html
written by the NSA by MooseTick · 2015-05-21 07:55 · Score: 4, Interesting

If the NSA were going to create a TOR substitute, wouldn't this be how they would want to describe it?

--
Ninjas don't carry tic tacs
1. Re:written by the NSA by Anonymous Coward · 2015-05-21 08:02 · Score: 5, Informative
  
  TOR was originally developed by the Navy to hide CIA and NSA traffic. It was released to the public specifically to allow everybody's lesser-importance traffic to provide cover for said spies.
2. Re:written by the NSA by Anonymous Coward · 2015-05-21 08:06 · Score: 0
  
  If the NSA were trying to discourage people from using this client, wouldn't comments like the OP be the way they would dissuade people?
3. Re:written by the NSA by Anonymous Coward · 2015-05-21 08:08 · Score: 0
  
  Of course /. is now totally useless because the remaining users are more paranoid than coke-heads.
4. Re:written by the NSA by Anonymous Coward · 2015-05-21 08:14 · Score: 2
  
  Why would they want to?
  They know the security features of Tor and probably need them for themselves. They also know they can classify tor users as suspicious based on their tor usage alone. They don't need to make a substitute, it would probably even be bad for them. They have stated quite often that they only work with metadata and its probably correct, metadata is a lot easier to work with than the actual data and it gives them all they need. With tor they will know the metadata but might not know the actual data, does that matter to them? Never mind that being the top predator in the internet business, they, with the GCHQ are probably the only ones that might be able to see the whole tor network. You can't use tor to hide from somebody if they can follow every hop you make. They don't need to own any tor nodes if they just watch everything. So they have no good reason to destroy tor while they have plenty of good reason to keep it (if they are confident that nobody else has their capabilities).
  You can't hide among people like you if the target is people like you. You need something like tor that is used by many different people if you want to hide among them.
5. Re:written by the NSA by marcroelofs · 2015-05-21 08:15 · Score: 1
  
  Yes, but they wouldn't mention Israel. That would trigger too many red flags.
6. Re:written by the NSA by countSudoku() · 2015-05-21 08:26 · Score: 1
  
  What happened to my net? It seems all stux!
  Seriously, beating the NSA does nothing. You need to give them a real punishment that means something to them and then not waver when they complain. It's the only way they'll learn good manners.
  
  --
  This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
7. Re:written by the NSA by PolygamousRanchKid+ · 2015-05-21 08:28 · Score: 1
  
  I've always wondered if the NSA has academics "informally" on their payroll. In East Germany, the secret police, called the Stasi, had loads of folks working "informally" for them.
  The NSA would pay (or bribe?) the academics to mislead research with disinformation, and intentionally build in a backdoor.
  Of course, one might think that academics would have some sense of integrity. But these days, nothing really surprises me anymore.
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
8. Re:written by the NSA by Anonymous Coward · 2015-05-21 08:29 · Score: 0
  
  They have their own darker net.
9. Re:written by the NSA by Anonymous Coward · 2015-05-21 08:32 · Score: 2, Insightful
  
  Paranoia on a site hosted in a country where Sgt. Friendly of the local Police dept. rides around on an APC in full riot gear ready to pepper spray protesters in the face in a country with "free speech" written as an inalienable right?
  Trust has been eroding steadily for decades
10. Re:written by the NSA by Cafe+Alpha · 2015-05-21 09:02 · Score: 1
  
  My head assplode!
11. Re:written by the NSA by Archangel+Michael · 2015-05-21 10:08 · Score: 1
  
  For Tor to be effective, more people need to use Tor. The problem is, people using Tor are usually people needing to (or wanting to) hide something, not the "more" people needed.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
12. Re:written by the NSA by Anonymous Coward · 2015-05-21 11:18 · Score: 1
  
  And how did that work out?
13. Re:written by the NSA by Anonymous Coward · 2015-05-21 11:27 · Score: 0
  
  Yep. Think about this: They managed to get the majority of hard drive manufacturers to have a special space on the hard drive for surveillance, and its deployment went on for years before anyone noticed. That sure reveals a lot about the millions/billions of users of devices *assuming* that the creators, or at least someone, has checked it out in depth.
  They probably at least have a tentacle wrapped on one of the developers who will inject a backdoor or reveal key components enough to make the system just another way of getting naked.
14. Re:written by the NSA by Cafe+Alpha · 2015-05-21 13:18 · Score: 1
  
  Citation needed.
15. Re:written by the NSA by Anonymous Coward · 2015-05-21 18:44 · Score: 0
  
  To find the IP address of nodes, simply use Tor to surf to a website owned by yourself. For example if the NSA wanted to find nodes, they could use Tor to surf to their own website. The node they connect to and the exit node completing the connection to their owned page reveal 2 nodes in one shot. This is independent of the path between nodes.
  How much traffic on your exit node connects to some obscure website designed to log IP addresses. Not all websites owned by the NSA are registered directly as NSA property.
16. Re:written by the NSA by MrNiceguy_KS · 2015-05-22 07:15 · Score: 2
  
  For Tor to be effective, more people need to use Tor. The problem is, people using Tor are usually people needing to (or wanting to) hide something, not the "more" people needed.
  This is why I make it a point to fire up the Tor browser at least a couple of times a week. It's not because I'm doing something I want to hide, it's that everybody should be free from having to live under the all-seeing Eye of Sauron. If they're going to watch all Tor traffic, they can watch my webcomics and funny cat pictures.
  
  --
  Redundancy is good And also good.
17. Re: written by the NSA by Anonymous Coward · 2015-05-22 07:44 · Score: 0
  
  Ahem, THIS (for all those not paying attention).
Bad headline by OverlordQ · 2015-05-21 07:56 · Score: 5, Insightful

Should be 'Academics hypothesize better tor client', since all they're giving out is their analysis and not sourcecode there's no way to verify their claims.

--
Your hair look like poop, Bob! - Wanker.
1. Re:Bad headline by Anonymous Coward · 2015-05-21 08:12 · Score: 2, Interesting
  
  Nah, should be: Academics Build a Hypothetical Framework for the NSA to Beat Before It's Ever Implemented. ... then again I would title it: Academics Continue to Ignore that NSA can NSA can inject exploits into any Tor Exit Node's traffic. You're fucked once the Ferret Cannon has you in its sights. All you need to do is be interesting and access HTTPS:// since the NSA assumes any encrypted traffic is non-USA-ian because they can't prove origin without hacking it.
  Aside: This combined with the fact that the TLS/PKI Certificate Authority system is a complete security theater, I find Mozilla's opting for HTTPS only to be the only reason I need never to use their browser again. Think about it: If only HTTPS traffic is allowed then all the govs need to do to silence a site is revoke the cert. Talk about a single point of failure. Personally, I'm thinking that "the web" is dead, Internet enabled applications are better at basically everything. Long Live The Internet, but fuck the web.
2. Re:Bad headline by Anonymous Coward · 2015-05-21 08:21 · Score: 0
  
  You can accept a certificate that isn't in the list of CAs your browser trusts. An untrusted cert is better than plain HTTP traffic since at least it's encrypted (even though in neither situation you know if the server really is who you think it is). There's no excuse to not encrypt everything in this age.
3. Re:Bad headline by Anonymous Coward · 2015-05-21 08:33 · Score: 0
  
  Transmission encryption without authentication is useless in the vast majority of cases. I can just MITM the line and shive in my own self signed cert. How many people are going to tell the different between cert 86:65:f7:dc:6f:65:ba:83:a4:74:72:42:31:3d:ec:88:cf:7b:83:69 and cert
  bc:bb:cc:9e:e4:15:c6:34:26:dc:47:51:59:4a:53:da:29:85:62:b8? Good luck teaching grandma, or your parent's, or your non-techy sibling how to validate it in any way.
4. Re:Bad headline by Anonymous Coward · 2015-05-21 08:37 · Score: 0
  
  Except, Zogmilla's SSL only initiative also disallows self signed certs, just can't even host them instead of a screen about "risky business".
  Excuse me, I'm drunk on power and positing on teh interwobs.
5. Re:Bad headline by Anonymous Coward · 2015-05-21 08:37 · Score: 0
  
  There are plenty of reasons not to encrypt everything. The vast majority of web content is not sensitive information. You sacrifice power and performance on mobile devices, content caching capabilities, and simple client debugging to name a few.
6. Re:Bad headline by Anonymous Coward · 2015-05-21 08:40 · Score: 0
  
  There's no excuse to not encrypt everything in this age.
  > implying that TLS actually works with caching.
  Your new is showing, and it's not even September.
7. Re:Bad headline by skids · 2015-05-21 08:51 · Score: 2
  
  Transmission encryption without authentication is useless in the vast majority of cases.
  No, it isn't. Because in the vast majority of cases your traffic wasn't interesting enough to MITM the first time you connected to the server, and after that, you've stored the key you found there and can be alerted if it changes. Also you can post-verify to see whether you've been MITMd if you care to know whether the horse is out of the barn, which isn't as useful as keeping the horse in the barn, but still qualifies as useful.
  
  --
  Someone had to do it.
8. Re:Bad headline by skids · 2015-05-21 08:54 · Score: 1
  
  About the only argument for not encrypting that holds water is if you want an offboard IPS to see the attack packets. Caching and resources are of steadily diminishing importance.
  
  --
  Someone had to do it.
9. Re:Bad headline by Qzukk · 2015-05-21 09:31 · Score: 1
  
  your traffic wasn't interesting enough
  How interesting is interesting enough? Interesting enough to spend $5 on? $0.05? GCHQ redirected the slashdot site for Belgacom users to their own servers, so slashdot readers are at least that interesting, and mass observation programs like PRISM make it cheaper and cheaper to watch you.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
10. Re:Bad headline by skids · 2015-05-27 15:27 · Score: 1
  
  MITMs are different than just sniffing.
  You can tell, in fact, that you were MITMd post hoc, because you can compare the cert that was used versus a copy of the cert obtained through other means. That's easiest to do if you have admin access to the server, of course, but those of us that do, know that MITM attacks are rare.
  
  --
  Someone had to do it.
Tools by Anonymous Coward · 2015-05-21 07:58 · Score: 0

The only tool here is the fool who trusts this thing.
Nexus by Anonymous Coward · 2015-05-21 08:13 · Score: 0

It all goes thru NEXUS anyway
you've got a nice algorithm there by turkeydance · 2015-05-21 08:16 · Score: 1

it would be a shame.......
1. Re:you've got a nice algorithm there by Anonymous Coward · 2015-05-21 08:23 · Score: 0
  
  it would be a shame.......
  if it had a secret subtle flaw that exposes users only to the NSA.
2. Re:you've got a nice algorithm there by Cafe+Alpha · 2015-05-21 09:05 · Score: 1
  
  Our darknets are better than their darknets. If you read the history of darknet systems I think there are two or three of them, Japanese ones, that turned out to have serious flaws - programs are out that will give you the IP addresses of people on one of them, of commenters on the other. And the Japanese police went around picking people up. Major difference from our ones, theirs weren't open sourced.
Link padding by Anonymous Coward · 2015-05-21 08:25 · Score: 2, Interesting

the article seems to miss on the details. How can you choose "safe" circuits when it is assumed that all points are compromised?
The best defense is chatty end points. Just spew requests continuously and that defeats traffic analysis. They used to call it link padding.
1. Re:Link padding by Anonymous Coward · 2015-05-21 09:27 · Score: 2, Informative
  
  The problem with link padding is that it would be very costly for Tor nodes and for usability.
  Firstly, link padding would require rate-limiting each link to something quite small to keep bandwidth reasonable. If you think Tor is slow now, it would be much slower with padding.
  Secondly, link padding also requires batching circuit construction. If a new link comes in, you can't immediately allow the Tor user to open a new link out. You have to wait and batch multiple outgoing link requests. That increases latency significantly to something much more than people already tolerate. Likewise, when a circuit is destroyed you can't immediately close all the links. You have to batch closure. In the meantime those links are just eating up bandwidth.
  Thirdly, link padding _ideally_ requires propagating packet delays, similar to the the way you batch circuit constructions and closure. If the network did this, it would be trivial to DoS the Tor network because the network would amplify disruptions. But in practice I don't think this would ever be implemented.
  Tor has succeeded mostly because of it's popularity. Even with link padding improving the security, you still need a large, active community using the network to maintain anonymity. Basically, as is typical you must rely on the pr0n and file-sharing subset to build the critical mass. Those folks are especially sensitive to bandwidth and latency.
  Yes, link padding (which is the basis of Wei Dai's original pipenet proposal*, which itself predated the Navy's Onion Routing project) is the ideal. It's basically how e-mail mixers work. But it would also make the network as useable as e-mail mixers are, which is not very useable in the context of the web.
  * http://www.weidai.com/pipenet.txt
2. Re:Link padding by TheCarp · 2015-05-21 10:13 · Score: 1
  
  Sounds right to me, except for the assumption that link batching would necessarily increase latency. I believe tor already handles asycnronously in most cases and only rotates circuits as needed or about every 10 minutes.
  So circuit creation time, generally speaking, should have little effect that the user can see (unless he requests a new circuit through a control app).
  
  --
  "I opened my eyes, and everything went dark again"
israel? by mOzone · 2015-05-21 08:28 · Score: 2

i never seen anything come out of israel that wasnt backdoored.. Icq skype etc
i think showden files had things about this also
1. Re:israel? by BlueStrat · 2015-05-21 08:56 · Score: 1, Troll
  
  i never seen anything come out of israel that wasnt backdoored.. Icq skype etc
  i think showden files had things about this also
  I'd be far more likely to trust Israeli-produced tools as opposed to anything from the Five Eyes.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
2. Re:israel? by Anonymous Coward · 2015-05-21 09:30 · Score: 1
  
  Scarlett Johansson? She's as pure as the driven snow. I'm sure she's never been backdoored.
3. Re:israel? by Anonymous Coward · 2015-05-21 15:23 · Score: 1
  
  i never seen anything come out of israel that wasnt backdoored.. Icq skype etc
  i think showden files had things about this also
  I'd be far more likely to trust Israeli-produced tools as opposed to anything from the Five Eyes.
  Strat
  Didn't you see the Snowden docs last year saying Israel became the Sixth Eye?
4. Re:israel? by BlueStrat · 2015-05-21 19:44 · Score: 1
  
  Didn't you see the Snowden docs last year saying Israel became the Sixth Eye?
  No, I apparently missed it. Thanks, I will investigate and if accurate, modify my opinion accordingly.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
5. Re:israel? by __aasehi2499 · 2015-05-22 00:37 · Score: 1
  
  You forgot to say "Bazinga!"
6. Re:israel? by Sun · 2015-05-22 01:16 · Score: 1
  
  Spreading FUD all over, aren't we?
  First, Skype is not, and has never been, Israeli. ICQ hasn't been Israeli for ages and ages (sold to AOL, that's America Online) in 1998. That's 17 years ago. Either way, a search for "ICQ snowden backdoor" shows nothing relevant in any of the first 10 results, causing me to question the validity of trusting you as a source. If I'm wrong, by all means, please do provide sources.
  Second, I used to be in charge of Check Point's product security (late 2000 to early 2003). If any Israeli product is backdoored, you'd expect Check Point's Firewall-1 to be it. In order for that to work, I'd need to know about it, or I might accidentally close the back door. I give you my word as a non-anonymous long time user of this site that no such intentional back doors exist in the product. I have never been asked to not fix a problem I've found, or to not look for certain types of security problems.
  During my time there, a few security problems were found in FW-1. If memory serves me right, most were in the management and not in the actual enforcement unit. Either way, I have never seen such a problem and thought "this seems intentional". They always seemed like no more nor less than the usual sloppy programming creating security holes.
  Israel has a notorious "cypher law". I actually did produce an encryption product. I only registered it after several years in which it was freely available through sourceforge. The registration process included me sending a request with links to the web site, and a reply saying it was approved as a "free encryption device" (i.e. - I do not need to re-validate it unless I change the crypto).
  Now, I know the usual FUD about rsyncrypto, and I know people will say that that's because rsyncrypto's encryption sucks to begin with. All I can say about that is that the cypher law makes it legal to use freely available encryption from the internet without restriction (i.e. - gpg, ssh etc.). They also list the number of applications they processed and denied, and the last time they denied any application was around 2002 (I cannot find the page right now, sorry).
  So, all in all, I think this:
  
  i never seen anything come out of israel that wasnt backdoored.. Icq skype etc
  i think showden files had things about this also
  is concentrated bullshit.
  Shachar
7. Re:israel? by mOzone · 2015-05-22 07:16 · Score: 1
  
  http://intelnews.org/2013/06/2...
  https://www.middleeastmonitor....
  100s more storys on this
  sorry after reading a lot about how skype bent over or hacked by/for israel i figured they are a israeli company
  still no reason to trust israeli companys.. when it comes to safe software packages
8. Re:israel? by Sun · 2015-05-22 07:32 · Score: 1
  
  100s more storys on this
  Why don't you pick ONE that is actually about an actual Israeli company actually backdooring its own products for the Israeli government (or whatever)?
  Because that was and is your claim, and neither of the two stories you linked discuss that. The first discusses Skype setting a backdoor, but does not mention Israel in any way or form (and even if it did, Skype is not, and has never been, an Israeli company). The second talks about how the NSA is cooperating with Israeli intelligence, and uses Israeli produced technology. Again, no mention of products shipping to either individual or governmental users being backdoored.
  If there are, as you said, 100's of stories, I'm sure you can do better than these two.
  
  still no reason to trust israeli companys.. when it comes to safe software packages
  Still bullshit FUD.
  Shachar
mod parent up! by Presto+Vivace · 2015-05-21 08:59 · Score: 3, Informative

Almost everyone involved in developing Tor was (or is) funded by the US government
Not foolproof by dmaul99 · 2015-05-21 10:20 · Score: 3, Insightful

Just remember: if somebody is interested in finding out what you are doing, and they have unlimited resources to do so, then you WILL get caught no matter how good you think your tools are, no matter how careful you think you are.
1. Re: Not foolproof by BaronAaron · 2015-05-21 15:16 · Score: 3, Insightful
  
  Luckily there is no such thing as infinite resources.
2. Re:Not foolproof by AmiMoJo · 2015-05-21 15:26 · Score: 1
  
  TOR worked pretty well for Snowden.
  It boils down to how interesting you are. Unless you are already on their radar and doing something extremely bad they probably won't even try, and certainly won't want to reveal their capabilities just to get at you.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:King Frosty The First Beats All! by Anonymous Coward · 2015-05-21 13:53 · Score: 0

TFA sez:

the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit

Can anyone confirm NSA / GCHQ and Chinese intelligence's ability to monitor Tor user's traffic, from entry to exit?
Are there any articles online which can substantiate that claim??
Appelbaum by Anonymous Coward · 2015-05-21 14:18 · Score: 0

Was hipster-rebel (but works for DOD) Jacob Appelbaum involved in this iteration.
Re:King Frosty The First Beats All! by MobSwatter · 2015-05-21 17:58 · Score: 2

I.T. is the field that is splitting hairs when it comes to privacy and security, if TOR beats the NSA someone gets fired or their budget cut, not really the folks one wants to scorn and the people know it. So innovation is dead there. I think the last statement in the "Lord of War" holds true, "Never go to war with yourself", kind of late now though a decade later ya think?
But then how will the Jew maintain power? by Anonymous Coward · 2015-05-21 20:14 · Score: 0

If people have access to ALL information, and ALL points of view, and ALL the facts, how will the eternal Jew maintain control over his 'cattle'?
www.nazigassings.com
Re:King Frosty The First Beats All! by ale2011 · 2015-05-21 21:00 · Score: 2

Can anyone confirm NSA / GCHQ and Chinese intelligence's ability to monitor Tor user's traffic, from entry to exit?
Are there any articles online which can substantiate that claim??
See e. g. How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID. That's NSA monitoring, based on Snowden disclosures. More references in the Astoria article.
I'd trust the NSA before the State of Israel by __aasehi2499 · 2015-05-22 00:36 · Score: 1

The State of Israel cannot be trusted where American citizen's freedom is concerned.
Wait... by Anonymous Coward · 2015-05-22 02:44 · Score: 0

Wasn't this the story when TOR came out in the first place?
Project shoots itself in the foot... by Em+Adespoton · 2015-05-22 04:39 · Score: 1

"Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority."
And this means that only people requiring high levels of security will use Astoria, which means that its use/download will be an immediate red flag.
The only way to make something like this actually useful is for the same software (possibly with multiple user configurations) to be used by everyone and their dog. As soon as you can profile based on the software, then the exact organizations that it is attempting to escape the notice of will know exactly where to look.
Mossad? by Anonymous Coward · 2015-05-26 10:15 · Score: 0

Conspicuously absent...