[guardian-dev] 81% of Tor users can be de-anonymised by analysing router information, research indicates
Josh Steiner
josh at vitriolix.com
Fri Nov 14 15:56:45 EST 2014
Interesting rebuttal:
https://news.ycombinator.com/item?id=8608941
This is an easier version of a traffic analysis attack, an attack that
Tor expressly does not attempt to provide a strong defense against.
It relies on a malicious server and entry node. The contribution of
this paper is that if you have the malicious server and entry node,
you can use a less expensive data source (Cisco NetFlow data) rather
than raw packets to perform a correlation attack.
The correlation they achieve in a private Tor network is impressive;
however, if you look at the graphs in the actual paper[0], you can see
that the differences in correlations are actually quite small in the
wild.
The title of this post and article is actually incorrect; the
technique demonstrated has an 81.4% accuracy. This means that the base
rate fallacy will make it nearly unusable in practice, and more so as
the scale of Tor traffic grows. For more on the Base Rate Fallacy, see
[1].
So in summary:
* This is an incremental improvement of an already existing and known
attack pattern on low-latency anonymity systems
* The technique presented in this paper is only a threat if your
threat model is an adversary that can control your entry guard and the
server you are trying to communicate with, but does not have the
budget for packet-level correlation attacks
* This technique does not achieve sufficiently high accuracy and
sufficiently low false positives to reliably identify arbitrary Tor
users, but might be more successful if used in combination with a
prior hypothesis that, say, a specific NSA employee is communicating
with GlobalLeaks.
[0] https://mice.cs.columbia.edu/getTechreport.php?techreportID=...
[1] http://archives.seul.org/or/dev/Sep-2008/msg00016.html
On Fri, Nov 14, 2014 at 12:25 PM, Josh Steiner <josh at vitriolix.com> wrote:
> Well this certainly is a scary headline, anyone in the know have any
> comment or seen any good responses yet?
>
> http://thestack.com/chakravarty-tor-traffic-analysis-141114
>
> Research undertaken between 2008 and 2014 suggests that more than 81%
> of Tor clients can be ‘de-anonymised’ – their originating IP addresses
> revealed – by exploiting the ‘Netflow’ technology that Cisco has built
> into its router protocols, and similar traffic analysis software
> running by default in the hardware of other manufacturers.
>
> Professor Sambuddho Chakravarty, a former researcher at Columbia
> University’s Network Security Lab and now researching Network
> Anonymity and Privacy at the Indraprastha Institute of Information
> Technology in Delhi, has co-published a series of papers over the last
> six years outlining the attack vector, and claims a 100% ‘decloaking’
> success rate under laboratory conditions, and 81.4% in the actual
> wilds of the Tor network.
>
> Chakravarty’s technique [PDF] involves introducing disturbances in the
> highly-regulated environs of Onion Router protocols using a modified
> public Tor server running on Linux - hosted at the time at Columbia
> University. His work on large-scale traffic analysis attacks in the
> Tor environment has convinced him that a well-resourced organisation
> could achieve an extremely high capacity to de-anonymise Tor traffic
> on an ad hoc basis – but also that one would not necessarily need the
> resources of a nation state to do so, stating that a single AS
> (Autonomous System) could monitor more than 39% of randomly-generated
> Tor circuits.
>
> ...
More information about the Guardian-dev
mailing list