By Joseph Varghese/Staff Reporter
Researchers from the Qatar Computing Research Institute (QCRI) and Massachusetts Institute of Technology (MIT) have identified a vulnerability in the Tor network and have suggested solutions.
At the Usenix Security Symposium to be held from August 12-14 at Washington DC, they will present a paper showing that an adversary could infer a hidden server’s location, or the source of the information reaching a given Tor user, by analysing the traffic patterns of encrypted data passing through a single computer in the Tor network.
The same paper also proposes defences, which representatives of the Tor project say they are evaluating for possible inclusion in future versions of the Tor software.
The Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and to hide the locations of their servers.
An estimated 2.5mn people, including journalists, political activists and others who don’t want to share their browsing histories, use Tor daily.
“Anonymity is considered a big part of freedom of speech now,” says Albert Kwon, an MIT graduate student in electrical engineering and computer science and one of the paper’s first authors. “The Internet Engineering Task Force is trying to develop a human-rights standard for the Internet, and as part of their definition of freedom of expression, they include anonymity.”
Kwon devised an attack on the system with joint first author Mashael al-Sabah, an assistant professor of computer science at Qatar University and a researcher at QCRI, Srini Devadas, the Edwin Sibley Webster Professor in MIT’s Department of Electrical Engineering and Computer Science; David Lazar, another graduate student in electrical engineering and computer science; and QCRI’s Marc Dacier.
The researchers showed that by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 % accuracy, determine whether the circuit was an ordinary web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit.
By using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 % accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 % certainty, identify it as the service’s host.
“To defend against this type of attack, we recommend that they mask the sequences so that all the sequences look the same,” said al- Sabah. “You send dummy packets to make all five types of circuits look similar.”
“For a while, we’ve been aware that circuit fingerprinting is a big issue for hidden services,” says David Goulet, a developer with the Tor project.
