Tor users can be de-anonymised by analysing router information

Sat Nov 15 18:40:09 PST 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

In addition to Chakravarty's PhD thesis (recommended by Mirimir), I
also humbly (and perhaps somewhat selfishly, too) provide, for the
record, my recent comments which suggest that both user choice and
warnings are appropos:

https://github.com/OpenBazaar/OpenBazaar/issues/866#issuecomment-62577905

https://forum.unsystem.net/t/interoperability-and-trans-identical-identity-decentralization-proposals-thoughts-for-review/333/18

#torgate

Respect,

- -O


Mirimir:
> On 11/15/2014 06:04 AM, Snehan Kekre wrote:
>> Research undertaken between 2008 and 2014 suggests that more than
>> 81% of Tor clients can be ‘de-anonymised’ – their originating IP
>> addresses revealed – by exploiting the ‘Netflow’ 
>> <http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html>
>> technology that Cisco has built into its router protocols, and
>> similar traffic analysis software running by default in the
>> hardware of other manufacturers.
>> 
>> Professor Sambuddho Chakravarty 
>> <https://sites.google.com/site/sambuddhochakravarty/>, a former
>> researcher at Columbia University’s Network Security Lab
>> <http://nsl.cs.columbia.edu/> and now researching Network
>> Anonymity and Privacy at the Indraprastha Institute of 
>> Information Technology in Delhi, has co-published a series of
>> papers over the last six years outlining the attack vector, and
>> claims a 100% ‘decloaking’ success rate under laboratory
>> conditions, and 81.4% in the actual wilds of the Tor network.
>> 
>> Chakravarty’s technique 
>> <https://mice.cs.columbia.edu/getTechreport.php?techreportID=1545&format=pdf&>
>> [PDF] involves introducing disturbances in the highly-regulated
>> environs of Onion Router protocols using a modified public Tor
>> server running on Linux - hosted at the time at Columbia
>> University. His work on large-scale traffic analysis attacks in
>> the Tor environment has convinced him that a well-resourced 
>> organisation could achieve an extremely high capacity to
>> de-anonymise Tor traffic on an ad hoc basis – but also that one
>> would not necessarily need the resources of a nation state to do
>> so, stating that a single AS (Autonomous System) could monitor
>> more than 39% of randomly-generated Tor circuits.
>> 
>> Chakravarty says: /“…it is not even essential to be a global
>> adversary to launch such traffic analysis attacks. A powerful,
>> yet non- global adversary could use traffic analysis methods […]
>> to determine the various relays participating in a Tor circuit
>> and directly monitor the traffic entering the entry node of the 
>> victim connection,”/
>> 
>> The technique depends on injecting a repeating traffic pattern –
>> such as HTML files, the same kind of traffic of which most Tor
>> browsing consists – into the TCP connection that it sees
>> originating in the target exit node, and then comparing the
>> server’s exit traffic for the Tor clients, as derived from the 
>> router’s flow records, to facilitate client identification.
>> 
>> Tor is susceptible to this kind of traffic analysis because it
>> was designed for low-latency. Chakravarty explains: /“//To
>> achieve acceptable quality of service, [Tor attempts] to preserve
>> packet interarrival characteristics, such as inter-packet delay.
>> Consequently, a powerful adversary can mount traffic analysis
>> attacks by observing similar traffic patterns at various points
>> of the network, linking together otherwise unrelated network
>> connections.”/
>> 
>> The online section of the research involved identifying ‘victim’
>> clients in Planetlab <https://www.planet-lab.org/> locations in
>> Texas, Belgium and Greece, and exercised a variety of techniques
>> and configurations, some involving control of entry and exit
>> nodes, and others which achieved considerable success by only 
>> controlling one end or the other.
>> 
>> Traffic analysis of this kind does not involve the enormous
>> expense and infrastructural effort that the NSA put into their
>> FoxAcid Tor redirects 
>> <http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity>,
>>  but it benefits from running one or more high-bandwidth,
>> high-performance, high-uptime Tor relays.
>> 
>> The forensic interest 
>> <https://www.cryptocoinsnews.com/how-fbi-illegally-hacked-silk-road-servers-find-alleged-pirate-ross-ulbricht/>
>> in quite how international cybercrime initiative ‘Operation
>> Onymous’ defied Tor’s obfuscating protocols to expose 
>> <http://thestack.com/operation-onymous-seize-hundreds-underground-drug-weapons-cybermarkets-071114>
>> hundreds of ‘dark net’ sites, including infamous online drug
>> warehouse Silk Road 2.0, has led many to conclude that the core
>> approach to deanonymisation of Tor clients depends upon becoming
>> a ‘relay of choice’ – and a default resource when Tor-directed
>> DDOS attacks put ‘amateur’ servers out of service 
>> <http://www.coindesk.com/silk-road-2-0-shrugs-sophisticated-ddos-attack/>.
>
>> 
> I also recommend his PhD thesis:
> 
> Sambuddho Chakravarty (2014) Traffic Analysis Attacks and Defenses
> in Low Latency Anonymous Communication 
> http://www.cs.columbia.edu/~angelos/Papers/theses/sambuddho_thesis.pdf
>
> 
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUaA6IAAoJEGxwq/inSG8C+3oH/RW79GQk1WoP1SRybhHvXTyL
iezN+QieOaN+bm6cNMn2QQ/Vi8ubPNuJUb+lmQUjE43CR0b6Sly4H6lFw1+03izK
jpDDj+sSpMLcKKg7A5G6HIGQ5Z/ZS6gClg3SRsPG67DU2bDq5qcf3q9uefWm+xTG
MrweLk8G/9QwTqVUR0DvOv38uH8ExuZxtSAvBpYshcCiOATqG0RqcfAewwrmSFcA
DWzFuXH+xcRPY1+4KnOel6n4v1Fg1yLQRLOjAsngXXdZY8hJJ+rXSmiydLTt/wMX
AastnRjcXjSsQuWvzxpsSQ+0H7a3n4aAhDDfUBf88MrK5Nx5ay/cXchaSpFNBRc=
=jmGI
-----END PGP SIGNATURE-----