Skip to content

81% of Tor users can be de-anonymised by analysing router information, research indicates

16/11/2014

http://thestack.com/chakravarty-tor-traffic-analysis-141114

Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be ‘de-anonymised’ – their originating IP addresses revealed – by exploiting the ‘Netflow’ technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers.

Professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi, has co-published a series of papers over the last six years outlining the attack vector, and claims a 100% ‘decloaking’ success rate under laboratory conditions, and 81.4% in the actual wilds of the Tor network.

Chakravarty’s technique [PDF] involves introducing disturbances in the highly-regulated environs of Onion Router protocols using a modified public Tor server running on Linux – hosted at the time at Columbia University. His work on large-scale traffic analysis attacks in the Tor environment has convinced him that a well-resourced organisation could achieve an extremely high capacity to de-anonymise Tor traffic on an ad hoc basis – but also that one would not necessarily need the resources of a nation state to do so, stating that a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits.

Chakravarty says: “…it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods […] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection,”

Take Home Message

* TOR is being targeted by state actors.

*You really should be using a VPN, even if you don’t know why… a VPN is as critical as your Internet Connection.

*Combine several privacy tools… the EU actively supports PETS (Privacy Enhancing Technology) – use as many as you can – start with your search engine, for this use http://www.startpage.com.

*Look for military grade encryption from your VPN.

Check out IVPN – EFF members
www.ivpn.net

****

Which is the safest VPN on the market? Who do I use for a VPN?

https://uwnthesis.wordpress.com/2013/05/17/which-is-the-safest-vpn-on-the-market-which-vpn-cares-most-for-your-privacy/

Research

On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records

https://mice.cs.columbia.edu/getTechreport.php?techreportID=1545&format=pdf&

 

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: