A paper from researchers at Georgetown University and the US Naval Research Laboratory (USNRL) has revealed that users of Tor – the privacy-protecting browser service which has seen its popularity jump in the wake of the recent Prism revelations – may be “far more susceptible to compromise” than originally thought.
One of the researchers, Chris Wacek, told The Irish Times that while some of the "attack methods" they profile in the paper have been "known for a long time", his team's work looked into "a more advanced model for that sort of attack and we looked into metrics on how that attack may affect real users".
The paper reveals a “framework”, Mr Wacek said, where 50 per cent of regular Tor users can see their anonymity compromised “within three months” of regular use of the service, while 80 per cent of users would be likely to be identified after six months if their activity was analysed.
“We observe that use of BitTorrent is particularly unsafe,” the report added, “and we show that long-lived ports bear a large security cost for their performance needs.”
Tor user numbers doubled to 1.2 million people in August, though many security analysts are putting the 50 per cent bump down to the results of a botnet attack.
On adversaries who seek to compromise the anonymity of Tor users, Wacek said "first there's a 'relay adversary', which is essentially where someone is trying to 'deanonymise' people by participating in the Tor network". These attackers correlate people's traffic "using statistical methodologies on both ends of the Tor network – if you can see both ends".
Second adversary
A second type of adversary – "be it an ISP or nation state or someone who operates a large chunk of networks" – is the greater danger as they may be able to "observe the traffic on either side without actually participating in the Tor protocol".
Mr Wacek said he and his colleagues worked with Tor throughout their research. “It’s an area of concern for [Tor] and they’ve looked at some mitigation – ways they change the protocol to reduce the likelihood of this happening.”
The research paper entitled Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries" included contributions from Paul Syverson who collaborated with Roger Dingledine and Nick Mathewson to develop Tor itself in 2002. Its findings won't be presented publicly until November's Conference on Computer and Communications Security (CCS) in Berlin, but they appeared online this week on the personal homepage of another researcher on the project, Aaron Johnson.