Silk Road forums
Discussion => Security => Topic started by: goblin on April 27, 2012, 08:01 pm
-
I want to address the issue that is foremost in the debates about security and privacy and anonymity. Just how secure is tor ***really***? I mean, mathematically I can surmise that it is the best we've got, but is it enough? With all these monster computers and algorhythms and spying machinery that the fucking government is ammasing against us, do we really stand a chance?
I don't want to sound like a wet blanket, but are our private days numbered?
-
There are easier and cheaper ways to achieve your goal than to attempt to break Tor.
-
I want to address the issue that is foremost in the debates about security and privacy and anonymity. Just how secure is tor ***really***? I mean, mathematically I can surmise that it is the best we've got, but is it enough? With all these monster computers and algorhythms and spying machinery that the fucking government is ammasing against us, do we really stand a chance?
I don't want to sound like a wet blanket, but are our private days numbered?
The primary attack to worry about with Tor is end point timing correlation. Regardless of the number of middle nodes, if the attacker can watch traffic enter the network and arrive at its destination, they can link the traffic, meaning they can determine that the IP they saw sending traffic sent it to the location they saw traffic arrive. Pretty much the only way around this is to add enough artificial delay to traffic at each hop, that a large amount of peoples traffic can be gathered at the hop and reordered prior to being sent out. This is called mixing, but it generally requires too much time delay to get a substantial enough crowd, and isn't adequate for surfing the internet in a real time manner, it is mostly used for E-mails on networks like mixmaster and mixminion.
The first step of being able to watch both ends of traffic is to determine the target servers IP address (ie: the server you want to know who is visiting). If it is on the clearnet this is trivial, and you can monitor for connections to this server from your exit node. Clients create circuits that use a different exit node usually once every ten minutes. This is not as trivial to do against hidden services, although if you own a hidden services entry node you can trivially determine this fact and its IP address by doing a timing correlation attack, hidden services select entry guards. Entry guards consist of three relays selected from the pool of relays with the guard flag, that all traffic enters the network through. Guard nodes change every thirty or sixty days, and a hidden service uses the same guards for every client connecting to it. A hidden services natural 'exposure' to 'exit' (really entry) points is thus much less than a website on the clearnet. If the attacker can not monitor traffic arriving to the hidden service, they can not do an end to end timing correlation attack (although this does ignore website fingerprinting attacks).
Unfortunately, it is not that hard to trace a hidden service to its entry guards. Hidden services create a new circuit for every rendezvous node a client requests it to connect to, and malicious clients can request hidden services to connect to thousands of different rendezvous points simultaneously. Although the hidden service always enters through its entry guards, its middle and "exit" node (really not an exit, but last node from the hidden service) are selected from the total pool of Tor nodes, and are newly selected for each circuit. A malicious client doing this can also operate as a relay itself, and the hidden service is likely to select it as a relay for some of its circuits. The malicious client/relay can then do timing attack and statistical analysis to trace the hidden service up to its entry guards. This attack can be carried out with a single node and traces to entry guards in a matter of minutes.
At this point the attacker has two options. It is worth pointing out that there are two types of attacker, active and passive. Active attackers attack the network by adding nodes to it, passive attackers attack the network by monitoring the connections between nodes. For an active attacker to trace a hidden service, they need to own one of its entry guards. After they identify the hidden services entry guards, they will want to DOS them, forcing the hidden service to either go down (if strict entry guards are set in torrc, they are not by default), or select new entry guards (default behavior). One way to do this is by flooding entry guards with fake create cells, which cost very little processing power to construct but a significant amount to process. This allows the attacker to exhaust the processing power of the entry guards, effectively DOSing them. If they can continue to do this to all selected entry guards simultaneously, eventually one of the newly selected entry guards will belong to the attacker and thus they can deanonymize the hidden service. This is the best currently known active attack for tracing hidden services, and it isn't that expensive.
A passive attacker who traces to the entry guards can order the ISP of the entry guard, or other infrastructure (IX, AS) to put a trap and trace on the entry guard, this will allow them to deanonymize the hidden service without owning the entry guard, just being able to see all connections to and from it.
Once the hidden service is located, the attacker will monitor connections to and from it, this will give them one half of an end point timing correlation attack. Now your anonymity depends on the attacker not owning one of your entry guards, or being able to passively monitor you. Thankfully, it is significantly harder to speed up a clients entry guard rotation, so it will likely turn into a waiting game at this point, every 1-2 months you will select new entry guards and depending on how many entry guards the attacker owns there is a certain probability chance of them owning one of yours and being able to determine that you communicate with the hidden service they have traced. They will likely be able to deanonymize a small portion of the users every month to two month period, but Tor does a good job of preventing them from deanonymizing 100% of the users, at least unless they wait for quite a while, probably at least a year unless they have a large % of the total entry guards.
-
Ditto^
-
kmfkewm many many thanks for that info.
-
kmfkewm, I'm sure you know what you're talking about, but for the life of me, I sure don't!
Th-th, Th-th, Th-th, -that's all, folks!
-
Excellent post, kmfkewm. Answered a lot of the questions I have about timing attacks. Thank you.
-
If CISPA passes the senate, and the president approves it into law then TOR will become obsolete.
The government will have access to any data that any corporation has, without a search warrant, for any purpose and can use it to accomplish any means. As well as corporations can record and save ANY data they desire.
If CISPA passes I highly recommend that people cease using TOR conventionally. I haven't finished reading the CISPA legislature but it is the patriot act on crack.
-
If CISPA passes the senate, and the president approves it into law then TOR will become obsolete.
The government will have access to any data that any corporation has, without a search warrant, for any purpose and can use it to accomplish any means. As well as corporations can record and save ANY data they desire.
If CISPA passes I highly recommend that people cease using TOR conventionally. I haven't finished reading the CISPA legislature but it is the patriot act on crack.
There are still several ways to stay safe though, you can always use a vpn paired up with tor on a virtual machine. Always making sure you keep everything on an encrypted external drive and hiding it, only bringing it out when needed. It would cost LE a good amount of time and resources to crack all of this security and you always have to ask yourself, would it even be worth it? If all buyers, small and big, had a security setup like this it would just slow down or even deter LE from going out and attacking SR users.
-
Thanks, kmfkewm; that makes a lot more sense than anything else I've read on the subject. If that wasn't copied and pasted out of wikipedia, it should be copied and pasted in. :)
-
If CISPA passes the senate, and the president approves it into law then TOR will become obsolete.
The government will have access to any data that any corporation has, without a search warrant, for any purpose and can use it to accomplish any means. As well as corporations can record and save ANY data they desire.
If CISPA passes I highly recommend that people cease using TOR conventionally. I haven't finished reading the CISPA legislature but it is the patriot act on crack.
The way I understand it is that corporations are not required to share information with the government- only that they are allowed to. But of course, corporations would be granted full immunity from prosecution for invasion of privacy in return for this cooperation.
Oh, and what's this? The bill allows corporations to share information not only with government, but with other corporations (marketing partners) too. How very telling. No surprise that corporations depending on advertising revenue are in vociferous support of the bill. After all, it was custom written to prop up the very business models that have made so many corporations impossibly successful.
CISPA, in a nutshell, grants corporations the authority to do what the government itself cannot do without pesky little obstacles like probable cause, due process, and having to obtain a warrant (even retroactively): to spy, unfettered by any restriction, on absolutely everything we do, as long as there is threat of a "cybercrime".
Threats, real or imagined, are shared with the federal government. The rest of the information is channeled to wherever it will generate the most profit. What a win-win situation for everyone except we the people! Corporate personhood takes on a whole new dimension.
It's a corporation's world, baby. We just live in it.
I'm fucking depressed now.