InCiDeR takes a closer look at Tor (anonymity network)

[InCiDeR]

Tor (anonymity network)

Tor (short for The onion router) is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages and other communication forms", back to the user and is intended to protect users' personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored.

"Onion routing" refers to the layered nature of the encryption service: The original data are encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination. This reduces the possibility of the original data being unscrambled or understood in transit.

The Tor client is free software and use of the Tor network is free of charge.


History

An alpha version of the software, with the onion routing network "functional and deployed", was announced on 20 September 2002. Roger Dingledine, Nick Mathewson and Paul Syverson presented "Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium on 13 August 2004. Though the name Tor originated as an acronym of The Onion Routing project, the current project no longer considers the name to be an acronym, and therefore does not use capital letters.

Originally sponsored by the US Naval Research Laboratory.
http://en.wikipedia.org/wiki/United_...rch_Laboratory

Tor was financially supported by the Electronic Frontier Foundation from 2004 to 2005.
https://www.eff.org/

http://en.wikipedia.org/wiki/Electro...ier_Foundation

Tor software is now developed by the Tor Project, which has been a 501(c)(3)
http://en.wikipedia.org/wiki/501(c)(....28c.29.283.29
research/education nonprofit organization based in the United States of America since December 2006 and receives a diverse base of financial support.

In March 2011 The Tor Project was awarded the Free Software Foundation's 2010 Award for Projects of Social Benefit on the following grounds: "Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network has proved pivotal in dissident movements in both Iran and more recently Egypt."


Weaknesses

Like all current low latency anonymity networks, Tor cannot and does not attempt to protect against monitoring of traffic at the boundaries of the Tor network, i.e., the traffic entering and exiting the network. While Tor does provide protection against traffic analysis, it cannot prevent traffic confirmation (also called end-to-end correlation).

Steven J. Murdoch and George Danezis from University of Cambridge presented an article at the 2005 IEEE Symposium on security and privacy on traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams. These techniques greatly reduce the anonymity provided by Tor. Murdoch and Danezis have also shown that otherwise unrelated streams can be linked back to the same initiator. However, this attack fails to reveal the identity of the original user. Murdoch has been working with—and has been funded by—Tor since 2006.

Steven J. Murdoch
http://en.wikipedia.org/wiki/Steven_Murdoch
Low-Cost Traffic Analysis of Tor
Steven J. Murdoch and George Danezis
University of Cambridge, Computer Laboratory,
http://www.cl.cam.ac.uk/~sjm217/pape...and05torta.pdf

In March 2011, researchers with the Rocquencourt, France based National Institute for Research in Computer Science and Control (Institut national de recherche en informatique et en automatique, INRIA) have documented an attack that is capable of revealing the IP addresses of BitTorrent users on the Tor network. The "bad apple attack" exploits Tor's design and takes advantage of insecure application use to associate the simultaneous use of a secure application with the IP address of the Tor user in question. One method of attack depends on control of an exit node or hijacking tracker responses, while a secondary attack method is based in part on the statistical exploitation of distributed hash table tracking. According to the study:

This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor’s design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. We call the second part of this attack the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' We use this wording to illustrate that one insecure application on Tor may allow to trace other applications.)

The results presented in the bad apple attack research paper are based on an actual attack in the wild launched against the Tor network by the authors of the study. The attack targeted six exit nodes, lasted for 23 days, and revealed a total of 10,000 IP addresses of active Tor users. This study is particularly significant because it is the first documented attack designed to target P2P file sharing applications on Tor. BitTorrent may generate as much as 40% of all traffic on Tor, which means a significant number of Tor users are potentially at risk. Furthermore, the bad apple attack is effective against insecure use of any application over Tor, not just BitTorrent.

In September 2007, Dan Egerstad, a Swedish security consultant, revealed that he had intercepted usernames and passwords for a large number of email accounts by operating and monitoring Tor exit nodes. As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption such as TLS. While this may or may not inherently violate the anonymity of the source if users mistake Tor's anonymity for end-to-end encryption they may be subject to additional risk of data interception by self-selected third parties. (The operator of any network carrying unencrypted traffic, such as the operator of a wi-fi hotspot or corporate network, has the same ability to intercept traffic as a Tor exit operator. End-to-end encrypted connections should be used if such interception is a concern.) Even without end-to-end encryption, Tor provides confidentiality against these local observers which may be more likely to have interest in the traffic of users on their network than arbitrary Tor exit operators.

Nonetheless, Tor and the alternative network system JonDonym (Java Anon Proxy, JAP) are considered more resilient than alternatives such as VPNs. Where a local observer on an ISP or WLAN to attempt to analyze the size and timing of the encrypted data stream going through the VPN, Tor or JonDo system, the latter two would be harder to analyze, as demonstrated by a 2009 study.

Researchers from INRIA showed that Tor dissimulation technique in Bittorrent can be bypassed.

In October 2011, a research team from the French engineering school Esiea claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them and then acquiring their encryption keys and algorithm seeds. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used both Denial-of-service attack and packet spinning methods. No technical analysis has been made available yet for the public or the Tor developers to analyze. Eric Filiol and his team intend to release this information at the upcoming PacSec and Hackers to Hackers conferences. A response to this claim has been published on the official Tor Blog stating that these rumours of Tor's compromise are greatly exaggerated.

***

Read more and main source:
http://en.wikipedia.org/wiki/Tor_(anonymity_network)

***

CONSIDER:
1. Who is behind the software?
2. Who is sponsoring it?
3. The best way to make people believe they are safe is to write a firewall-software which has a hidden lowlevel "backdoor" in the code that only the inventor/government/TPB/TPTA/hierarchy has access to or know exists...

NEXT
Looking at the people behind Tor...

Similar Threads:

• The Venus Transit is Getting Closer
• Asteriod 2005 YU55 Will Pass Closer To Earth Than Moon On Nov. 8, 2011
• A Closer look at Dr Steven Greer
• Every year they get closer and they know I'm filming them': UFO fan
• Beware !Closer look Benjamin Fulfort !

[Dragonfly]

Good Work InCiDer. Thumbs up and Shalom!

[lightblue]

i had no idea..only heard of it here...so, thank you for putting that together.. l

.