Whether you’re an activist working inside a repressive political regime or just don’t want anyone knowing which websites you’ve been visiting, you need a way to conceal your identity on the Internet. But in a new paper, computer scientists suggest there are “crucial weaknesses” in the world’s most popular system for maintaining Internet anonymity, Tor.
For the uninitiated, Tor might seem like a tool for malicious hackers, arms dealers, and perverts—and perhaps it is. But really it’s a way to conceal a computer’s Internet address, and in the process to protect the identity of the person using that computer. The problem is, if a computer doesn’t reveal its Internet address, nobody else can send it information—websites, downloads, whatever. It’s like asking someone to send you a letter, then refusing to tell them your mailing address.
Kwon and AlSabah could correctly distinguish different kinds of circuits 99 percent of the time.
The solution: onion routing. The core idea is that rather than send an Internet request to, say, psmag.com, the request is first buried in several layers of encryption, then routed through intermediate computers, called onion routers. Each router peels away one layer of encryption—hence “onion”—until they’re all gone, and the final router sends the now-unencrypted request to the target website, psmag.com.
Crucially, each router on the chain, or “circuit,” knows only which computer sent it the request and where to send it next, sort of like passing a note in class. Users can employ circuits to advertise services, make introductions, and set up virtual rendezvous for the purpose of exchanging information, goods, or services anonymously.
But, as computer scientists Albert Kwon, Mashael AlSabah, and colleagues observe, the Internet messages used to build circuits look different based on their purpose. Therein lies the problem: If a malicious hacker has access to special onion routers called entry guards—the ones that first take in requests and route through the Tor network—they’re in a position to see a lot of those messages; if hackers see enough messages, they can figure out where it’s going.
Specifically, attackers with control of a guard could examine the amount, direction, and timing of messages passing through that guard to identify introduction circuits and, as a result, the computers offering or soliciting particular services. Narrowing in on those computers, hackers could identify rendezvous circuits, at which point they know which computer is sending what where—for example, whose computer in Iran sent nuclear secrets to United States spies.
In tests, Kwon, AlSabah, and colleagues report they could correctly distinguish different kinds of circuits 99 percent of the time and identify which computer was hosting a particular concealed website nearly nine times in 10.
It remains to be seen whether the approach works in the real world, and the basic approach, known as website traffic fingerprinting, has its critics, including the Tor Project. But if such attacks work, there is at least an easy fix: Send lots of dummy traffic back and forth, obscuring each circuit’s—and therefore each computer’s—purpose and identity.
The researchers will present their work this August at the 24th Usenix Security Symposium.
Quick Studies is an award-winning series that sheds light on new research and discoveries that change the way we look at the world.