Researchers at the Massachusetts Institute of Technology and the Qatar Computing Research Institute (QCRI) have demonstrated a vulnerability in Tor's design they plan to discuss next month at the Usenix Security Symposium in Washington, D.C.
The researchers found an adversary could infer a hidden server's location by analyzing the traffic patterns of encrypted data passing through a single computer in the all-volunteer Tor network.
Tor's routing scheme features successive layers of encryption known as onion routing, and its routers can be used as "introduction points" without revealing their location, or "rendezvous points" that enable a host to identify another router in the Tor network and build a second circuit through it. The researchers devised an attack on this system in which an adversary's computer served as the guard on a Tor circuit. Because guards are selected at random, if an adversary connected enough computers to the Tor network, the odds are high that at least some of them would be well-positioned to snoop.
The researchers showed that by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99-percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit.
QCRI's Mashael AlSabah says such attacks could be thwarted by masking sequences so all appear the same.
From MIT News
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA