Attacking and Defending the Tor Network

BOSTON–The Tor Project has become a vital mechanism for privacy advocates, human rights activists, journalists and others in sensitive positions to evade online censorship and persecution. And while the governments interested in limiting user access to the Internet and controlling content have had some recent success in preventing the use of the anonymity network, Tor members have been working on new methods for circumventing those restrictions.

TorBOSTON–The Tor Project has become a vital mechanism for privacy advocates, human rights activists, journalists and others in sensitive positions to evade online censorship and persecution. And while the governments interested in limiting user access to the Internet and controlling content have had some recent success in preventing the use of the anonymity network, Tor members have been working on new methods for circumventing those restrictions.

In a talk at the USENIX LEET workshop here Tuesday, Nick Mathewson of the Tor Project discussed the group’s recent challenges in responding to suppression efforts by governments in Egypt, China and elsewhere. What the Tor members have learned in these recent incidents is that while governments are becoming more up front about their willingness to shut off Internet access altogether or censor content, users are also becoming more resourceful.
However, while Tor offers users a high level of anonymity and privacy when used correctly, there are a number of ways that its protections can be circumvented both intentionally and unintentionally.

“It’s hard to get people not to use things incorrectly,” Mathewson said. “There are lots of applications that can trivially circumvent the proxy settings.”

Mathewson said that the group is working on methods for alleviating the problems that national-level restrictions cause for Tor users. One method involves moving to a modular transport method in order to get around some of the throttling that ISPs perform on encrypted traffic in order to make Tor usage more difficult.

Tor is designed as a series of nodes around the world that enables users to route their Internet traffic through random hops on the way to its ultimate destination as a way of protecting privacy. But, as Mathewson and other speakers at the workshop pointed out, this method is not foolproof and can be weakened in a number of ways. Traffic from Tor users to nodes on the Tor network and between nodes is encrypted. However the traffic between the Tor exit node and the terminus point of the user’s request is in the clear.

Researchers and attackers and have devised ways in the past to attack the network, often through traffic analysis of one type or another or by attacking an exit node. In a separate talk at LEET, Stevens LeBlond of INRIA in France presented research on methods for tracing Tor users back to their IP address. One of the attacks, which LeBlond and his co-authors titled “Bad Apple,” used an exit node that the researchers controlled in order to trace the streams of data sent by users of BitTorrent over Tor back to their IP addresses.

“P2P apps on Tor kill privacy and a significant amount of Tor traffic can be traced with application level attacks,” LeBlond said. Mathewson acknowledged in his talk earlier in the day that there are well-known issues with using BitTorrent and other P2P applications over Tor.

Mathewson stressed that although Tor members constantly are working on improvements for the service and new methods for helping users, it’s a difficult process.

“We can’t solve Internet security on our own with ten people,” he said.

Suggested articles