General    Economic    Society    Sci-Tech    World    Sports    Art & Culture    Iran    Nuclear  
  Latest News:  
   Latest News  
  Folklore rituals of Nowruz Eve in Gilan Province of Iran
  Iran’s Amir-abdollahian meets with Syrian amb. To Tehran
  FM Zarif condemns US, E3 hypocrisy in Middle East
  Pres. Rouhani greets Merkel, wishes for stronger ties
  Iran, China to hold joint symposium on nanomedicine
  Germany reiterates support for JCPOA
  Violation of JCPOA “regrettable”: Official
  Turkey says radioactive haul seized in Ankara
  Pres. Rouhani greets Russian Pres. Putin’s re-election
  Belt, Road Initiative and China-Iran cooperation
- Text size: + -  Number: 22150صفحه نخست » Short NewsThu, 30th Jul 2015 - 16:03
Researchers Break Tor Anonymity Without Cracking Encryption
A new proof of concept from researchers at MIT demonstrates what may be the simplest way yet to find out what people are accessing through Tor.

The Tor network has millions of daily users who rely on it for anonymous access to resources on the open internet and within Tor itself. There have been various attacks on the anonymous aspect of Tor over the years, but a new proof of concept from researchers at MIT demonstrates what may be the simplest way yet to find out what people are accessing through Tor. Luckily, there’s also a fix Tor’s operators can implement, Extremetech reported.

Tor was originally an acronym for “the onion router,” which is an accurate description of how it’s structured. It offers anonymous access to online resources by passing user requests through multiple layers of encrypted connections. It all starts at the entry node, sometimes called the guard. That’s the only system that knows your real IP address, but the next node in the chain only knows the IP of the entry node, the next only knows the previous node’s address, and so on until you reach the destination.

This scheme prevents anyone from knowing who is accessing what websites via Tor, and security is even stronger when it comes to hidden services that are hosted entirely within Tor. The now-defunct Silk Road and similar sites are examples of Tor hidden services. Breaking the encryption to unmask users of Tor is complicated and can’t be done reliably right now, but the MIT technique doesn’t require compromising encryption. Instead, it’s a very clever form of traffic fingerprinting.

Researchers Break Tor Anonymity Without Cracking Encryption

The attack targets the previously mentioned entry nodes, as have several attacks in the past. Basically, the attacker sets up a computer on the Tor network as an entry node and waits for people to send requests through it. When a connection is established over Tor, a lot of data is sent back and forth. MIT researchers used machine learning algorithms to monitor that data and count the packets. Using only this metric, the system can determine with 99% accuracy what kind of resource the user is accessing (i.e. the open web, a hidden service, and so on).

Simply knowing what sort of connection a user is making isn’t particularly useful, but the algorithms can do a lot more with the traffic data. Traffic fingerprinting can be used to determine which hidden services a user is accessing with 88% accuracy based solely on the pattern of packets sent. Keep in mind, the encryption is still uncompromised in this scenario.

This is only possible because the attacker is running the entry node the victim is connected to. However, the entry node is selected randomly for each session. The attacker would need to run a lot of guard nodes to identify a significant number of connections and it would be very hard to target a specific user.

The fix for this attack is actually pretty simple. The Tor network needs to start sending dummy packets that make all requests look the same. If there’s no discernible pattern to the data, the destination can’t be determined. Tor developers have acknowledged the issue and are considering ways to implement a fix.

Source: Farsnews
Keywords: researchers - break - anonymity - without - cracking - encryption

Your comment:
  Security code:
   Popular News  
  Zarif warns US against 'painful mistake' of pulling out JCPOA
  Iran warns US against ‘foolish’ moves against Syria
  Omani FM arrives in Tehran
  Iran’s Traditional customs in Ardebil and Urmia
  Iran will leave JCPOA if US withdraws it: Iranian deputy FM
  Nissan to resume its activities in Iran
  French Total to apply for waiver if US withdraws from JCPOA
  New American-Russian conflict: A confrontation beyond Cold War
  ‘Forouzan’ to vie at Melbourne indie filmfest.
  Iraqi Security Council approves Baghdad-Tehran intel. MoU
© 2015
Powered By: خبرافزار