Attack reveals 81 percent of Tor users but admins call for calm

Cisco Netflow a handy tool for cheapskate attackers


The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco's NetFlow tool.

A research effort led by professor Sambuddah Chakravarty from the Indraprastha Institute of Information Technology in Delhi found that well-resourced attackers such as a nation-state could effectively reveal Tor users' identity with a false-positive rate of six percent, while an autonomous system could reveal about 39 percent of users.

Chakravarty's research, run on a high performance research server within the University, worked in part due to the low-latency design of Tor.

"To achieve acceptable quality of service, [Tor] systems attempt to preserve packet interarrival characteristics, such as inter-packet delay," Chakravarty wrote in the paper On the Effectiveness of Traffic Analysis Against Anonymity Networks using Flow Records.

"Consequently, a powerful adversary can mount traffic analysis attacks by observing similar traffic patterns at various points of the network, linking together otherwise unrelated network connections.

"Although the capacity of current networks makes packet-level monitoring at such a scale quite challenging, adversaries could potentially use less accurate but readily available traffic monitoring functionality, such as Cisco's NetFlow, to mount large-scale traffic analysis attacks."

The active traffic analysis method was based on creating and monitoring 'deliberate perturbances' on server side user traffic and observing output on the client side through statistical correlation.

A team of five tested the technique with a public Tor relay serving hundreds of users.

"Our method revealed the actual sources of anonymous traffic with 100 percent accuracy for the in-lab tests, and achieved an overall accuracy of about 81.4 percent for the real-world experiments, with an average false positive rate of 6.4 percent.

Tor Project leader Roger Dingledine described the research, first discussed at the Passive and Active Measurement Conference in March, as valuable but pointed out the traffic correlation attacks were not a new area of research.

"The discussion of false positives is key to this new paper too: Sambuddho's paper mentions a false positive rate of six percent ... It's easy to see how at scale, this 'base rate fallacy' problem could make the attack effectively useless," Dingledine said in a post.

"I should also emphasize that whether this attack can be performed at all has to do with how much of the internet the adversary is able to measure or control.

Dingledine added "... it's great to see more research on traffic confirmation attacks, but traffic confirmation attacks are not a new area so don't freak out without actually reading the papers, and this particular one, while kind of neat, doesn't supersede all the previous papers."

Chakravarty worked along with Marco V. Barbera; Georgios Portokalidis; Michalis Polychronakis, and Angelos D. Keromy from universities Sapienza and Columbia, and the Stevens Institute of Technology. ®

Similar topics


Other stories you might like

  • It's primed and full of fuel, the James Webb Space Telescope is ready to be packed up prior to launch

    Fingers crossed the telescope will finally take to space on 22 December

    Engineers have finished pumping the James Webb Space Telescope with fuel, and are now preparing to carefully place the folded instrument inside the top of a rocket, expected to blast off later this month.

    “Propellant tanks were filled separately with 79.5 [liters] of dinitrogen tetroxide oxidiser and 159 [liters of] hydrazine,” the European Space Agency confirmed on Monday. “Oxidiser improves the burn efficiency of the hydrazine fuel.” The fuelling process took ten days and finished on 3 December.

    All eyes are on the JWST as it enters the last leg of its journey to space; astronomers have been waiting for this moment since development for the world’s largest space telescope began in 1996.

    Continue reading
  • China to upgrade mainstream RISC-V chips every six months

    Home-baked silicon is the way forward

    China is gut punching Moore's Law and the roughly one-year cadence for major chip releases adopted by the Intel, AMD, Nvidia and others.

    The government-backed Chinese Academy of Sciences, which is developing open-source RISC-V performance processor, says it will release major design upgrades every six months. CAS is hoping that the accelerated release of chip designs will build up momentum and support for its open-source project.

    RISC-V is based on an open-source instruction architecture, and is royalty free, meaning companies can adopt designs without paying licensing fees.

    Continue reading
  • The SEC is investigating whistleblower claims that Tesla was reckless as its solar panels go up in smoke

    Tens of thousands of homeowners and hundreds of businesses were at risk, lawsuit claims

    The Securities and Exchange Commission has launched an investigation into whether Tesla failed to tell investors and customers about the fire risks of its faulty solar panels.

    Whistleblower and ex-employee, Steven Henkes, accused the company of flouting safety issues in a complaint with the SEC in 2019. He filed a freedom of information request to regulators and asked to see records relating to the case in September, earlier this year. An SEC official declined to hand over documents, and confirmed its probe into the company is still in progress.

    “We have confirmed with Division of Enforcement staff that the investigation from which you seek records is still active and ongoing," a letter from the SEC said in a reply to Henkes’ request, according to Reuters. Active SEC complaints and investigations are typically confidential. “The SEC does not comment on the existence or nonexistence of a possible investigation,” a spokesperson from the regulatory agency told The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2021