Tor developers have taken the wraps off the next generation of onion services.
The alpha release promises the biggest overhaul in the anonymizing network for the past 10 years. The opening section of the change log provides a good overview of the tweaks, some of which aim to address recently discovered security weaknesses in the protocol, such as the potential for rogue nodes to learn about the network.
With enough rogue nodes, an adversary could start to map paths and hence reduce anonymity. The update will make this sort of attack much harder if not impossible.
In other respects, the revamp is a comprehensive service rather than radical redesign.
"It's not a revolution, more an evolution," said Professor Alan Woodward, a computer scientist at the University of Surrey. "It has some interesting new features, mostly around client authentication and extensibility. The former is an interesting one in that it may help security of some Onion sites. The latter is rather like the curate's egg: good in parts."
Woodward expressed concerns that the greater extensibility built into the alpha release could result in increased complexity causing more mistakes that crack anonymity. Some of what Tor is doing appears to make it "simpler" to deploy hidden services. This might be compared to attempts at encouraging secure web server deployment by enabling security features by default.
Crypto improvements in the protocol offer extra resistance to replay attacks and similar attempts to corrupt connections. Key to this is a proposal to replace SHA1/DH/RSA1024 with SHA3/ed25519/curve25519. "[There were] concerns around the original public key systems so they have simply gone for the later, more trusted PKI," Woodward said.
In a blog post on Thursday, Tor's developers promise further innovations as part of an ambitious roadmap:
As the current code stabilizes further, we plan to add features like offline service keys, advanced client authorization, a control port interface, improved guard algorithms, secure naming systems, statistics, mixed-latency routing, blockchain support, AI logic and a VR interface (j/k about some of these). We are planning to take it slow, since there is lots to do and many bugs to squash.
One important issue is backward compatibility: new hidden services with old Tor browsers. It may be that users will be pushed towards the latest Tor browser by reduced or impaired functionality otherwise.
Professor Woodward concluded: "Under the hood the protocol has changed. There are improvements to prevent certain types of discovery. However, the current system goes back 10 years so it's not surprising in this game of whack a mole, the mole is evolving." ®