American and Israeli academics have created Astoria, a new Tor client designed to defeat the latest traffic analysis techniques used to surveil the network:
Astoria all-but decimates the number of vulnerable connections on the Tor network, bringing the figure from 58 per cent of total users to 5.8 per cent, the researchers claim. Astoria hopes to utilise a new relay-selection algorithm which would prevent the asymmetric connections which make traffic analysis possible.
Due to the large amounts of processing power needed to analyse the data passing through the Tor network, traffic analysis is only conceivable as a de-anonymising attack when it is launched by state actors, such as those in the Five Eyes surveillance alliance. Steven J. Murdoch, who along with George Danezis published a paper on the Low-Cost Traffic Analysis of Tor [PDF] back in 2005, told The Register that "Traffic-analysis is quite a sophisticated surveillance technique, but one which intelligence agencies have extensive experience in. With enough computation power, access to communication links and expertise, traffic analysis will be able to de-anonymize the user of any low-latency anonymous communication system, including Tor."
The new work by the researchers' explains how the traffic-analysis attacks may be implemented by any autonomous system (AS) that lies on both the path from the Tor client to the entry relay and the path from the exit relay to the destination. "Previous studies have demonstrated the potential for this type of attack and have proposed relay selection strategies to avoid common ASes (potential attackers) that may perform them. However, recent work has shown that these strategies perform poorly in practice," said the paper [PDF].
Observing that "vanilla" Tor will often select paths that may be subject to an adversary that exploits asymmetric network paths for the sake of analysis, the researchers have said that they "seek to design a relay selection algorithm to mitigate the opportunities for such attackers".
"We design our relay selection system, Astoria, based on the idea of stochastic relay selection. This works by having the Tor client generate a probability distribution that minimizes the chance of attack over all possible relay selection choices, and selecting an entry and exit-relay based on this distribution."
Astoria is not available for download... yet. Discussion at Hacker News.
(Score: 1, Insightful) by Anonymous Coward on Saturday May 23 2015, @07:44PM
From this link https://news.ycombinator.com/item?id=9585466 [ycombinator.com]
"From our evaluation of Astoria, it is clear that the performance-security trade-off is favorable only in its higher security configurations. [...] However, at lower security configurations, the performance offered by Tor is clearly better, and its security, only slightly worse. Therefore, Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority."
One of the things Tor attempted to do was to find a balance between usability (a smooth experience) and anonymity. The more you attempt to randomize packet sizes so they correlate little with the size of the plaintext packets that would be sent and so that a plaintext to cyphertext size pattern can't be easily discerned and the more you attempt to introduce random delays and to randomize the sequence that packets are received and correspondingly forwarded on to the next node (so that one packet received at a specific time maybe forwarded onto the next node after a packet received at a later time is forwarded) the less smooth the experience but the more difficult it is to use traffic analysis to determine who is responsible for what. Tor, at its inception, created a balance that resists packet inspection but still provides a reasonably smooth experience. This is a matter of choice. There is a spectra between usability/smoothness and traceability and compromises must be made.
So the question to ask here is does this offer extra security with less usability trade-offs than previously available?
(Score: 1, Insightful) by Anonymous Coward on Saturday May 23 2015, @11:37PM
Hacker News is known to be riddled with people who hold very questionable judgment.
I mean, these are people who think that Ruby and Rust are good programming languages.
These are people who think that NoSQL databases are good.
These are people who use the word "disingenuous" in complete seriousness.
If they're wrong about so many other things, how the heck am I to know that they aren't wrong in this case, too?
(Score: 2, Interesting) by MichaelDavidCrawford on Saturday May 23 2015, @08:07PM
there is an add-on that does searches like "terrorism", "explosives" and so on. That's helpful.
What I'm thinking of is a program - it doesn't have to be an add-on - that visits https websites. It could work as a crawler. It shouldn't go from link to link any faster than a human web surfer. It would need the same user-agent string as your real browser so maybe an add-on is better.
Yes I Have No Bananas. [gofundme.com]
(Score: 5, Interesting) by frojack on Saturday May 23 2015, @08:10PM
autonomous system (AS) that lies on both the path from the Tor client to the entry relay and the path from the exit relay to the destination.
The problem as I see it, that this is an almost impossible situation to avoid when accessing anything IN-COUNTRY.
So many governments have defacto control of the network in their country, or can compel access to any ISP's upstream connection, that they can manage to OWN both entry and exit relays in many cases, or at least be in a position to listen to traffic on both sides.
Many people suggest we need more TOR traffic for everyday use, to help hide the serious use of people who really do need TOR.
In light of this story, does this belief still hold true? Are we feeding the analysis engines more data to map routes such that we give them data to determine more than half of the origination-points in advance?
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday May 23 2015, @09:01PM
Do unicorns shit pots of gold?
(Score: 1, Informative) by Anonymous Coward on Saturday May 23 2015, @09:33PM
Do unicorns shit pots of gold?
Only if you feed them pleasant leprechauns (the rarest leprechaun of them all).
(Score: 2) by wantkitteh on Saturday May 23 2015, @09:02PM
The most important part anyone who *needs* to use Tor should already know is that it's only one part of any comprehensive anonymity protection suite. Just don't ask me what the other parts should be, headache right now.
(Score: -1, Troll) by Anonymous Coward on Sunday May 24 2015, @03:17PM
erm ... wouldn't we need to know how all big inter-nets (AS) interconnect FIRST in order to be able to evaluate "more secure"?
like interconnect virtually (ip-over-ip) and like real physical cable?
doesn't that change over time?