MIT Researchers Break TOR Anonymity Without Cracking Encryption
The fact that Tor is used by millions of users, trying to protect their privacy, on daily basis is not a news. In past years there have been multiple attempts to take Tor down or break its anonymity, most of this attempts were targeting encryption methods.
However MIT decided to take a different road and demonstrated what may be the simplest way yet to find out what people are accessing through Tor. Hopefully, there’s also a fix Tor’s operators can implement.
Tor is an acronym and stands for The Onion Router, which exactly depicts its structure. It offer anonymous access by passing network packets through multiple layers of encrypted connections which starts with entry node. Entry node is the only system that knows your real IP address, the next node knows the IP of the entry node and the next one knows of the previous mode.
This way no one knows who is accessing what and it becomes even harder when you visit a resource hosted within Tor.
According to Extreme Tech: Breaking the encryption to unmask users of Tor is complicated and can’t be done reliably right now, but the MIT technique doesn’t require compromising encryption. Instead, it’s a very clever form of traffic fingerprinting.
The attacker target entry nodes only by setting up a computer on the Tor anonymity network as an entry node and waiting for people to send requests through it. Upon connection to Tor too much network packets are sent both ways. MIT researchers figured out to create a machine learning algorithms to monitor that data and count the packets. Using only this metric, the system can determine with 99% accuracy what kind of resource the user is accessing (i.e. the open web, a hidden service, and so on).
Using additional traffic fingerprinting technology can determine with 88% accuracy what hidden services a user is accessing, while encryption is not compromised in this case too. Since the entry node is selected randomly for every Tor session, attacker would require to have lots of entry nodes in order to capture significant amounts of connections and network packets.
MIT suggest the following simple fix for Tor:
The fix for this attack is actually pretty simple. The Tor network needs to start sending dummy packets that make all requests look the same. If there’s no discernible pattern to the data, the destination can’t be determined. Tor developers have acknowledged the issue and are considering ways to implement a fix.