81% of Tor users can be deanonymized due to routing analysis
An Indian researcher believes that with just one server, more than 80% of the traffic that passes through Tor can be deanonymized. The process uses Netflow technology built into Cisco routers and a special program analyzing Tor traffic. About these findings reports resource The Stack .
Professor Sambudho Chakravarti , a researcher on the subject of anonymity and privacy on the network at the Institute of Information Technology Indraprastha in Delhi, has been researching anonymity on the Tor network for the last six years. From his research, it follows that in the laboratory it is possible to de-anonymize a network similar to Tor by 100%, and in real - to open (learn the IP address) up to 81% of the nodes.
According to the professor’s report , the technique is based on the fact that the Tor network tries to transfer packets as quickly as possible so that it can be used for almost interactive operations like chat. Because of this, it becomes possible to analyze the traffic of input and output nodes, compare data and identify the addresses of those who sent requests. At first it was thought that this required very large computing power, but then it was shown that even one, powerful enough server, can track up to 39% of randomly created chains of Tor servers.
')
The professor writes in his work: “It’s not even necessary to have global resources to conduct such attacks with traffic analysis. A powerful malware can use an analysis technique to uncover Tor intermediary nodes and monitor traffic that passes through the victim's input node. ”
It turns out that such tracking doesn’t require resources available only to state agencies - you can use the existing capacity, NetFlow and specially prepared powerful server that counts the correlations between the input and output nodes. It is possible that something similar was used in Operation Operation Onymous , about which we have already written. I would like to once again urge everyone who cares about privacy and anonymity on the network to install an intermediate Tor node, and thereby help develop the network and reduce the likelihood of such attacks.
Professor Sambudho Chakravarti , a researcher on the subject of anonymity and privacy on the network at the Institute of Information Technology Indraprastha in Delhi, has been researching anonymity on the Tor network for the last six years. From his research, it follows that in the laboratory it is possible to de-anonymize a network similar to Tor by 100%, and in real - to open (learn the IP address) up to 81% of the nodes.
According to the professor’s report , the technique is based on the fact that the Tor network tries to transfer packets as quickly as possible so that it can be used for almost interactive operations like chat. Because of this, it becomes possible to analyze the traffic of input and output nodes, compare data and identify the addresses of those who sent requests. At first it was thought that this required very large computing power, but then it was shown that even one, powerful enough server, can track up to 39% of randomly created chains of Tor servers.
')
The professor writes in his work: “It’s not even necessary to have global resources to conduct such attacks with traffic analysis. A powerful malware can use an analysis technique to uncover Tor intermediary nodes and monitor traffic that passes through the victim's input node. ”
It turns out that such tracking doesn’t require resources available only to state agencies - you can use the existing capacity, NetFlow and specially prepared powerful server that counts the correlations between the input and output nodes. It is possible that something similar was used in Operation Operation Onymous , about which we have already written. I would like to once again urge everyone who cares about privacy and anonymity on the network to install an intermediate Tor node, and thereby help develop the network and reduce the likelihood of such attacks.
Source: https://habr.com/ru/post/356572/
All Articles