Researchers Show How Attackers Can Crack Onion Router

Researchers in the United States say they’ve successfully shown how attackers could compromise a network designed to make it harder to trace Internet surfers and the websites they are viewing.

The researchers, from the University of Colorado in Boulder, focused their efforts on The Onion Router (Tor) network. Tor software enables the creation of networks of servers that can send traffic over many different routes, masking its original source.

The network offers users a greater degree of anonymity, since websites record the IP address of visiting machines, which could be linked to an individual user. Tor’s creators say they were aware of the research, but using the network is still effective.

The researchers, who consulted Tor project officials during their work, wrote on their website that they still feel it’s the "most secure and usable privacy-enhancing system available." But the paper outlines the privacy concerns that could arise from using the techniques.

"For example, law enforcement officers might use our techniques to cheaply and realistically track online predators," according to the paper. "The RIAA [Recording Industry Association of America] and other organizations might use our techniques to link Web or torrent requests to their corresponding requesters."

For the experiment, the researchers constructed their own isolated Tor network using 66 servers. They placed malicious servers within the network that were designed to draw a substantial portion of routing requests by misrepresenting their bandwidth capability.

Then the researchers used an algorithm to link the "path" of a website request. More than 46 percent of the time, the paths could be calculated, revealing the source of the traffic, the paper said.

But several attacks against Tor have been developed, wrote Shava Nerad, Tor’s executive director, on the project’s blog.

"We have never seen such an attack ‘in the wild,’ and we think it no more likely that this paper would make such an attack easier or more likely than it was a few years ago when another version of it was documented," Nerad wrote.

The Tor platform has been incorporated into applications such as Torpark, a browser based on Firefox that causes a computer’s IP address to appear to regularly change.

-Jeremy Kirk, IDG News Service (London Bureau)

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies