Vulnerabilities In TOR

Tor Networks

Tor Networks

 

TOR: the diversion of technology diverted
http://adam.hypotheses.org/1149

 

Tor is a distributed network designed to facilitate anonymous communication. It was developed by the Navy of the United States for the U.S. government to communicate data securely over the Internet. The tool was then abandoned and made ​​available to the public under open source license. While it was originally adopted to protect users’ personal data against interference by governments, the Tor network is now a technology used by some governments to monitor users on the Internet.

Communicate on the Internet includes issues of different nature. First, the Internet is a distributed architecture, the path of the packets can not be determined a priori – whatever the protocol used. It is therefore impossible to ensure that a message sent over the Internet will not be intercepted – or worse changed – by someone else. Then, any message sent over the Internet involves a transfer of packets across multiple servers that are aware of either the source or destination of these packets. These addresses (source and destination) are stored on servers and can then be retrieved to identify the identity of persons who sent or received packets. Finally, given that the transfer of packets over the Internet can be done through Internet access providers, they have the ability to control, and why not to filter everything that happens on their networks. So there is no guarantee that a message actually arrives at destination without first being censored.

These risks to security and privacy of Internet communications has led several organizations, including the U.S. Navy to develop a program whose objective was to ensure communication security and anonymity of participants. The Tor network has been designed as a tool to protect U.S. government communications against unauthorized access or misuse.

If governments are concerned with protecting their own communications, they do not care to guarantee the same protection to citizens who communicate on the Internet. On the contrary: since the Internet has become a means of mass communication, the governments of all countries try to control and regulate Internet communications, under the pretext of protecting users and ensure the public both in the physical world in the digital world.

 

The First Diversion

 The right to privacy and freedom of expression have become increasingly at risk on the Internet. Faced with numerous violations of privacy established by legislation to limit the exchange of content protected by copyright, and the various limitations on the dissemination of illegal content (works protected by copyright or content within pornography, pedophilia, etc.) or defamatory, users must learn to protect their rights by their own means.

While it had been abandoned by the government of the United States, the development of Tor was taken by the Electronic Frontier Foundation (EFF) to produce an instrument that guarantees the anonymity of users. Tor has been hijacked by civil society that has turned a tool designed to help the government to provide information without the knowledge of prying eyes, a tool designed to protect the privacy of users and for the defense of freedom of expression against the interference of governments.

 Now Tor is a software designed to guarantee the anonymity of online communications. Based on a network of volunteers around the world, Tor introduced a new communication layer cryptographiée on the network in order to cover not only the content but also the origin and destination of communications. Regarding privacy, it prevents network monitoring and traffic analysis by Internet access providers, while allowing users to submit information anonymously. With regard to freedom of expression, Tor is a tool that can also be used to circumvent censorship, as it allows users to access servers blocked by firewalls or national institutions, and provide information to public anonymously, without fear of being apprehended.

 

The Operation Of The Tor Network

 In general, cryptography alone is not sufficient to guarantee the anonymity of users because it is always possible to identify the source and destination of the packets on the Internet. Based on the mechanism of onion routing (onion routing), the Tor network has been constructed to prevent anyone to know both the origin and destination of packets.

 The principle of onion routing is a mechanism by which the data is encrypted several times with different encryption keys, and then be sent to multiple nodes in the network. The data are therefore protected by several layers of encryption, which will be phased out by each node until they reach their final destination where they will be readable again.

To ensure an anonymous communication, data transferred over the Tor network must pass at least three different routers. The origin of communications are known as routers input and destination of communications are known as egress routers. Other network nodes are intermediate routers who do not know the origin or destination of the packets they transfer.

 Routers are the input nodes to which the user connects to access the Tor network. Since the IP address of users is of necessity visible, this is a weak point and users must ensure they do not connect to a node with bad intentions. Tor has introduced a series of official directories to provide users with a list of Tor nodes certified that the user can be trusted. When a user wishes to communicate or receive information anonymously, the Tor software builds a random path of three different nodes that will take charge to transfer packets from their source address to its final destination – that it will only be known by the router output.

 

Abuse of the Tor Network

 

Anonymity guaranteed by the Tor network is however a double-edged sword. Since the traffic can be traced up to the IP address of egress routers, users can theoretically abuse the network to access the content illegally, for example for free works protected by copyright , to view illegal content (eg pornographic or pedophile) and to publish content that is libelous or engage in illegal activities such as criminal operations or distribution of unsolicited email (spam).

The U.S. authorities therefore seek to regulate the use of this technology in order to limit abuse. First, it was argued that each output node should be held accountable for the traffic it forwards. This approach is likely to jeopardize the viability of the network as this would significantly reduce the number of routers available output, thereby increasing congestion. Many takedown notices have been sent to several institutions, based on the provisions of the DMCA (Digital Millennium Copyright Act) asking them to close their egress routers and prevent users from opening new ones. Although the EFF insists that the Tor routers within the “safe havens” (Safe Harbour) of the DMCA as a single router (mother transit), a definitive legal answer has not yet been provided. If the law does not explicitly address the question of the legal responsibility of egress routers, the Tor network may lose functionality in response to side effects (Chilling Effects) generated.

The problem is whether to ban anonymity in the network, despite the legitimate use of anonymity, or the technology must be defended on the contrary, despite the fact that anonymity allows users to perform illegal (or rather their task easier). The question has not been properly cut a legislative point of view or case law and the legality of the Tor network remains so far unclear.

 

The Second Diversion

 Rather than legislate the legality of the network, the solution adopted by some governments has been to use Tor, not in order to guarantee the anonymity of communication, but rather in order to return to their technology own advantage by exploiting security vulnerabilities characteristics of onion routing. Rather than fight this new technology, the idea the more surprising, though unorthodox these governments has been to use the system against itself to control traffic and to monitor communications of users.

 Indeed, although the Tor network is designed to ensure the anonymity of users, he met some security issues related to the way it was designed. Since Tor only controls what happens inside the network, it can not protect users against the control and monitoring of traffic in or out of network. In particular, the outgoing traffic can not be encrypted because it would then not be understood by the destination server. Thus, when the network is used with insecure protocols (such as POP, IMAP, FTP, Telnet, etc.), the egress routers can analyze user traffic to identify sensitive information such as their username and password unencrypted. While this does not necessarily reveal the identity of users, they must however be aware of the risks and take precautions when they connect to the network. The danger is even greater than the use of a third party application unsecured whatsoever by a user of the Tor network, can identify the IP address of that user and then associate the same IP address all communications from this user (the bad apple attack).

 The egress routers can also change the contents of packets traveling through them, for example to filter or censor certain types of information, or worse, to carry out attacks “Man In The Middle” ( or MITM – an attack that aims to intercept communications between two parties without any of them can not suspecting it) in order to impersonate the destination server.

This technique has been used by some contributors to Wikileaks, which operated out of several routers in the Tor network in an attempt to obtain confidential information (see Appelbaum’s lostinthenoise.net network). Assange himself has admitted that many documents on Wikileaks were obtained by analyzing traffic from several peer-to-peer, Tor is probably the most interesting.

 But not limited to individuals. Governments of the United States, China and Russia are known to operate on the Tor network with many output nodes, whose number has increased steadily since 2007.

Although the analysis of traffic on the routers is usually carried out without the knowledge of users, such a transaction was disclosed recently by several magazines, including Forbes and Wired. This is the case of the Vigilant, a watchdog group that, apparently, analyzes traffic for multiple ISPs in the United States to identify operations (terrorist or otherwise) that could harm national security.

According to the Forbes story, “One of Project Vigilant’s manifold methods for gathering intelligence includes information from a dozen Collecting US regional Internet Service Providers (ISPs). Because the ISPs included a provision allowing ‘em to share users’ Internet Activities with Third Parties in Their End User License Agreement, Vigilant WAS Able to gather data from Those Legally Internet carriers and use it to craft reports for Federal Agencies. A Vigilant press release says the organization tracks That More than 250 million IP addresses a day and can “Develop portfolios on any name, screen name or IP address.”

 The project includes a Vigilant analyst community volunteers whose mission is to collect and analyze as much data on the Tor network in order to submit this information to the federal government. If this report was refuted as largely exaggerated, about the project Vigilant is it, indeed documented: “Project Vigilant IS Funded by BBHC Global, an information security firm based in the Midwest, and private donations. According To BBHC manager, Steven Ruhe, “In the Fight Against Terror, the US Needs all the help it Can Get, Even If That Comes assistance from Unpaid Volunteers. For the past 14 years, a significant volunteer group of US Citizens has-been operating in near total secrecy to monitor and report illegal or harmful activity Potentially on the Web. “

It is hard to imagine that if Tor is actually used to communicate anonymously and bypass firewalls or censorship imposed by governments, they do not strive to exploit the network to monitor traffic and identify impaired users intentioned.

 Obviously, this risk exists for users who do not take precautions to protect their communications. It is sufficient to use a secure protocol when transferring data to ensure that no one can control the packets and discover the identity of users communicating over the Tor network. This is why does this risk is likely that people who actually have nothing to hide and therefore have no incentive to communicate anonymously and without the knowledge of governments. Nevertheless, giving the impression that it is possible to communicate securely without any effort, the Tor network is a tool that can potentially be misused by governments to monitor the communications of many of users.

Be Sociable, Share!

Leave a Reply

Your email address will not be published. Required fields are marked *