Tor - the onion router – is a method of using the internet with anonymity. The concept was originally developed as a means for traffic-secure communications by David Goldschlag, Michael Reed and Paul Syverson at the Naval Research Laboratory in the mid 1990s. In 2002, Syverson collaborated with Roger Dingledine and Nick Mathewson to develop Tor itself, which has since spun off into the Tor Project Inc. Now Syverson has worked with Aaron Johnson, Chris Wacek, Rob Jansen and Micah Sherr to show that Tor is not as secure as its users might hope. In fact, if a single user regularly uses Tor over an extended length of time, it is almost certain that he can be ‘de-anonymized.’
It has long been known that Tor is vulnerable to an adversary able to observe traffic entering and leaving the anonymity network. This data combined with traffic patterns makes it possible to identify both the user and his destination. What the new paper does is provide “an analysis framework for evaluating the security of various user behaviors on the live Tor network and show how to concretely apply this framework by performing a comprehensive evaluation of the security of the Tor network against the threat of complete deanonymization.”
The results will concern those who use Tor to mask their internet behavior – whether they’re individuals trying to avoid surveillance on principle, journalists trying to protect sources, political dissidents, or the use of anonymity for illegal purposes. “Our analysis,” says the report, “shows that 80% of all types of users may be deanonymized by a relatively moderate Tor-relay adversary within six months.” It gets worse. “Our results also show that against a single AS [autonomous system] adversary roughly 100% of users in some common locations are deanonymized within three months.”
The availability of this research (now posted on both the WikiLeaks Discussion Forum and Cryptome) comes at a time when Roger Dingledine of the Tor Project has noted, “The number of Tor clients running appears to have doubled since August 19.” He added, “it would seem they're not doing much.” Dingledine is asking for ideas on the cause of this.
It is possible, but pure speculation, that these two things might be connected. David Harley, an independent security researcher, suspects that there is a genuine growth in users’ interest in Tor as “a direct response to the rise in general awareness that most of us are more exposed to surveillance by various departments of various governments than was previously perceived... I'm seeing some indications of a rise in the use of encryption tools, for instance, that seems to come from a similar perception,” he told Infosecurity.
“That said,” he added, “I’m quite sure that the same agencies that are monitoring Internet activity are fully aware of the Tor network and have been giving their full attention to getting whatever information they can from it since long before the present concerns arose. If participating in the network gives them that kind of aggregated de-anonymizing data, it would be very surprising if they weren't using that approach.”
Luis Corrons, technical director at PandaLabs, is equally certain that both things are happening – but equally uncertain that they are connected. “I have no doubt that government is entering Tor and trying to obtain as much information as possible – if not sabotaging it,” he told Infosecurity; “although I am not that sure if the spike of clients is due to that. Tor has been much in the news lately. In June and July I received 3 different questionnaires from 3 different media in Spain about Tor and the Deep Internet – so this is a topic that is being discussed a lot, which means that new people are joining Tor and giving it a try.”