An eavesdropper shouldn’t be able to know who the Tor user is either, thanks to the encrypted traffic being routed through 6,000 nodes in the network.
The timing attacks which are no longer solely in the realm of academic research with recent revelations about the NSA and GCHQ actively working to implement them in practice.
A full 58 percent of Tor circuits are vulnerable to network-level attackers, such as the NSA or Britain’s Government Communications Headquarters (GCHQ), when they access popular websites.
According to new research from American and Israeli academics. Chinese users are the most vulnerable of all to these kinds of attacks, with researchers finding 85.7 percent of all Tor circuits from the country to be vulnerable.
Even though Tor is designed to provide complete anonymity to its users, the NSA’s position means they can potentially see and measure both traffic entering the Tor network and the traffic that comes out. When an intelligence agency can see both, simple statistics help an autonomous system at their control match the data up in a timing attack and discover the identity of the sender.
Timing attacks have been shown to be feasible and practical for network-level attackers. Specifically, a timing attack may be implemented by any autonomous system (AS) that lies on both, the path from the Tor client to the entry relay and the path from the exit relay to the destination.
The threat of network-level adversaries has been exacerbated by a recent study which highlights that the set of potential ASes that may perform timing analysis is potentially much larger due to asymmetric routing, routing instabilities, and intentional manipulations of the Internet’s routing system.
These attacks significantly raise the bar for relay-selection systems. Specifically, they require the relayselection system be able to accurately measure or predict network paths in both the forward and reverse direction.
Measuring the reverse path between two Internet hosts is non-trivial, especially when the client does not have control over the destination, as is commonly the case for popular Web services. While solutions for measuring reverse paths have been proposed, they are still not widely deployed or available.
following key observations:
- 58% of circuits constructed by Tor are vulnerable to network-level attackers.
- 43% of all sites in the local Alexa Top 500 of Brazil, China, Germany, Spain, France, England, Iran, Italy, Russia, and the United States had main content that was not reached via a safe path – i.e., a path that was free from network-level attackers.
- Connections from China were found to be most vulnerable to network-level attackers with 85.7% of all Tor circuits and 78% of all main content requests to sites in the local Alexa Top 500 being vulnerable to colluding network-level attackers.
- Reducing the number of entry guards results in an increase in vulnerability of Tor circuits in several countries. The most drastic loss of security was seen in Spain. In particular, Tor with 3 guards (default) had 34.8% vulnerable circuits, Tor with 2 guards had 59.8% vulnerable circuits, and Tor with a single guard had 75.7% vulnerable circuits.
The importance of applying current models and data from network measurement to inform relayselection and help avoid timing attacks. Astoria also opens multiple avenues for future work such as integrating realtime hijack and interception detection systems and understanding how new measurement services can be leveraged by a Tor client without defeating anonymity.
