View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 17, 2014

Tor vulnerability could expose users 81% of the time

Anonymity work says false positive rate makes attack ‘effectively useless’.

By Jimmy Nicholls

Tor users could be vulnerable to IP unmasking through router analysis, according to a cross-university whitepaper. Users could be impacted more than four-fifths of the time.

By studying traffic at various points in the anonymity network, researchers could discern the identity of users all of the time in lab conditions, achieving the same 81.4% of the time in real-world experiments, with a 6.4% false positive rate.

"Previous research has shown that having access to a few Internet exchange points is enough for monitoring a significant percentage of the network paths from Tor nodes to destination servers," the researchers said.

"Although the capacity of current networks makes packet-level monitoring at such a scale quite challenging, adversaries could potentially use less accurate but readily available traffic monitoring functionality, such as Cisco’s NetFlow, to mount large-scale traffic analysis attacks."

They added that a single autonomous system could be used to monitor two-fifths of randomly generated Tor relays, meaning that a group of hackers could attack the network without being backed by a state.

Through injecting repetitive traffic into the network, both outside and inside, the team was able to compare exit traffic and work out the identity of a client, a flaw attributed to the low-latency activities the anonymity network was designed for, such as web browsing.

Despite this, Tor played down the paper’s significance, pointing to the false positive rate as a problem for hackers looking to exploit this flaw.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"That sounds like it means if you see a traffic flow at one side of the Tor network, and you have a set of 100000 flows on the other side and you’re trying to find the match, then 6000 of those flows will look like a match," it said.

"It’s easy to see how at scale, this "base rate fallacy" problem could make the attack effectively useless."

Researchers on the paper hailed from Columbia University in New York, the Stevens Institute of Technology in New Jersey and the Sapienza University of Rome.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.