Pierluigi Paganini
May 23, 2015
Tor and Deep web are becoming terms even popular among Internet users, the use of anonymizing network is constantly increasing for this reason intelligence agencies are focusing their efforts in its monitoring.
Edward Snowden has revealed that intelligence agencies belonging to the Five Eyes Alliance have tried to exploit several techniques to de-anonymized Tor users.
Today I desire to introduce you the result of the work of a joint effort of security researchers from American and Israeli organizations which have developed a new advanced Tor client called Astoria.
The Astoria Tor Client was specially designed to protect Tor user form surveillance activities, it implements a series of features that make eavesdropping harder.
Tor Network today is sustained via a volunteer network of more than 6000 relays/nodes, according to the Tor Metrics the number of Tor users is slightly more than two hundred thousand, as reported in the graph below.
The Tor traffic is protected implementing hop by hop encryption and by routing data through multiple relay servers in an unpredictable way.
Tor is vulnerable to a specific class of attacks known as “timing attacks” that are impossible to completely eliminate, but the idea behind Tor Astoria is to minimize the exposure to threat actors that are monitoring the Tor network.
Timing attacks request a significant effort to de-anonymize Tor users because they request the control of Tor servers representing the entry and exit relay servers of a Tor connection (aka circuit).
“An eavesdropper shouldn’t be able to know who the Tor user is either, thanks to the encrypted traffic being routed through 6,000 nodes in the network. But something called “timing attacks” change the situation. When an adversary takes control of both the entry and exit relays, research shows they can potentially deanonymize Tor users within minutes. A full 58 percent of Tor circuits are vulnerable to network-level attackers, such as the NSA or Britain’s Government Communications Headquarters (GCHQ), when they access popular websites, according to new research from American and Israeli academics. Chinese users are the most vulnerable of all to these kinds of attacks, with researchers finding 85.7 percent of all Tor circuits from the country to be vulnerable.” reported the Daily Dot,
Tor Astoria implements an algorithm that allows to more accurately predict attacks and then chooses the best and secure route to make a connection, in this way it reduces the possibility of success for a timing attack.
“In addition to providing high-levels of security against [timing] attacks, Astoria also has performance that is within a reasonable distance from the current available Tor client,” the researchers wrote. “Unlike other AS-aware [autonomous system aware] Tor clients, Astoria also considers how circuits should be built in the worst case,” when no safe relays are available. “Further, Astoria is a good network citizen and works to ensure that all the circuits created by it are load-balanced across the volunteer-driven Tor network.”
Tor Astoria aims to improve also user’s experience and implements numerous security features, according to the Daily Dot.
“Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority,” explained the researchers.
Enjoy the research paper “Measuring and mitigating AS-level adversaries against Tor.“
(Security Affairs – Tor Astoria, Hacking)
