Tor Project and the new anti-tampering measures for its software

Tor Project revealed how the organization has conducted a three-year long work to improve its ability to detect fraudulent software.

The experts at the Tor Project are working to improve the resilience of the anonymizing network to cyber attacks, in particular, they aim to quickly detect any surveillance activity conducted by tempering the Tor system.

The researchers fear that the US Government could interfere with the Tor project by requesting the organization to turn over critical information that would compromise the security of the network and cause in de-anonymization of the users.

Mike Perry from the Tor Project, highlighted that the organization has never received a legal demand to place a backdoor in its source code, nor have we received any requests to hand over cryptographic signing material.

The Tor Browser is an open source, this means that everyone could analyze it, the organization also implements several mechanisms to ensure the security and integrity of its software.

Now the experts want more, they are exploring further improvements to eliminate single points of failure, so that even if a threat actor obtains our cryptographic keys, the anonymizing network would be able to detect the anomalous activity. The development team behind the Tor Project is designing the system in such a way to make visible any change to the original source code.

“For this reason, regardless of the outcome of the Apple decision, we are exploring further ways to eliminate single points of failure, so that even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue.” wrote Mike Perry.

“From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered.” he added.

To distribute a tampered version of the Tor Browser it would be required the access to two cryptographic keys:

• the SSL/TLS key that secures the connection between a user and Tor Project servers; plus the key used to sign a software update.
• the key used to sign a software update;

“Right now, two keys are required, and those keys are not accessible by the same people,” explained Perry. “They are also secured in different ways.”

Even if a persistent attacker is able to obtain the two keys, in theory, users would be able to check the software’s hash and discover any modification by checking it.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Privacy, Tor Project)