The researchers at the Tor project have elaborated a new way to generate random numbers to support security improvements of its next-generation onion router.
The Random Number Generators are essential components for any encryption application, they are computational resources specifically designed to generate sequences of symbols that is causal and not predictable . These components are the backbone for the generation of encryption keys. If the attacker is able to predict the numbers used for the generation of the encryption keys it could discover the range of possible key and try to compromise the entire encryption process.
Now you can imagine the importance of Random Number Generators (RGNs) for the Tor anonymizing network that heavily rely on encryption.
The Tor network relies on the Onion routing for anonymous communication over a computer network. Messages are encapsulated in layers of encryption, and encrypted data is transmitted through a series of network nodes (onion routers), each of which peels away a single layer, to establish next hop to send data to. The process is reiterated until the message reaches the final destination. The sender remains anonymous because each intermediary node only knows the immediately preceding node from which the node arrived and the following nodes.
Tor developer started to work on a distributed random number generator several months ago and now announced a significant evolution on the project.
“Our main goal with this meeting was to accelerate the development of the Next Generation Onion Services project (aka proposal 224). We have been working on this project for the past several months and have made great progress. However, it’s a huge project! Because of its volume and complexity,” states a blog post published by the Tor Project. “we started designing a system for distributed random number generation on the Tor network. A “distributed random number generator”is a system where multiple computers collaborate and generate a single random number in a way that nobody could have predicted in advance (not even themselves). Such a system will be used by next generation onion services to inject unpredictability into the system and enhance their security.
Tor developers finished implementing the protocol several months ago, and since then we’ve been reviewing, auditing, and testing the code.”
Each researcher involved in the project set up a Tor node and enabled the “distributed random number generation” feature. The experts at Tor Project tested their new solution last week on an 11-node belonging the Tor network.
“We had Tor nodes in countries all around the world, just like the real Tor network, but this was a network just for ourselves! This resulted in a “testing Tor network” with 11 nodes, all performing the random number generation protocol for a whole week.”
The test ran for an entire week and allowed the team to find and fix bugs, they also confirmed that their system can work even in the case of a network failure.
“This allowed us to test scenarios that could make the protocol burp and fail in unpredictable ways.” states the post “For example, we instructed our testing Tor nodes to abort at crucial protocol moments, and come back in the worst time possible ways, just to stress test the system. We had our nodes run ancient Tor versions, perform random chaotic behaviors, disappear and never come back, etc.”
The project for a distributed Random Number Generator is still ongoing, the developers believe they can still improve it.
The experts believe it will be implemented in the next version of Tor that will also adopt 55-character-long addresses instead actual 55-character-long addresses.
If you are interested in the full spec for next-generation Tor give a look to the Proposal 224.
https://www.surveymonkey.com/r/secbloggerwards2016
Thank you
Pierluigi
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Tor Network, Random number generator)
[adrotate banner=”5″]
[adrotate banner=”13″]