The 27th Chaos Communication Congress (27C3) has found a rather important flaw in the Tor anonymity network. The Tor (short for The Onion Router) has long been a faithful companion of whistleblowers, hackers and other people for whom anonymity on their network is of prime importance. In its simplest form the Tor network consists of a large number of volunteer nodes that know only the location of the next node in a large routing queue. The data is encrypted from your computer and sent to the first node, from which it is sent to the next in the queue and eventually to the server you want to information from, and then the data is sent back in a similar fashion. Thus, if someone is trying to spy on your web browsing habits, they will essentially be sent for a toss as they will never know where the data is exactly being sent to.
However, security researchers at the 27C3 have shown that, with a carefully executed attack, the surfer’s browsing habits can be revealed. If the attacker is on the same local network (such as the same Wi-Fi network or ISP regime) then they can coax out the path of the Tor routing process and can eventually find out the main server that the surfer is accessing.
The process requires a bit of preparation and has a sequence of steps attached to it:-
- The attacker will have to know a series of sites that the target is known to visit, either through network logs gained before the target used Tor, or by other surveillance means.
- Next, the attacker will run Tor on their own system for the potential sites, seeing how Tor routes the net and developing a fingerprint-like profile for the target’s Tor routing.
- When the target next goes online, the attacker can use the packet streams captured on the local network (thus it is imperative that the attacker be on the same network) and associate the data streams with the fingerprint using a pattern matching technology (akin to Bioinformatics applications).
Dominik Herrmann, a PhD student at Regensburg said that this pattern matching would only provide 55 to 60% chances of a correct guess which is not enough as a legal evidence, but enough for privacy paranoid people to be edgy.
Solving this issue might be a little difficult for the Tor project, but only time will tell how much they can solve.
[via Ars Technica]