Tor and new anonymity alternatives

Original author: JM Porup
  • Transfer


Good day, readers of GeekTimes! I offer you my translation of material published previously by ArsTechnica. In the first part of the publication, the author briefly analyzes the disadvantages and advantages of the Tor network in the light of the events of the past few years, draws conclusions about the possibility of replacing it with alternative options. The second part discusses several modern developments in this area that can compete with Tor or strengthen and complement it. If you are interested, then directly under the cut you will find the translation.

Since 3 years ago, Edward Snowden left the room of a Hong Kong hotel under camera lenses to share shocking information about mass state surveillance with the whole world, the popularity of the anonymous Tor network has grown many times. Journalists and activists were eager to use Tor tools to avoid the massive surveillance that we all now live under, and residents of countries where the Internet is censored, such as Turkey or Saudi Arabia, turned to Tor to bypass state "firewalls." Law enforcement authorities were less enthusiastic about the situation, expressing concern that online anonymity is also contributing to increased criminal activity.

The increase in the number of network users did not go unnoticed and now the onion router is under constant pressure from a considerable number of people who want to identify its faceless users. Snowden-released data indicate that the US National Security Agency (NSA) and the UK Government Communications Center (TSC) have been studying Tor in order to find a way to deanonymize it over the past decade. In 2014, the US government paid Carnegie Mellon University to implement a series of dummy nodes to deanonymize network users. Also in the last years, a scientific work was released that outlined a method that allowed under certain circumstances to conduct an effective attack on Tor's hidden services. Moreover,


The unforgettable and already-classic slide “Thor stinks ...” from a collection of documents handed over to Snowden by the public.

The first weaknesses have already been found. A study conducted in 2013 by the American Navy Research Laboratory, which initially, incidentally, supported Tor development, concluded that in just six months, “80% of all types of network users can be relatively easily deanonymized by an attacker who uses infected nodes.”

Despite this conclusion, the main author of the study, an officer of the Navy NIL Aaron Johnson, believes that talking about some Tor hacking is inappropriate here: the essence of the problem is rather that the project was never conceived as something capable of withstanding the attacks of the world's most powerful attackers.

“Perhaps the threat models have changed, and these tools are no longer suitable for the goals set several years ago,” he explains. - Tor hasn't changed. The world has changed. ”

New threats



A graph illustrating the sharp leap in Tor's use in Turkey during the recent crackdown on government opponents

Tor's weakness for traffic-analyzing attacks is well known. The original project documentation indicates the vulnerability of the system to the “global passive attacker”, capable of listening to all traffic, both entering the Tor network and leaving it. By juxtaposing both traffic flows, such an attacker can deanonymize each user.

However, as co-founder of the Tor project Nick Mathewson explained, the main problem of the network is not at all this.

“No intruder can afford to act truly global. He, however, does not need such ubiquity, says Mathewson. - To eavesdrop on a large amount of traffic, only a few computers connected to the network are enough, coupled with a selective DOS attack that allows artificially redirecting traffic to them. And the organization of such an attack will require only about 10 thousand dollars. "

At the simplest level, an adversary exploiting two malicious nodes - one input and one output - is able to analyze traffic and thereby identify a tiny percentage of the least successful users whose data flow passed through both of these nodes. Currently, of the 7 thousand available Tor network nodes, about 2 thousand are input nodes and about a thousand are output nodes. Therefore, the probability of such an event is approximately 1 in 2 million (1/2000 x 1/1000).

However, as Professor Brian Ford, who heads the laboratory of decentralized and distributed systems at the Swiss Federal Polytechnic School of Lausanne, explains: “If an attacker can add a sufficient number of input and output nodes, increasing their number, say, so that they begin to process up to 10 percent of the global the input and output bandwidth of the network, then it will be able to deanonymize about one percent of all Tor connections. ”

“Typically, in a normal browser session, users tend to open many connections to different remote websites and HTTP servers at the same time. Moreover, the longer the session lasts, the more connections you open at a time, he adds. - This means that if you use Tor often enough to browse web pages, over time you will have several hundred different connections and you can almost certainly be sure that the owner of the fake nodes can easily deanonymize at least one of your Tor- compound".

For a dissident or journalist who is concerned about the visit of the secret police, such disclosure of identity on the net may mean arrest, torture or death.

The hype around Tor and the public discovery of its weaknesses ultimately triggered academic research aimed both at finding ways to strengthen the network and at developing alternative systems to ensure anonymity. The priority for most researchers was to find the best ways to prevent traffic analysis. A hypothetically new anonymity system may be just as vulnerable to the practice of operating untrusted nodes as Tor. However, any improvement in protection against traffic analysis will make listening sites much less useful for their owners and significantly increase the cost of revealing the identity of users.

So what prevents us most from moving forward in this area? Firstly, despite all the nuances mentioned above, Tor is still one of the best solutions for ensuring online anonymity. Secondly, over the many years of its existence, a strong community has grown around Tor, consisting of developers and volunteers engaged in constant support of the network’s performance. Therefore, if someone succeeds in deploying and scaling an improved Tor analog in the real world, and not just within the walls of the laboratory, this event in itself will be a very significant achievement.

Reasons for Tor's Success


Tor was designed as a general-purpose anonymity network optimized to work exclusively with TCP traffic at low network latencies. Web browsing has been and remains the most important way to use it, as evidenced by the popularity of the Tor Browser Bundle. This popularity has served well for those wishing to hide their online presence, as the more people use Tor, the more difficult it becomes to passively identify its individual users.

However, this architecture also has its own costs: browsing the web using Tor is possible only with low latency indicators (delays in transmitting information). Naturally, the more time a web page takes to load, the fewer users will wait until this happens. Therefore, Tor developers have sacrificed some degree of anonymity in order to achieve web browsing speed that is convenient for most users. At the same time, scaling the system leads to the complication of its deanonymization. The authors of the Tor concept reasoned that strong and at the same time accessible to many comers anonymity would be better than ideal, but too slow to solve the tasks of most people.

“There are many projects that allow you to get a greater degree of anonymity by reducing the latency and bandwidth requirements of the Internet channel,” says Matthewson. “The main question in this area of ​​research is the search for a“ golden mean ”.”

“Can a 20-second delay be considered normal for chat? He asks. - Is email acceptable when the delay is five minutes? How many users will agree to work with such a system? ”

According to Matthewson, he is very enthusiastic about some of the other anonymity systems that are appearing today, but at the same time, he urges them to be used carefully, since they are all at the stage of academic research and are still not prepared for full-scale downloading and wide application end users.

Ford agrees with him: “The problem is taking the next big step forward, going beyond Tor. Today we have already come to the understanding that a much higher level of security is achievable, but we still have a lot of work to do to turn modern developments into a product that is suitable for use. ”

Can I replace Tor?


The experience of many leaders in the field of anonymity shows that Tor will not leave the stage soon. According to the most likely scenario, in the future Tor will remain a “good, but not perfect” anonymous public network. As for the new analogues, they will be optimized for specific applications, such as anonymizing the exchange of messages or files, microblogging or voice over IP.

And of course, the Tor Project will not stand still. As Mathewson notes with some pleasure, Tor in its current form is very different from the first public release that took place more than ten years ago. And this evolution will continue.

“I always anticipated that the Tor that we will be using in five years will look completely different from the version we are using today,” he says. - Whether the project will continue to be called Tor largely depends on who will work on it and release releases. We do not give up on innovation. “I always wanted to have better and more practical solutions in our hands to protect people's right to privacy.”

Next, we will tell you about five projects dedicated to innovative developments in the field of security. Here is a brief summary of new creative ideas in this area, from which you will learn about the current status of each project and assess the degree of their readiness for full use.

Herd: signal without metadata


Let's start with the twins Aqua and Herd, who are most prepared for launch in "combat conditions". Aqua (short for Anonymous Quanta) is a project of an anonymous file-sharing network, and Herd is an anonymous voice-over-IP network based on Aqua and having similar parameters. Project leader Stevens Le Blon, a research scientist at the Max Planck Society's Institute of Software Systems in Germany, also described Herd as a “signal-free metadata” transmission system.

Le Blon said that his team had already implemented a working prototype of Herd at his native institute and, together with his colleagues from Northeastern University in the USA, had recently received funding in the amount of half a million dollars from the American National Science Foundation for the actual deployment of Herd, Aqua and other systems ensuring anonymity on the Internet for the next three years. With funding on hand, Le Blonte hopes to see the first Herd nodes launched and fully ready for use by users in 2017.

At the heart of both Herd and Aqua's work is traffic jamming - random noise, which makes the data diagrams of two different network users indistinguishable. Unlike Tor, which, with certain difficulties, can handle voice over IPin the manner of a shortwave radio , Herd promises to provide an implementation of practical, secure and anonymous VoIP calls.

“Aqua and Herd are trying to combine practicality and anonymity by designing, developing and deploying networks with low latency and / or high bandwidth without having to sacrifice some degree of anonymity,” says Le Blond.

Ford believes that of all modern projects, Herd and Aqua represent the most tangible progress in the development of technology for providing anonymity. “I can well assume that developments like Aqua or Herd could replace Tor in the long run,” he says.

Vuvuzela / Alpenhorn: metadata-free chat


Vuvuzela is a project named after the noisy horn popular with football fans in Africa and Latin America, and its second iteration, Alpenhorn , offers its users an anonymous, metadata-free chat. The best chat room available today is Ricochet . Earlier, the now frozen Pond project also showed great promise . However, according to project leader David Lazar, Alpenhorn will offer enhanced privacy protections.

“Pond and Ricochet rely on Tor, which is known to be vulnerable to traffic analysis attacks,” says Lazar. “Vuvuzela is a new project that protects its users from such attacks and has formalized guarantees of the integrity of the transmitted data.”


So the creators of Vuvuzela / Alpenhorn see their work in comparison with similar projects.

“Our experiments show that Vuvuzela and Alpenhorn can be scaled to a million users,” he adds. “And now we're working on launching open beta testing.”

Chat anonymity is ensured by encrypting metadata, by adding noise to those that are not subject to encryption and using the differential privacy method to analyze the degree of anonymity that this noise provides.

Written in Go, Alpenhorn code fits in just 3k lines. As for scaling, with a parallel activity of 1 million users exchanging information with a throughput of 60 thousand messages per second, the network delay to send 1 message is 37 seconds.


Where is the noise here, and where is the discussion of the grandmother's culinary recipe?

The application is being developed by a team of researchers from the MIT Laboratory of Computer Science and Artificial Intelligence. Scientists will present the results of their research at the November Usenix Symposium 2016 event.

“We are currently working on the final version of the project documentation and are preparing the Vuvuzela and Alpenhorn code for production,” says Lazar. “In the meantime, users who wish to follow the development of the project can subscribe to our electronic newsletter .”

Dissent: squeezing the most out of cutting-edge theory


Increased anonymity is always associated with increased requirements for latency and bandwidth of the Internet channel. A project by Brian Ford called Dissent made a splash a few years ago, promising to ensure safety at 11 points on a 10-point scale. The demonstration test version of Dissent provided cryptographically verifiable anonymity, but noted serious limitations in terms of scalability and usability.

In contrast to the Tor onion routing model, Dissent's work is based on the use of the dining cryptographs algorithm, or rather, the so-called DC networks, which are capable of applying this algorithm for practical purposes. In addition, Dissent also combines DC networks with a scheduled messaging algorithm.. As a result of combining these and other technologies, an architecture was born that offers almost or almost the highest degree of anonymity attainable today.

High network latency and low bandwidth when working with the network will not prevent true dissidents and opposition members from appreciating its capabilities. The optimal scenario for using the project is a group broadcast of messages that does not require real-time interaction, which is well suited for activities such as blogging and microblogging, or even IRC.

DC networks are designed so that when one client wants to send a message to a group of other recipients, their clients must also send a group message of the same size. This significantly overloads the channel, as a result of which Dissent is now able to simultaneously support up to several thousand users. However, according to Ford, his team is already working on optimizing the algorithm.

Dissent can also be useful for organizing PriFi - as Ford called the integration of his product into a corporate Wi-Fi network or a campus network. This combination could provide provably anonymous browsing of the web pages within the building. That is, some passive observer, of course, will be able to find out that someone on the campus was browsing a specific website, but he will not be able to identify the identity of a particular user. PriFi traffic directed to the Tor network will achieve even higher levels of anonymity.

The Dissent team is currently redesigning the project and rewriting it on Go, and some of the new components, according to Ford, are already available on Github , but they are parts of a single whole and are therefore not yet ready for use.

“Unfortunately, this code is not yet ready for use by users who want to“ play around ”with a full-fledged system for ensuring anonymity,” says Ford. “However, we gladly welcome all those who like to delve into the code who want to help us in the further development of these parts or linking them together into a working application.”

Dissent has become a cornerstone in the research of anonymity. The creators of the following two projects drew their inspiration, both from it and from the desire to create a more effective system of ensuring anonymity, while preserving the main characteristics of Dissent.

Riffle: anonymous file sharing


Like Aqua, the main use of Riffle is through anonymous file sharing. Contrary to some reports that this new development could replace Tor, in reality Riffle, if launched successfully, can not only complement Tor, but maybe even speed it up by providing a more secure alternative for anonymous sharing of large files.

“Riffle should not be seen as a replacement for Tor, but as a complement to it,” says MIT graduate student and project lead Albert Kwon. “We have a completely different goal: we want to achieve the highest possible level of anonymity, without the need to sacrifice practicality.”

As Kwon explained to us, his interest in developing an anonymous file sharing system has nothing to do with copyright infringement. It is all about wanting to help reporters anonymously send large files and simplify the process of transferring large sets of documents from whistleblowers to publishers.

“In Tor, trying to transfer a very large file in a short amount of time is significantly different from the usual transfer of files on the open segment of the Internet,” says Kwon. - Moreover, such a person may be given some characteristic signs that can be traced. I would like to create such a file exchange group that will allow everyone to maintain their anonymity. Many journalists would like to be able to work with something like this. ”

The source of inspiration for Riffle was Dissent, and like it, Riffle uses a scheduled messaging algorithm, abandoning, however, the Spartan simplicity of DC network algorithms for the sake of overall efficiency. According to Kwon, the program can also be used for anonymous microblogging, but the academic prototype is unsuitable for ordinary users. The next semester, a young researcher plans to devote to creating an open alpha version.

Riposte: Anonymous Twitter


Like Riffle, Riposte draws its inspiration from Dissent's ideas, but its architecture has been optimized for one single use: microblogging.

“This is an example that any developer who wants to adapt the system design to a specific application can achieve a higher level of performance,” said Henry Corrigan-Gibbs, a graduate student at Stanford's Applied Cryptography Group and lead researcher at Riposte. “You can't solve all the problems at the same time.”

Riposte retains strong anonymity parameters for DC networks, including their resistance to traffic analysis and malicious client attacks that cause network outages. Moreover, the number of simultaneous network users can reach one million people. A side effect is again an increased delay. However, according to Corrigan-Gibbs, such costs are quite acceptable for services operating on the principle of Twitter.

“Anonymity combined with low latency has an inherent flaw, which is the ability of an attacker to see large, or most interesting parts of a network,” he explains.

Riposte now exists as an academic prototype. The Corrigan-Gibbs team is working to improve anonymity and security settings. The project leader himself hopes that at leastsome of Riposte ’s ideas will be integrated into existing communication platforms for users who are concerned about privacy issues.

The Riposte team does not plan to deploy the network themselves, at least for now. “I came up with the architecture and developed a prototype system to show that it works,” the researcher explains. - In order to create something truly serious, a completely different set of important skills is required. The scale of the Tor Project is impressive, as is the ability of its members to keep afloat a distributed system of such enormous size with relatively little funding. ”

From research to reality


The gap between academic research and practical implementation is a challenge for researchers who want to scale their prototypes of next-generation anonymity technologies and launch them in the real world. Academics who want to build a career as a professor are faced with a system that encourages the publication of scientific ideas and the development of evidence for concepts. When it comes to developing a product that is applicable in practice, distributing it and attracting users, the academic community is no longer interested in these processes.

In addition, as the researchers themselves admit, the set of skills required for the full-scale practical implementation of software is in no way connected with their main research activity. “Much of the work on developing next-generation anonymous networks is done in the research community, and this is usually not the best option in terms of getting full-fledged, real-world products,” says Ford. “In my group at the Lausanne Federal Polytechnic School, I am trying to change this situation at least locally.”

Mathewson takes this with understanding, since Tor began its existence as a research work, the practical results of which he, he said, wanted to observe for several years, subsequently transferring the project to someone else. More than 10 years later, Tor Project participants gained deep experience in maintaining the network, which for many dissenters was a vital infrastructure and the only barrier between an unwanted tweet or blog post and a visit to the secret police.

Mathyuson gives researchers the following advice: try your products on yourself.

“I have already spoken about this before. For me, the most important indicator and at the same time the most coveted words from the developers will be the phrase “we not only designed the program and conducted the tests, but also use it ourselves to exchange information in our daily work,” he says. “The best choice we have made in all this time is the decision to launch Tor from the very beginning in real conditions, trying to make it accessible to the whole world as fast as possible.”

“By operating the software, you study it as well as you feel the taste of the food you eat,” he explains. - You can’t be a cook and come up with recipes, but never try them. In the same way, you cannot really understand whether the solution you have come up with is workable until you donate it to people, including yourself. ”

Democracy will fail without anonymity


Today, three years after Snowden’s revelations, strong encryption is almost ubiquitous, covering more and more web traffic and making secure communications possible for the billion users of WhatsApp and Signal.

“However, unfortunately, in spite of its obvious usefulness, encryption will not be able to protect you from metadata leakage about who, when, and, in some cases, even what you are talking about,” explains Chris Soghoyan, Speech’s chief technology officer, Privacy , and Technology of the American Civil Liberties Union. "

“We are desperate for ways to protect metadata because there are a number of users who are most in need of protecting their information space. This is primarily about people like journalists, activists, or LGBT teenagers who hide their orientation, for whom disclosing the very fact of who they spoke to can be a threat, he says. “And if people don’t feel that they have the opportunity to freely communicate, read, organize in groups or speak, then democracy is defeated.”

Also popular now: