Researchers have developed a new technique that could allow attackers to determine with a high degree of accuracy which Tor websites users are accessing and where those websites are hosted.
The new attack, which improves upon previous traffic fingerprinting techniques, was devised by researchers from the Massachusetts Institute of Technology (MIT) and the Qatar Computing Research Institute (QCRI), who found ways to differentiate between different types of connections in a user’s encrypted Tor traffic.
The Tor anonymity network was built to hide from network snoopers which websites or other Internet resources that user is accessing. It does this by wrapping the user’s requests in several layers of encryption and routing them through multiple computers that run the Tor software.
Each of those computers, known as nodes or relays, peel off one layer of encryption, before passing on the request to the next node. In this way the final node, called the exit relay, knows the request’s destination, but not its original source, while the first node, known as the entry guard, knows the original source, but not the final destination.
It has long been known that if an attacker controls both the entry guard and the exit relay used for a Tor connection, or circuit, he could use traffic correlation techniques to deanonymize the user. However, that’s hard to do, because Tor relays are chosen at random for every connection so an attacker would have to control a very large number of entry guards and exit relays to have a good chance of success.
Read the Full Article: Source – PC World
Browsing Privacy: (PC World) – Researchers improve de-anonymization attacks for websites hiding on Tor