81% of Tor users can be de-anonymised by analysing router

[steven36]

81% of Tor users can be de-anonymised by analysing router information, research indicates

Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be ‘de-anonymised’ – their originating IP addresses revealed – by exploiting the ‘Netflow’ technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers.

Professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi, has co-published a series of papers over the last six years outlining the attack vector, and claims a 100% ‘decloaking’ success rate under laboratory conditions, and 81.4% in the actual wilds of the Tor network.

Chakravarty’s technique [PDF] involves introducing disturbances in the highly-regulated environs of Onion Router protocols using a modified public Tor server running on Linux - hosted at the time at Columbia University. His work on large-scale traffic analysis attacks in the Tor environment has convinced him that a well-resourced organisation could achieve an extremely high capacity to de-anonymise Tor traffic on an ad hoc basis – but also that one would not necessarily need the resources of a nation state to do so, stating that a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits.

Chakravarty says: “…it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods […] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection,”

The technique depends on injecting a repeating traffic pattern – such as HTML files, the same kind of traffic of which most Tor browsing consists – into the TCP connection that it sees originating in the target exit node, and then comparing the server’s exit traffic for the Tor clients, as derived from the router’s flow records, to facilitate client identification.

Traffic analysis of this kind does not involve the enormous expense and infrastructural effort that the NSA put into their FoxAcid Tor redirects, but it benefits from running one or more high-bandwidth, high-performance, high-uptime Tor relays.

The forensic interest in quite how international cybercrime initiative ‘Operation Onymous’ defied Tor’s obfuscating protocols to expose hundreds of ‘dark net’ sites, including infamous online drug warehouse Silk Road 2.0, has led many to conclude that the core approach to deanonymisation of Tor clients depends upon becoming a ‘relay of choice’ – and a default resource when Tor-directed DDOS attacks put ‘amateur’ servers out of service.

Source: http://thestack.com/chakravarty-tor-traffic-analysis-141114

[Israeli_Eagle]

Hmmmm... And how safe would it be via DD-WRT router via OpenVPN (UDP) via TOR? B)

[steven36]

Well one of my sites i visit to do with privacy have always recommenced to only use tor with a vpn . Because if the vpn dont log they have no record that it was really you when your in a honeypot with a lot of users it could been anyone . Once you use a VPN even your own internet cant read the data . I never trusted Tor alone I been behind a VPN since 2012 . :)

[Israeli_Eagle]

Well one of my sites i visit to do with privacy have always recommenced to only use tor with a vpn . Because if the vpn dont log they have no record that it was really you when your in a honeypot with a lot of users it could been anyone . Once you use a VPN even your own internet cant read the data . I never trusted Tor alone I been behind a VPN since 2012 . :)

Yep, I also do that already since 2011. :)

[capt_blake]

Well one of my sites i visit to do with privacy have always recommenced to only use tor with a vpn . Because if the vpn dont log they have no record that it was really you when your in a honeypot with a lot of users it could been anyone . Once you use a VPN even your own internet cant read the data . I never trusted Tor alone I been behind a VPN since 2012 . :)

Valuable info. I just wanted to ask you: would you tell me what is the privacy oriented website you follow, that has recommended to only use Tor via a VPN?

I am simply “collecting” security-focused websites - to read and inform myself on daily basis.

One I love, for example, is http://thehackernews.com/

Thanks and cheers!

**