TOR is the benchmark
in providing Internet privacy through anonymous services. Developed by the US Navy, it uses onion
routing - embedding each packet within a new packet at each router hop, so that each
device only ever knows its immediate neighbours (sender and receiver) and hence never
knows the packet's true origination and destination. TOR is typically utilised to browse the
Internet anonymously, but is also used by the military (that is what is was
designed for) and media to avoid censorship and protect sources. Snowden is
believed to be a supporter of the TOR network [1].
However, TOR is not without
its problems. Worried governments believe TOR to be synonymous with the
Dark Web and all things evil, such as, what used to be the Silk Road [2]. This has made TOR a key target for US [3], UK [4] and other governments. In 2014, Russia
made a high profile offer of £65,000 to anyone who is able to identify TOR users [5];
even though certain institutions claim to be able to do this already. For example, in
2012 an FBI sting called Operation Torpedo which targeted dark web users was
supposed to use Metasploit to identify TOR users [6]. The NSA is rumoured to have cracked older
versions of TOR (TOR 2.3) [7] by monitoring TOR exit nodes and cracking Diffie-Hellman keys. Newer versions of TOR use much stronger elliptical-curve Diffie-Hellman keys. Researchers in 2014 claimed to have found a vulnerability that identifies 81% of TOR clients [8] [9] by using the NetFlow protocol and statistical correlation of client-side and server-side traffic perturbations. TOR is also said to be vulnerable to timing attacks (regardless of the difficulty in actually executing such an attack), leading researchers and academics
to develop an advanced TOR client called Astoria [10] to try to minimise the risk of such attacks. It has been made public that back in 2012 the Department of Defense provided TOR with $876,099, however TOR’s executive director Andrew Lewman has said that the intelligence agency has not requested a backdoor into the system [7]. TOR users be warned, apparently using TOR
and email encryption increases the chance that the NSA will monitor you [11], even
if they don’t actually know what you are saying.
Another drawback of TOR is its
speed, or lack of. Anyone who has used TOR will have experienced a (sometimes significant) time lag when
browsing the Internet, imploring TOR to suggest users modify behaviour
accordingly. Help might be available on the speed front as researchers have recently developed HORNET, a high
speed onion ring network [12] [13], admitting that, like TOR, this might not be immune to
attack.
TOR will continue to remain pivotal in the argument both for and against privacy. Bruce Schneier said that
Government and industry have betrayed the internet and us: "By
subverting the internet at every level to make it a vast, multi-layered and
robust surveillance platform, the NSA has undermined a fundamental social
contract."
[5] http://arstechnica.com/security/2014/07/russia-publicly-joins-war-on-tor-privacy-with-111000-bounty/
[11] http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/
[12] http://arstechnica.co.uk/information-technology/2015/07/researchers-claim-theyve-developed-a-better-faster-tor/
[12] http://arstechnica.co.uk/information-technology/2015/07/researchers-claim-theyve-developed-a-better-faster-tor/
No comments:
Post a Comment