In a traffic confirmation attack, the attacker controls or observes the relays on both ends of a Tor circuit and compares traffic timing, volume or other characteristics to discover whether the two relays are on the same circuit. The attackers are believed to have used a combination of a traffic confirmation attack and a Sybil attack. The attack might aid other attackers in deanonymizing Tor users, the project cautioned. This would let the attackers learn the location of hidden services and, in theory, link users to their destinations on normal Tor circuits, although this was unlikely because the operators did not operate any exit relays. The attack also probably tried to learn who9 published hidden service descriptors, Tor said. On July 4, the Tor Project found a group of relays that were trying to deanonymize people who operate or access Tor hidden services by modifying Tor protocol headers to conduct traffic confirmation attacks. “If you were using Tor for classified communications and data, this could be very serious,” he told TechNewsWorld. “So much for being secure,” remarked Jim McGregor, principal analyst at TIrias Research. Hidden service operators should consider changing the location of their service, the Tor Project said. The Tor Project posted has advised relays to upgrade to Tor 0.2.r.23e or 0.2.5.6-alpha to close the protocol vulnerability used by the researchers, but It warned that preventing traffic confirmation in general “remains an open research problem.” News that two Carnegie-Mellon CERT researchers have developed an inexpensive way to breach the Tor network has the project, privacy advocates, and probably criminals who use the network equally concerned.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |