Researchers from the Massachusetts Institute of Technology (MIT) discovered a vulnerability στο Tor η οποία, αν αξιοποιηθεί, θα μπορούσε να αποκαλύψει κρυφές services of the application with up to 88% accuracy.
Ερευνητές από το MIT και από το Qatar Computing Research Institute (QCRI) κατάφεραν να παραβιάσουν την ανωνυμία του δικτύου Tοr. Η study τους θα παρουσιαστεί στο Usenix Security Symposium που θα πραγματοποιηθεί φέτος το καλοκαίρι.
Researchers have shown that an attacker can secretly enter the server, or access the information of a specific Tor user. This is possible, according to the researchers, to analyze the traffic patterns of encrypted data passing through a computer located on the Tor network.
Tor comes from the initials of "The Onion Router." Onion, meaning onion, is a parabolic word used to indicate how the service works, wrapping each communication in various layers of encryption (like the onion). This supposedly does not allow information to be disclosed without going through all the layers of encryption.
Hidden services now are websites that use the Tor network to protect itself in a similar way that the network protects users.
For Tor network to work, computers need to exchange a large amount of data when creating a connection to a hidden service.
The researchers showed that by simply looking for the patterns of the number of packets passing in each direction through a secret "guard" service, a machine learning algorithm could determine the circuit with 99% accuracy. ”
So the researchers were able to decipher data through the association of traffic.
Επιπλέον, είχαν τη δυνατότητα να συνδεθούν με μια σειρά από διαφορετικές κρυμμένες υπηρεσίες αποδεικνύοντας ότι με μια παρόμοια ανάλυση των traffic streams they could identify the services in question with 88% accuracy.
David Goulet, developer of the ToR project, said:
"At the moment we are considering countermeasures for a possible improvement of the secret services, but I think we need more concrete evidence to determine the issue."
The full press release of the MIT for the study of MIT and QCRI is available from the link below.