Researchers Say They Peeled the Onion Router
Researchers in the U.S. say they've successfully shown how attackers could compromise a network designed to make it harder to trace Internet surfers and the Web sites they are viewing.
The researchers, from the University of Colorado in Boulder, focused their efforts on The Onion Router (Tor) network. Tor software enables the creation of networks of servers that can send traffic over many different routes, masking its original source.
The network offers users a greater degree of anonymity, since Web sites record the IP (Internet protocol) address of visiting machine, which could be linked to an individual user. Tor's creators say they were aware of the research, but using the network is still effective.
The researchers, who consulted Tor project officials during their work, wrote on their Web site that they still feel it's the "most secure and usable privacy-enhancing system available." But the paper outlines the privacy concerns that could arise from using the techniques.
"For example, law enforcement officers might use our techniques to cheaply and realistically track online predators," according to the paper. "The RIAA (Recording Industry Association of America) and other organizations might use our techniques to link Web or torrent requests to their corresponding requesters."
For the experiment, the researchers constructed their own isolated Tor network using 66 servers. They placed malicious servers within the network that were designed to draw a substantial portion of routing requests by misrepresenting their bandwidth capability.
Then the researchers used an algorithm to link the "path" of a Web site request. More than 46 percent of the time, the paths could be calculated, revealing the source of the traffic, the paper said.
But several attacks against Tor have been developed, wrote Shava Nerad, Tor's executive director, on the project's blog.
"We have never seen such an attack 'in the wild,' and we think it no more likely that this paper would make such an attack easier or more likely than it was a few years ago when another version of it was documented," Nerad wrote.
The Tor platform has been incorporated into applications such as Torpark, a browser based on Firefox that causes a computer's IP address to appear to regularly change.