The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.
There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.
Tor developers are now designing the system in such a way that many people can verify if code has been changed and “eliminate single points of failure,” wrote Mike Perry, lead developer of the Tor Browser, on Monday.
Over the last few years, Tor has concentrated on enabling users to take its source code and create their “deterministic builds” of Tor that can be verified using the organization’s public cryptographic keys and other public copies of the application.
“Even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue,” Perry wrote. “From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered.”
Two cryptographic keys would be required for a tampered version of the Tor Browser to be distributed without at least initially tripping security checks: the SSL/TLS key that secures the connection between a user and Tor Project servers plus the key used to sign a software update.
“Right now, two keys are required, and those keys are not accessible by the same people,” Perry wrote in a Q&A near the end of the post. “They are also secured in different ways.”
Even if an attacker obtained the keys, in theory people would be able to check the software’s hash and figure out if it may have been tampered with.
Apple is fighting a federal court’s order to create a special version of iOS 9 that would remove security protections on an iPhone 5c used by Syed Rizwan Farook, one of the San Bernardino mass shooters.
A ruling against Apple is widely feared by technology companies, as it could give the government wider leverage to order companies to undermine encryption systems in their products.
On Monday, the Justice Department indicated it is investigating an alternative method to crack Farook’s iPhone, which if successful would not require Apple’s assistance.
Perry wrote that the Tor Project stands “with Apple to defend strong encryption and to oppose government pressure to weaken it. We will never backdoor our software.”
Tor, short for The Onion Router, is a network that provides more anonymous browsing across the Internet using a customized Firefox Web browser. The project was started by the U.S. Naval Research Laboratory but is now maintained by the nonprofit Tor Project.
Web browsing traffic is encrypted and routed through random proxy servers, making it harder to figure out the true IP address of a computer. Tor is a critical tool for activists and dissidents, as it provides a stronger layer of privacy and anonymity.
But some functions of Tor have also been embraced by cybercriminals, which has prompted interest from law enforcement. Thousands of websites run as Tor “hidden” services, which have a special “.onion” URL and are only accessible using the customized browser.
The Silk Road, the underground market shut down by the FBI in October 2013, is one of the most famous sites to use the hidden services feature.