The Tor network is one of the more popular methods of achieving anonymity on the web – used by activists in authoritarian regimes, those seeking privacy for sensitive searches, as well as criminals hiding their activity – but it is known that that the anonymity achieved is not absolute with the Tor Project itself reporting attacks.
Now in what is believed to be a first, computer scientists from the Saarland University in Germany have developed a program that they say can measure the anonymity of a user's connection within the Tor network.
The scientists will be demonstrating their method at CeBit exhibition in Germany (Hall 9, Booth E13) using real-time data from the Tor network, examining a wide range of possible attackers
So far this year some two million people have used Tor to anonymise their online search activity, their identity and that of those they send data to. Tor allows users to establish a connection that is then upheld through its own network comprising up to 6,000 servers or nodes, mostly run by volunteers. Each node receives the minimum amount of data necessary to relay the information in question making it more difficult to de-anonymise both the transmitter and the recipient of the data.
“The Tor network isn't perfect, however,” says Esfandiar Mohammadi, a researcher at the Research Center for IT Security, CISPA, and a doctoral candidate at the Graduate School for Computer Science in Saarbrücken. “For one, unanticipated attacks at a network level can endanger anonymity. Also, the degree of anonymity the network achieves is highly variable, since volunteers don't necessarily operate their nodes continually or regularly,” says Mohammadi.
In collaboration fellow Saarbrücken researcher Sebastian Meiser, Mohammadi developed a program that is said to provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network.
“An attacker that compromises Tor servers can derive the identity of a user with a certain probability. This is exactly what our system calculates,” Meiser explains. The researchers based their technique, which they named “MATor”, on a mathematical model that they extended to include different categories of possible attacks. “In order to indicate the probability of de-anonymisation, our program performs its calculations using data that is aggregated once an hour and published on the network immediately. MATor also takes the specifics of the respective Internet connection into account, as well as the individual configurations of the Tor software,” Meiser says. This feature is also intended as a basis for a ‘plugin' extension program for the Tor Browser software that the researchers now want to develop. Integrated into the Tor software, this plugin could run in the background and notify users as soon as their connection became too unsafe.
The move will likely not be welcomed by those agencies seeking to combat anonymity on the web, including the Russian Ministry of Internal Affairs (MVD) which offered a £64,600 reward to anyone who could find a way of identifying and tracking users of the anonymous Tor network.