Changes between Version 28 and Version 29 of TorWeeklyNews/2014/41


Ignore:
Timestamp:
Oct 15, 2014, 2:59:02 PM (4 years ago)
Author:
harmony
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/41

    v28 v29  
    55'''Subject:''' Tor Weekly News — October 15th, 2014
    66
    7 '''Status:''' Frozen. Technical and language fixes only; new items should go in [wiki:TorWeeklyNews/2014/42 next week's issue].
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                       October 15th, 2014
    12 ========================================================================
    13 
    14 Welcome to the forty-first issue in 2014 of Tor Weekly News, the weekly
    15 newsletter that covers what’s happening in the Tor community.
    16 
    17 Academic research into Tor: four recent studies
    18 -----------------------------------------------
    19 
    20 Major contributions to the development and security of Tor are often
    21 made by academic researchers, either in a laboratory setting using
    22 network simulators like Shadow [1], or through measurement and analysis
    23 of the live network itself (taking care not to harm the security or
    24 anonymity of clients and services). Different aspects of Tor’s
    25 networking and security, from path selection to theoretical attacks,
    26 have been analysed in three recently-published studies.
    27 
    28 Otto Huhta’s MSc thesis [2] investigates the possibility that an
    29 adversary in control of a non-exit relay could link two or more Tor
    30 circuits back to the same client based on nothing more than timing
    31 information. As Otto explained [3], “this is mainly the result of the
    32 fixed 10 minute circuit lifetime and the fact that the transition to
    33 using a new circuit is quite sharp.” With the help of a machine
    34 classifier, and the fact that any one client will build its circuits
    35 through a fixed set of entry guards, the study suggested that such an
    36 adversary “can focus only on circuits built through these specific nodes
    37 and quite efficiently determine if two circuits belong to the same
    38 user.” There is no suggestion that this knowledge alone poses a serious
    39 deanonymization risk to clients; however, wrote Otto, “our goal was not
    40 to ultimately break the anonymity of any real user but instead to expose
    41 a previously unknown threat so that it can be mitigated before anyone
    42 actually devises an attack around it.”
    43 
    44 Steven Murdoch published a paper [4] on the optimization of Tor’s node
    45 selection probabilities showing, in Steven’s words [5], “that what Tor
    46 used to do (distributing traffic to nodes in proportion to their
    47 contribution to network capacity) is not the best approach.” Prior to
    48 publication of the study, “Tor moved to actively measuring the network
    49 performance and manipulating the consensus weights in response to
    50 changes. This seems to have ended up with roughly the same outcome. […]
    51 However, the disadvantage is that it can only react slowly to changes in
    52 network characteristics.”
    53 
    54 Sebastian Urbach shared [6] a link to “Defending Tor from Network
    55 Adversaries: A Case Study of Network Path Prediction” [7], in which the
    56 researchers analyze the effect of network features like autonomous
    57 systems [8] and Internet exchanges [9] on the security of Tor’s path
    58 selection, finding that “AS and IX path prediction significantly
    59 overestimates the threat of vulnerability to such adversaries”, and that
    60 “the use of active path measurement, rather than AS path models” would
    61 be preferable “in further study of Tor vulnerability to AS- and IX-level
    62 adversaries and development of practical defenses.”
    63 
    64 Meanwhile, Philipp Winter took to the Tor blog [10] to summarize some
    65 new findings concerning the the way in which the Chinese state Internet
    66 censorship system (the “Great Firewall of China”) acts upon blocked
    67 connections, like those trying to reach Tor, as detailed in a recent
    68 project [11] to which he contributed. Searching for spatial and temporal
    69 patterns in Chinese censorship activity, the researchers found that
    70 “many IP addresses inside the China Education and Research Network
    71 (CERNET) are able to connect” to Tor in certain instances, while the
    72 filtering of other networks — centrally conducted at the level of
    73 Internet exchanges — “seems to be quite effective despite occasional
    74 country-wide downtimes”.
    75 
    76 Each of these studies is up for discussion on the tor-dev mailing
    77 list [12], so feel free to join in there with questions and comments for
    78 the researchers!
    79 
    80   [1]: https://shadow.github.io/
    81   [2]: http://www0.cs.ucl.ac.uk/staff/G.Danezis/students/Huhta14-UCL-Msc.pdf
    82   [3]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007517.html
    83   [4]: http://www.cl.cam.ac.uk/~sjm217/papers/#pub-el14optimising
    84   [5]: https://lists.torproject.org/pipermail/tor-dev/2014-October/007601.html
    85   [6]: https://lists.torproject.org/pipermail/tor-relays/2014-October/005434.html
    86   [7]: http://arxiv.org/pdf/1410.1823v1.pdf
    87   [8]: https://en.wikipedia.org/wiki/Autonomous_System_%28Internet%29
    88   [9]: https://en.wikipedia.org/wiki/Internet_exchange_point
    89  [10]: https://blog.torproject.org/blog/closer-look-great-firewall-china
    90  [11]: http://www.cs.unm.edu/~royaen/gfw/
    91  [12]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
    92 
    93 Miscellaneous news
    94 ------------------
    95 
    96 Michael Rogers submitted [13] patches against tor and jtorctl, making
    97 two improvements to the performance of mobile hidden services: one
    98 “avoids a problem where we'd try to build introduction circuits
    99 immediately, all the circuits would fail, and we'd wait for 5 minutes
    100 before trying again”, and the other “ [adds] a command to the control
    101 protocol to purge any cached state relating to a specified hidden
    102 service”.
    103 
    104  [13]: https://lists.torproject.org/pipermail/tor-dev/2014-October/007590.html
    105 
    106 Karsten Loesing published [14] a “non-functional” mock-up [15] of a
    107 possible redesign for the Tor Metrics portal, with notes on design
    108 decisions: “Feedback much appreciated. This is the perfect time to
    109 consider your ideas.”
    110 
    111  [14]: https://lists.torproject.org/pipermail/tor-dev/2014-October/007605.html
    112  [15]: https://kloesing.github.io/metrics-2.0/
    113 
    114 Jeremy Gillula analyzed data relating to Tor node churn found in Tor
    115 consensuses for September 2014, and found [16] that “on average, 0.003%
    116 of nodes switch from being relay nodes to exit nodes in any given 1-hour
    117 period, and 0.002% switch from being exit nodes to relay nodes”.
    118 
    119  [16]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035207.html
    120 
    121 Noel Torres [17] and Andrew Lewman [18] sent their status reports for
    122 September. Roger Dingledine also sent out the report for SponsorF [19].
    123 
    124  [17]: https://lists.torproject.org/pipermail/tor-reports/2014-October/000674.html
    125  [18]: https://lists.torproject.org/pipermail/tor-reports/2014-October/000676.html
    126  [19]: https://lists.torproject.org/pipermail/tor-reports/2014-October/000675.html
    127 
    128 Greg Norcie wondered [20] why the interval at which Tor switches to
    129 using a new circuit was set at ten minutes, and Nick Mathewson
    130 responded [21] that after the original period of thirty seconds was
    131 found to be unworkable, the new number was selected in 2005 “more or
    132 less intuitively”. Paul Syverson added [22] that the choice was “an
    133 informed one”, taken after “a bunch of discussions concerning the
    134 trade-offs between the overhead of the public-key operations of circuit
    135 building and the pseudonymous profiling occurring at an exit”.
    136 
    137  [20]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035212.html
    138  [21]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035213.html
    139  [22]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035217.html
    140 
    141 Both Tor and Tails received their first cinematic credits [23] with the
    142 première of “CITIZENFOUR” [24], a documentary film concerning the recent
    143 disclosure of intelligence documents by Edward Snowden. Eagle-eyed
    144 viewers might spot a well-known hostname in the film’s trailer… [25]
    145 
    146  [23]: https://twitter.com/postessive/status/520956478287777792
    147  [24]: https://citizenfourfilm.com/
    148  [25]: https://www.youtube.com/watch?v=XiGwAvd5mvM
    149 
    150 WhonixQubes reported [26] on progress in many areas of the Whonix+Qubes
    151 project, which as the name implies is a combination of the Whonix [27]
    152 and Qubes [28] operating systems. Among other things, the system now
    153 supports Whonix 9, a community forum has been set up, and greater
    154 upstream integration is being discussed.
    155 
    156  [26]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035211.html
    157  [27]: https://www.whonix.org/
    158  [28]: https://www.qubes-os.org/
    159 
    160 News from Tor StackExchange
    161 ---------------------------
    162 
    163 "What happens when Tor always chooses the same path?" asks Mark [29] and
    164 wants to know which weaknesses this exposes. User194 believes that this
    165 would prevent a “predecessor attack” and make the system stronger, while
    166 Lisbeth writes: “This makes your entire traffic highly fingerprintable
    167 as compared to a standard random path. If your connections always used
    168 A, B, and C nodes, it is statistically unlikely that many other people
    169 are consistently using that same path, therefore it’s very easy to
    170 correlate your traffic to your originating IP.”
    171 
    172  [29]: https://tor.stackexchange.com/q/3689/88
    173 
    174 Muncher visited a website [30] which asked to add HidServAuth into the
    175 torrc and wants to know if it is safe to do so [31]. Jeff recommended
    176 that this is safe because it doesn’t divulge anything about the identity
    177 of a user. Mirimir furthermore referred to a question where adrelanos
    178 looks for documentation [32].
    179 
    180  [30]: https://secure.sw.gs:419/aaw/publist/adblock.html
    181  [31]: https://tor.stackexchange.com/q/3226/88
    182  [32]: https://tor.stackexchange.com/q/219/88
    183 
    184 Upcoming events
    185 ---------------
    186 
    187  Oct 15 13:30 UTC | little-t tor development meeting
    188                   | #tor-dev, irc.oftc.net
    189                   |
    190  Oct 17 17:00 CET | OONI development meeting
    191                   | #ooni, irc.oftc.net
    192                   |
    193  Oct 20 18:00 UTC | Tor Browser online meeting
    194                   | #tor-dev, irc.oftc.net
    195                   |
    196  Oct 21 17:00 UTC | little-t tor patch workshop
    197                   | #tor-dev, irc.oftc.net
    198                   |
    199  Oct 23 10:10 CET | Andrew @ Broadband World Forum
    200                   | Amsterdam, Netherlands
    201                   | http://broadbandworldforum.com/agenda/day-3/#81301
    202 
    203 
    204 This issue of Tor Weekly News has been assembled by Lunar, qbi, and
    205 Harmony.
    206 
    207 Want to continue reading TWN? Please help us create this newsletter.
    208 We still need more volunteers to watch the Tor community and report
    209 important news. Please see the project page [33], write down your
    210 name and subscribe to the team mailing list [34] if you want to
    211 get involved!
    212 
    213  [33]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    214  [34]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    215 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-October/000067.html Sent].