There are several versions of Privacy software that implement additional layers in this process. One of the most notable options is The Onion Router, or Tor. Onion routing has been in development for years, undergoing academic studies, public implementation and funding by the United States Government. In the context of our previous scenario, multiple envelopes are used for a single piece of mail. The sender utilizes four or more envelopes, selecting trusted intermediary parties and filling out the proper to and from addresses for all of these envelopes and enclosing each in a successive envelope. Sending the mail, the USPS delivers the mail to the first address. Once it arrives, the first intermediary opens the first envelope only to reveal another envelope. They then send the mail through the USPS to the second intermediary, which again opens another envelope to reveal yet another envelope. Again it is sent through the USPS, this time to the third intermediary. Once arrived, the third intermediary then opens an envelope to reveal the final destination and sends it on its way. This is termed onion routing because it is similar to peeling pack layers of an onion in communication. The reply in communication is then wrapped in four or more envelopes, reversing the order of the addresses and works its way back to the original sender. This process continues for each communication.
To establish a definite path, a single entity would need to have insight to each one of the locations, and even then, the communication could be coded in manner only understandable to the sender and recipient (termed encryption in the computer science world). There are however many ways to make the identities known. For example, a site could request direct communication outside of the Tor communication line, similar to asking for a direct overnight Fedex complete with a from address, possibly to an additional, and perhaps unauthorized, entity. In computer terms, an attacker could insert code to utilize something like a JavaScript or Flash exploit, sometimes unbeknownst to the person hosting the web site. There are ways around this specific exploit though, such as disabling JavaScript and/or Flash, or forcing all internet traffic through Tor, with an implementation similar to that used by Whonix.
When larger players, such as the National Security Administration (NSA), become interested in Tor users and service providers, things get a bit more interesting and complicated. Setting their Tailored Access Operations unit loose and hosting a large number of Tor related components, they can place wait upon entire sections of the internet to uncover who is sending content where, even without a compromised server. Going back to our previous example, since postage is not a concern for the United States Government, the NSA can learn potential first intermediaries of a sender from records of the USPS and then flood those addresses with fraudulent mail. All intermediary parties have a limited capacity for sorting and tracking this mail, so when they become overburdened, they effectively shutdown, forcing the sender to go else where. This can be done repeatedly until the sender stumbles upon an NSA run intermediary. Although the sender is not forced to send through this intermediary, some do it unwittingly. Tracking traffic through the USPS, they can then identify the common final intermediaries for a target recipient, again effectively shutting down all of these intermediaries and forcing preference to an NSA run intermediary. Having forced preference of use for the first and last intermediaries, the NSA can then use traffic analysis to determine if a sender may be communicating with a recipient. This is similar to tracking the number of days for a sent letter to be received, then tracking the number of days of a reply. Given enough communications, it is only a matter of time before a level of certainty is established for links between senders and recipients. Below is a lolcat from an NSA presentation on their QUANTUM attack suite, although unrelated directly to this specific attack, shows the attitude of the NSA in regards to similar efforts.
The most apparent mitigation scheme in this scenario would to only utilize intermediaries that you trust, although this can become difficult with global efforts sometimes taking place to take down Tor users and services. Some governments and organizations have a track record of rejecting cooperation requests, although this does not necessarily mean that there are not other methods of identifying users and service administrators. Although requests have been made for information on how organizations such as the Federal Bureau of Investigation have come about seizing servers, the developers of Tor remain unsure of exactly how this was done and, without this information, are left only with best guesses.
Although Edward Snowden leaked documents stating that the NSA has made several failed attempts at cracking the core security of Tor, it is apparent that given enough motivation and perhaps a stroke of luck in operational or user configuration errors, that the NSA can identify users and service providers on the Tor network. More than likely, this is the case with all privacy software, with Tor being the more developed and vetted of the choices.
No comments:
Post a Comment