Tor is excellent at doing what the software is designed to do. The public has no alternative that provides the level of anonymity that Tor presents. However, with many of the recent threats to the network’s security, researchers are working on a next generation Tor that can withstand the attacks of the future.
According to Ars Technica, the US Naval Research Laboratory (NRL) conducted an analysis in 2013 concluding that “80 percent of all types of users may be de-anonymised by a relatively moderate Tor-relay adversary within six months.” For those of you who do not remember, Tor was developed by the NRL and continues to be funded by the US government.
The lead author behind the 2013 analysis, Aaron Johnson of the NRL, does not hold this potential de-anonymisation against Tor. Instead, he references that it was never designed to be completely impenetrable to the most powerful opposition. “It may be that people’s threat models have changed, and it’s no longer appropriate for what they might have used it for years ago, Tor hasn’t changed, it’s the world that’s changed.”
Nick Mathewson, the co-founder of Tor explains that “Tor-relay adversaries” are not currently the greatest threat to the network:
No adversary is truly global, but no adversary needs to be truly global. Eavesdropping on the entire Internet is a several-billion-dollar problem. Running a few computers to eavesdrop on a lot of traffic, a selective denial of service attack to drive traffic to your computers, that’s like a tens-of-thousands-of-dollars problem.
Current threats against Tor are real. Virtually anyone can run nodes. If an attacker runs two malicious Tor nodes—one entry, one exit—a very small percentage of users could be de-anonymised. As Mathewson describes, however, completely de-anonymising the entire network in such a fashion would require massive resources.
Future threats are much more threatening. Both researchers and developers are working on producing software that could either replace or strengthen Tor.
Mathewson explains that the most difficult hurdle to overcome in making Tor more secure is finding the sweet spot between anonymity and usability. The network was optimized for low-latency, TCP-only traffic. This results in basic web browsing being the primary function of the Tor Browser Bundle. Tor becomes more secure when a greater number of people use the software because identifying a specific user’s traffic becomes much more burdensome. However, in order to make the Tor Browser Bundle operate at a speed that promotes use by the general public, sacrifices had to be made. The speed Tor operates, while already slow, required a compromise in the level of privacy provided.
There are plenty of places where if you’re willing to trade off for more anonymity with higher latency and bandwidth you’d wind up with different designs. Something in that space is pretty promising. The biggest open question in that space is, ‘what is the sweet spot?’ Is chat still acceptable when we get into 20 seconds of delay? Is e-mail acceptable with a five-minute delay? How many users are willing to use that kind of a system?
Security researchers have gotten to the point where significantly more secure systems are very possible yet are not close to being ready for the end user. While Tor is not standing still in development or going away any time soon, Ars Technica reached out to the developers of five projects that could potentially grow to replace Tor.
Herd is a VOIP network that the project leader Stevens Le Blond describes as “Signal without the metadata.” Le Blond is a research scientist at the Max Planck Institute for Software Systems (MPI-SWS) in Germany. He, as well as his colleagues from the US, have received $500,000 from The National Science Foundation to work on deploying Herd by 2017.
Herd is unique from Tor in the sense that the network does not require a certain number of users to be anonymous. The Herd network pads the traffic with “chaff” which is essentially random, useless internet noise that makes a user’s traffic indistinguishable.
Le Blond says “Aqua and Herd attempt to reconcile efficiency and anonymity by designing, implementing, and deploying anonymity networks which provide low latency and/or high bandwidth without sacrificing anonymity.”
David Lazar, the project leader of Vuvuzela and Alpenhorn, claims both of the chat applications will offer anonymous, metadata-free chat that is superior to anything available today. Unlike some of the most secure chat applications we currently have access to, both applications will be built on an entirely new platform. “Vuvuzela is a new design that protects against traffic analysis and has formalised privacy guarantees,” says Lazar.
“Our experiments show that Vuvuzela and Alpenhorn can scale to millions of users and we’re currently working on deploying a public beta.”
The network and applications were developed by a team of researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL). Alpenhorn, the second generation of the product, aims to encrypt the metadata that it can and simultaneously add noise to the metada that it can’t encrypt. The software uses differential privacy to decipher how much privacy can be provided and how much is required.
“We are currently working on the final version of the Alpenhorn paper and on making the Vuvuzela and Alpenhorn code ready for production. In the meantime, users can sign up to our e-mail list for updates on our progress,” Lazar writes.
A beta version of the software will be presented at the 2016 Usenix Symposium on Operating Systems Design and Implementation (OSDI) in November.
Dissent is making a splash in the security community for being, in some ways, the opposite of Tor. The project doesn’t differ from Tor in the overall aim of security and privacy for the end user; it trades the usability that Tor offers for a much more secure environment.
The Dissent Project is based on a dining cryptographers algorithm, or “DC-net.” When the DC-net is combined with a “verifiable-shuffle algorithm,” the software becomes the most anonymous design under current research.
In stark contrast to the way Tor operates, Dissent is high latency and low bandwidth. The optimal use is one that does not need any quick interaction. When one client broadcasts a message on the DC-net, all other connected clients must broadcast one at the same time and of the same size. Since such a process requires a large bandwidth-overhead, the current project is only scale-able to a few thousand users.
Bryan Ford, the project leader, says his team is working on a way to improve the efficiency of the platform to broaden the user-base.
Dissent is not available yet as a complete system but parts of the project are available on Github. “Unfortunately none of this code is really ready for users who want a full ‘anonymity system’ to play with,” the project leader says, “but strong hacker-types who might want to help us further develop the pieces and/or help us put them together into usable applications are of course welcome to try them and get in touch.”
When Riffle was first introduced by Albert Kwon, a graduate student at MIT and the lead researcher of the project, many believed the software could replace Tor. Instead, because of the way Riffle is built, it could complement Tor by making it faster for users to securely share large files.
“[Riffle is] not a replacement for Tor but complementary to Tor. We have a very different goal. Our goal is to provide the strongest level of practical anonymity we could think of,” says Kwon. The project is being developed to make it safer for journalists and whistleblowers to share large files with publishers, contrary to claims that Riffle was designed to encourage copyright infringement.
The project was inspired by Dissent but forgoes the DC-net cryptography allowing the software to have greater flexibility.
Riffle uses three main types of encryption, according to an article we previously wrote:
The first is onion wrapping, which is fairly well known as the encryption Tor is famous for using. Second is something called verifiable shuffle, a technique designed to be a counter-defense against intrusive code. It should also be able to provide public proof of accuracy without revealing the secret key. And the third security measure revealed by the press release was authentication encryption for verifying a message was indeed the message it claimed to be.
Kwon says that he plans on releasing an alpha prototype “next semester.”
Riposte, like Riffle, was inspired by Dissent. In order to streamline the project and allow Riposte to be incredibly efficient, the software is designed for only one purpose: micro-blogging.
Henry Corrigan-Gibbs, a graduate student at Stanford’s Applied Crypto Group and Riposte’s lead researcher says “This is an example of where, if you’re willing to tailor your system design to an application, you can get much better performance. You can’t solve all the problems at the same time.”
Riposte is capable of handling millions of users, in theory. With the ability to scale to such a large number of clients comes the thematic trade-off: high latency. Corrigan-Gibbs says that the high latency would possibly allow Riposte to function as a service similar to Twitter yet maintaining anonymity. The project has resistance to traffic analysis and to disruption attacks by malicious clients.
“Low-latency anonymity is inherently problematic when you’re looking at an adversary that is able to see large parts of—or the interesting parts of—the network,” he explains.
Corrigan-Gibbs has no interest in releasing the network on its own but hopes to integrate some of the ideas from the project into current “existing communication platforms for privacy-sensitive users.”
All five projects are yet to be available to the public, and some of them may never be. However, the presence of such research indicates that the world of cybersecurity may be prepared for the next generation of privacy invasion that could render Tor useless.