Professor Sambuddah Chakravarty, from the Indraprastha Institute of Information Technology in Delhi, reported the finding in a research paper entitled On the Effectiveness of Traffic Analysis Against Anonymity Networks using Flow Records.
"A powerful adversary can mount traffic analysis attacks by observing similar traffic patterns at various points of the network, linking together otherwise unrelated network connections," read the paper.
The specific network analysis technique used in the research reportedly works by "identifying pattern similarities in the traffic flows entering and leaving the Tor network using statistical correlation".
Chakravarty's research team reported that tests on a public Tor relay showed the technique could identify most users.
"Our method revealed the actual sources of anonymous traffic with 100 percent accuracy for the in-lab tests, and achieved an overall accuracy of about 81.4 percent for the real-world experiments, with an average false positive rate of 6.4 percent," read the paper.
The research caused concerns in the Tor community and led project member 'Arma' to publish a blog post allaying their fears.
The post pointed out that the Tor Project has been aware of the threat posed by network analysis attacks and has already implemented adequate safety measures.
"People are starting to ask us about a recent tech report from Sambuddah's group about how an attacker with access to many routers around the internet could gather the netflow logs from these routers and match up Tor flows," read the post.
"It's great to see more research on traffic correlation attacks, especially on attacks that don't need to see the whole flow on each side. But it's also important to realise that traffic correlation attacks are not a new area."
The research follows wider concerns about possible security holes in the Tor network after law enforcement agencies successfully tracked and shut down several dark web services earlier in November.
The method used by law enforcement to track the services remains unknown, although Arma said it is unlikely that the agencies used traffic analysis attacks.
"We don't have any reason to think that this attack, or one like it, is related to the recent arrests of a few dozen people around the world," read the post.
No comments:
Post a Comment