back to article Tor onion hardening will be tear-inducing for feds

The University of California wants to defeat deanonymisation with a hardened version of the Tor browser. The uni boffins are with the Tor Project testing an address space layout randomisation (ASLR) -esque technique dubbed Selfrando. It is hoped the technique described in the paper Selfrando: Securing the Tor Browser against …

  1. Mark 85 Silver badge

    I wish them luck in this.

  2. Paul Crawford Silver badge

    Apparmor?

    If Firefox is run under an apparmor profile would that achieve much the same?

    After all that is what CESG recommend:

    https://www.cesg.gov.uk/guidance/end-user-devices-security-guidance-ubuntu-1404-lts

  3. Anonymous Coward
    Anonymous Coward

    How does making the network layer more anonymous help...

    ... if the person then connects to a Website hosting malware written by the government that passes info on your real IP address and MAC from your PC to them.

    1. Anonymous Coward
      Anonymous Coward

      Re: How does making the network layer more anonymous help...

      The malware would have to install and run locally on your PC. Obviously there are a number of security issues they could take advantage of which have been patched but anyone running an up to date tor browser should be protected against known malware.

      Therefore the government would have to use their super-secret zero day stuff. This is quite risky as a blanket campaign (as opposed to targeting a specific PC) as it wouldn't be long before it was detected and decompiled and the zero-day would be closed down, costing the TLA a lot of money to find a new one and reducing their cyber-espionage stockpile.

      1. Anonymous Coward
        Anonymous Coward

        Re: How does making the network layer more anonymous help...

        Unless the person is running a web browser and o.s with NO vulnerabilities, known or yet to be found, then the risk is real and present.

        Every month a new browser, add-on or o/s vulnerability is found - they exist even when not found (or declared to have been found).

        It's very easy for a website to detect if a person is connecting from a TOR or specific browser, and only then unleash the malware content to run and capture that persons details (such as real IP, etc).

        There is no need to 'break TOR' to find out who someone is - just compromise one of the websites they visit, and wait for them to drive by. This is what the FBI did.

      2. Baldy50

        Re: How does making the network layer more anonymous help...

        Tor's security settings can be hardened and are set to a low level at install, the 'new identity' option is one of the best ways to beat tracking as the refresh is quick and you are routed through a different set of Tor relays, so do it often!

        BTW!!!!

        Has Windows finally patched the DCOM vulnerability?

        For most Windows users it is not needed and should not be turned on at install, which it is.

        Any installed software and that unfortunately includes malware can use the open port 135 to surreptitiously connect to any remote server and download to a compromised system what ever it wants.

        So if a bit of malware gets on your machine through a browser vulnerability or stupidity, it has a ready made open back door that every hacker knows about.

        So if the very OS you are using is flawed to begin with you’re FOOKED, one little beggar gets through from a compromised site and does nothing to impair your machine can go unnoticed for a long time and usually has the ability to inform a remote server that you have been compromised, so data scraping and key logging malware could have run for ages.

        Sleep soundly Windows users. ROTFLMAO!

        Java was never written with security in mind and flash should have been a flash in the pan but.....Just shoot me!

        Windows in a VM and every time I start it up It's as if I had just installed it. BLISS!!!!

    2. Old Handle

      Re: How does making the network layer more anonymous help...

      It turns out they're actually talking about an enhancement for Tor Browser, not Tor itself. The article seems to lump them together, but towards the end it's clear what they meant.

  4. nematoad Silver badge
    Thumb Up

    Good.

    It looks like war has been declared.

    Strangely enough the conflict is actually between two sides of the US government. On one side are the US Department of State Bureau of Democracy, Human Rights, and Labor, and on the other are the FBI, NSA and so on.

    I know which side I want to win and it ain't the NSA.

    Good luck lads, keep up the good work and remember, as L/Cpl Jones said "They don't like it up 'em."

    1. asdf Silver badge

      Re: Good.

      > US Department of State Bureau of Democracy, Human Rights, and Labor,

      Nice try but everyone knows those don't exist in the US government. The State Dept exists to pretend like we will ever solve any of the world's problems (instead of the Dept. of Defense making more). The Labor department exists to issue some pro labor ruling about once a decade that only gets overturned and gets more Republicans elected in an off POTUS election year.

      1. asdf Silver badge

        Re: Good.

        Wish I knew how to post that Arnold Schwarzenegger Simpson wannabe gif stating That was the joke but yeah it was.

  5. Anonymous Coward
    Anonymous Coward

    don't get it

    How does this prevent exploits that were used by the FBI from working?

    1. Anonymous Coward
      Anonymous Coward

      Re: don't get it

      Exactly my point above.

      1. Anonymous Coward
        Anonymous Coward

        Re: don't get it

        I'm in the timeout corner. ALL MY POSTS ARE SUBJECT TO MODERATION.

        All for pointing out the truth.

    2. Dadmin

      Re: don't get it

      If not you're familiar with how Tor works, which I am not completely yet either, it is my understanding that you have some client software that acts like a VPN to make your TCP/IP connections route into the Tor system. It routes your traffic 'round and 'round, hence the onion references, then your traffic exits Tor to reach the site you wish to visit. I should look this up, but I'll continue. The FBI was somehow able to "wire" so many peering and other major Internet access points that they could detect client connections to/from Tor and somehow be able to correlate that to traffic exiting Tor to the target site and the client trying to reach it. Basically bypassing the onion in favor of the input and output points surrounding Tor. This is all from reading about it in the news, so might be off by 1, or more. Anyway, at that point they can issue malware into the client to "tattletale" on the target site and some info on the user, including a real IP address, not an anonymized one.

      The work being done looks like a beefing up to that weakness; the entry and exit points around Tor and how they are accessed, and possibly within Tor as well. It's an arms race, to be sure.

    3. Graham Cobb

      Re: don't get it

      There are really two ways to break Tor-based anonymity. One is to break the Tor anonymity itself (which seems like it may be possible for nation-state-level players, although it may be expensive and/or they may be reluctant to share the data with other players like law enforcement). The other is to break the anonymity above the Tor level: get the user (or, in this case their browser) to tell you who they are without ever having to break Tor!

      It is the latter which is addressed in this article. This is about making the "Tor Browser" (not really anything to do with Tor itself but a browser with Tor access conveniently built in) more secure. Like any other browser, Tor Browser has bugs which could be exploited (and have been) to run code on the user's system. That code can make the system report its real name and IP address to the adversary -- allowing law enforcement to know who has accessed what pages, for example. This article is about helping to make the Tor Browser more secure by making those bugs harder to exploit.

  6. JeffyPoooh Silver badge
    Pint

    Hopeless...

    By definition, any Turing machine (e.g. your PC) can NEVER be secure. Since a Turing machine can do 'anything', that includes pretending to be secure. Malware could tell you what you wish to hear. Your PC, like the Universe, might be a simulation. I believe it's hopeless.

    Perhaps one can imagine a secure hardware non-reprogrammable 'Security Chip' inside the PC providing trustworthy and reliable oversight. But it'd need to be wired-up to its own Red/Green LED. It might also need to contain a complete and up to date simulation of the PC, for comparison. So it falls apart.

    Hopeless.

    1. Brewster's Angle Grinder Silver badge

      Re: Hopeless...

      I looked up the definition of "Turing machine". Security isn't mentioned.

      Translation: I think this means Alan Turing is responsible for all computer security problems because, as we all know, you can't bolt security onto a working project; it has to be built in from the start.

  7. energystar
    Windows

    They're crying...

    ;D

  8. Anonymous Coward
    Anonymous Coward

    Jacob should fork Tor

    Really, Tor foundation is broken, FBI has shown it can hack Tor servers, deanonymize Tor clients.... no dissident would trust Tor. The decisions in it are 'odd', e.g. enabling Javascript on the Tor client bundle was a clear negative choice, yet that choice was made.

    I see they've finally gotten Jacob Applebaum, between trying to get his g-mails, arresting him at airports, breaking into his home, they finally got a few wimen to claim against him to remove him from Tor. But he has the credibility and Tor foundation does not. It's no surprise that suggestions like this come from outside Tor.

    https://theintercept.com/2015/06/20/wikileaks-jacob-appelbaum-google-investigation/

    Jacob should fork Tor, and secure it. Freedom of speech is under attack, surveillance in the west is ramping up. There will be a point where no one can state their opinion without a Farr figure snooping in, Brexit views are spied on as if they are terrorist views. Brexit people were spied on before Joe was shot by a Brexit supporter. Tor in broken, Tor foundation is clearly tainted, he needs to take a bit more heat from that lot, fork Tor, and remove its various back doors. Remove all those weird anti-security decisions the Tor Foundation has made.

    1. Graham Cobb

      Re: Jacob should fork Tor

      Unfortunately it is very hard to make useful security tradeoffs. We all know that there is no perfect security and we are used to the idea of a need to tradeoff between security and cost (how valuable is the item you are trying to secure? No point on spending more money than that on securing it).

      What we very often forget about is usability. If you increase security by reducing usability (ease-of-use, performance, etc) then you are reducing the number of people who will use that security. So, your choices here will depend on whether you are aiming at committed, hardcore, tinfoil-hat-wearing security geeks or Facebook-loving grandmothers or where in between.

      Some things (like the move to https: instead of http:) have so little impact on usability that they are no-brainers. However, the decisions made by the Tor project, including the controversial ones (like whether or not to enable Javascript in the Browser, whether to support UDP, whether to add background traffic, etc) are really hard as they have considerable impact on usability and hence real-world takeup.

      @AC may have preferred different choices. And I think that some Tor developers and researchers are moving towards some changes, as the threat environment and usage has changed. But I think the Tor developers have generally made pretty good choices and I certainly acknowledge that these are hard decisions with no right answers.

      @AC can go ahead and fork Tor/TBB with different choices, and then try to build up enough usage to get useful levels of anonymity. But I think the better choice is to work within the Tor environment, discuss potential changes, conduct (or sponsor) research and development and operate (or fund) relays.

      Ranting on El Reg is not likely to help (yes, I know I am guilty of it as well!).

  9. Zakhar

    Run it as middlebox!

    What is broken is not TOR, it is TOR-Browser. Very bad idea to try to make a communication machine (the browser) not communicate (everywhere)... because that is its purpose.

    That is why I run it as middlebox when I need it.

    Fix for Ubuntu 16.04 is here: https://github.com/Bylon/TOR_Middlebox

    As already said, there is no system that is 100% bullet proof, but what you do to increase it to 99,9999% is stack different "barriers".

    To make an image, yes your "barriers" have "holes" (vulnerabilities), but there is an extremely low chance that ALL the holes are aligned so that the bad guys can pass through easily.

    In the case we are talking about, even if they manage to infect your browser (the one you run inside the middlebox), the only IP they will get is a fake 172.16.0.1, and the Mac Address is the one VirtualBox gave us. Good luck with that.

    But indeed I agree, my TOR solution does not meet the requirements stated in the article:

    - easy for dummies

    - lightweight

    Sorry, that's what it takes to get a little security/privacy these days. Plus of course some common sense (as explained on the link I gave), don't run W$ or Android in your VM, they will "call home" with your license key/gmail creds, and you give easy correlations patterns to 3 letters agencies.

    And sure, the old middlebox post was out there for long, but is was full of leaks, so they let it out.

    I wouldn't be surprised if my link (or this post) get deleted because I gave the correct information (and not broken tools). And if you think it is still broken... don't hesitate to submit a pull request with your solution + why you think it is broken. :-)

    Because yes, as said above, war is on!

    1. Old Handle

      There's also Whonix, which if I understand TOR_Middlebox correctly, does basically the same thing.

    2. Kibble 2

      Re: Run it as middlebox!

      Thanks, Zakhar. <snip> don't run W$ or Android in your VM, they will "call home" with your license key/gmail creds <snip> An excellent point, and one not everyone would think of.

      Your post is still here, and the link is still alive and well.

    3. AustinTX
      Devil

      Re: Run it as middlebox!

      My take on this is that the exploit used by NSA employs javascript functions which ignore the browser & PC's firewall & redirects, or which launches core Windows services which also do this (more have come to light recently).

      So it comprises a "little snitch" who reports directly to a resource that NSA can monitor, with some kind of unique identifier. Or, they can match you up just by measuring timing. Using exclusively Linux will probably protect, unless javascript is all it needs. The state-security threatening pedos (!!) probably all used Windows. Or Macs, for that matter... :D

  10. Baldy50

    You can buy a cheap ish Internet capable mobile and use it in a free WiFi enabled place or a cheap laptop running Tails or Whonix and could just literally bin it after the call or email, so they really are just pissing in the wind to try and catch anyone with a knowledge of security let alone hacking systems, with a mandate to circumvent and evade for whatever reason, I'm sure any good CEH could make the info come from Langley's own network.

    Is it just the scare factor then, justifying their existence, monetary backing and keeping their cushy jobs?

    Seems like it judging by their outstanding accomplishments so far.

  11. Baldy50

    Don't really know where post this but here will do.

    And I thought I was as mad as a box of frogs some of you have already intimated that opinion LOL!

    No laughing gas required trust me!

    https://www.youtube.com/watch?v=4jRuEkK61Dg&feature=player_embedded

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019