Microsoft has confirmed that it will not use the Internet Explorer name for its new…
Krishna Bahirwani: In an exclusive interview, Maria Garnaeva, security expert in Kaspersky Lab’s Global Research and Analysis team speaks to Krishna Bahirwani on Tor, it’s strengths and weaknesses
What is Tor?
Short for “The Onion Router,” Tor is a free tool that keeps a user’s Web browsing private and anonymous. Beyond those with personal privacy or censorship concerns, Tor has been a valuable tool for those in oppressed parts of the world helping activists and others reach parts of the Internet they otherwise would not be able to. Tor is available as a free download for your PC; it also stands for the Tor network, which is made up of voluntary Tor users worldwide. It’s through this network where Tor users’ Internet traffic is directed in order to conceal the user’s location.
In parts of the world where surveillance is conducted over the Internet or by analyzing network traffic, Tor is an important piece of software to preserve anonymity online.
Tor organizers point to a number of use cases for the software and network, including reaching sites or services online that are blocked by local Internet service providers, keeping sensitive communication anonymous–for example between crisis counselors and patients in the medical community, between journalists and their sources, or non-governmental organization (NGO) volunteers wishing to preserve their anonymity in countries hostile to their cause.
How does it protect your identity while on the Internet?
Creating anonymous resources is possible due to the distributed network of servers called “nodes” or routers that operate on the principle of onion rings (hence its name is The Onion Router). All network traffic (i.e. any information) is encrypted repeatedly as it passes through several network nodes on its way to Tor. In addition, no network node knows either the source of the traffic or the destination or its content.
How do browsers affect Tor?
For instance, Tor Browser can be identified with the help of the HTML5 canvas measureText() function, which measures the width of a text rendered in canvas. If the resulting font width has a unique value (it is sometimes a floating point value), then we can identify the browser, including Tor Browser.
It should be noted that this is not the only function that can acquire unique values. Another such function is etBoundingClientRect(),which can acquire the height and the width of the text border rectangle.
When the problem of fingerprinting users became known to the community (it is also relevant to Tor Browser users), an appropriate request was created. However, Tor Browser developers are in no haste to patch this drawback in the configuration, stating that blacklisting such functions is ineffective.
Is it possible to monitor users protected by Tor?
Yes it is possible though different methods require different resources and work with different effectiveness.
Attacks on the communication channel. If the attacker has access to many nodes in the network, he can carry out traffic analysis using statistical correlation of traffic measurements, thus, he can identify the source of anonymous traffic.
Passive Monitoring: Exit nodes being an end link in traffic decryption operations may become a source that can leak interesting information, for example unencrypted user passwords, usernames and other identifying information.
Active monitoring: Apart from just sniffing traffic on the exit nodes, the more severe operations can be performed on them, such as injecting malicious code into that binary files being downloaded. In other words, the malicious exit node can conduct a so-called MITM-attack.
What is HTML5 canvas data? How can it be used to identify a user protected by Tor?
l Various graphics drivers and hardware components installed on the client’s side;
l Various sets of software in the operating system and various configurations of the software environment.
The parameters of rendered images can uniquely identify a web-browser and its software and hardware environment. Based on this peculiarity, a so-called fingerprint can be created. This technique is not new – it is used, for instance, by some online advertising agencies to track users’ interests. However, not all of its methods can be implemented in Tor Browser. For example, supercookies cannot be used in Tor Browser, Flash and Java is disabled by default, font use is restricted. Some other methods display notifications that may alert the user. However, some loopholes are still open at this moment, with which fingerprinting in Tor can be done without inducing notifications.
Are other anonymous networks like I2P vulnerable as well?
Different anonymous networks provide different tools for the users (for example, being only a network layer as I2P, or also having its own browser as Tor) and take different approaches to traffic encryption. For example, I2P has a better implementation of encryption being more resistant to traffic eavesdropping and MITM-attacks as it is in the case of Tor. But still, as the user can use any browser by his own choice he is still vulnerable to attacks on browsers (Flash, Java, fingerprinting) and, thus, can be identified.