{"id":117,"date":"2008-02-09T13:22:15","date_gmt":"2008-02-09T21:22:15","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/02\/09\/security-review-tor\/"},"modified":"2008-02-09T13:22:15","modified_gmt":"2008-02-09T21:22:15","slug":"security-review-tor","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/02\/09\/security-review-tor\/","title":{"rendered":"Security Review: Tor"},"content":{"rendered":"<p><title><\/title> \t \t \t \t<!-- \t\t@page { size: 8.5in 11in; margin: 0.79in } \t\tP { margin-bottom: 0.08in } \t--><\/p>\n<p>Tor (http:\/\/www.torproject.org\/) is a service and application to enable anonymous access to the Internet.\u00a0 It works by relaying network requests through a number of peers before ultimately accessing the resources requested.\u00a0 In this way, those listening on your connection will find it extremely difficult to follow the sites you visit or your physical location.<!--more--><\/p>\n<h2>Assets\/Security Goals<\/h2>\n<p>Tor&#8217;s main asset is to make a particular user&#8217;s Internet traffic anonymous.\u00a0 This could be strictly for privacy, or it may enable activist activities who may otherwise be reprimanded for their actions.<\/p>\n<p>The security goal is to assure that this asset is in place.\u00a0 We must be certain that Tor&#8217;s methods\/algorithms do not allow tracing back through the relay and ultimately find the source of the connection.<\/p>\n<h2>Potential Threats\/Adversaries<\/h2>\n<p>The adversaries are those who want access to user&#8217;s identities and web activities.\u00a0 These could be government officials, identity thieves, or law enforcement to name a few.\u00a0 The potential threat is simply the discovery of identity and web traffic through manipulation of the system.<\/p>\n<h2>Weaknesses<\/h2>\n<p>There are two main weaknesses to Tor.\u00a0 One lies in the client software side, and the second lies in trust of Tor itself.\u00a0 If the Tor client is manipulated by an adversary, it could be made to ignore the Tor system itself and simply send traffic across the Web as usual.\u00a0 On the side of the Tor&#8217;s servers, we might be wary of Tor storing information that could later be used to compromise one&#8217;s identity.<\/p>\n<h2>Potential Defenses<\/h2>\n<p>Protection of the client is difficult, and ultimately we rely on the OS&#8217;s security to prevent such manipulation of the client.\u00a0 On the server side of defenses, while I&#8217;m not familiar with the specifics of the relaying methods, I believe that the relaying is in a distributed manner such that the information to trace a particular user is spread out across the network, and only a bizarre coordination of directory servers could gather the information needed to identify users on the network.<\/p>\n<h2>Risk Analysis<\/h2>\n<p>The risk is huge for many using this service.\u00a0 Criminals want their identity&#8217;s concealed.\u00a0 Others want to voice their opinions without repression.\u00a0 Assuming the system works, those using it have very little to worry about.\u00a0 Of course, anyone who doesn&#8217;t use it right or reveals information about themselves carelessly will get caught and can face severe consequences.<\/p>\n<h2>Conclusions<\/h2>\n<p>I think that over the past several years Tor has proven itself to be a very effective tool.\u00a0 It&#8217;s track record, AFAIK, is very good &#8212; frankly, it&#8217;s a model that works.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tor (http:\/\/www.torproject.org\/) is a service and application to enable anonymous access to the Internet.\u00a0 It works by relaying network requests through a number of peers before ultimately accessing the resources requested.\u00a0 In this way, those listening on your connection will &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/02\/09\/security-review-tor\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":32,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-117","post","type-post","status-publish","format-standard","hentry","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=117"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/117\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}