VPN Articles and News

New Research Shows Tor Users Can Be Identified With 95 Percent Accuracy

By Paul Liu
Saturday, November 7th, 2015

Tor, the anonymity software being used by millions of internet users to hide their online activities, is in news once again for all the wrong reasons. Just a few months after the software was found to leak the IP addresses of its users, a new research shows that Tor users can be identified with up to 95 percent accuracy. The research was conducted by researchers from Princeton University who discovered that users behind the software can be unmasked by analyzing just one end of the communication.

The research team from Princeton developed a new suite of techniques, nicknamed Raptor, to analyze the traffic passing through the anonymity software. The suite exploits properties of internet routing by analyzing one end of the traffic at the Autonomous System (AS) level and differs significantly from the previous methods of analysis which often relied on observing traffic at multiple points. To carry out their research, researchers used 100 PlanetLab nodes (50 acting as web servers hosting a large image file and the rest acting as Tor clients) and analyzed about 300 seconds of packets. The Raptor suite allowed the Princeton team to perform end-to-end timing analysis and unmask Tor users by observing traffic flowing in any one direction at both ends of the communication channel.

The analysis technique used by the research team takes advantage of the fact that multiple border gateway protocols (BGP) are often used to send or receive traffic. Since BGP paths can change over a period of time due to a variety of reasons, including but not limited to changed peers and hardware failure; they are not totally secure and can be intercepted by analyzing traffic in at least one direction. The research team was able to demonstrate a 95 percent success rate by analyzing asymmetric BGP paths and the success rate increased even further when they used their technique with other methods of analysis. Perhaps the most notable thing about the research is that there were zero false positives meaning the success rate of identification itself was a perfect 100 percent.

While publishing the details of their experiment in a white paper, the research team said that the Raptor suite demonstrates a serious threat to the security of anonymity solutions like Tor. They also stated that their work highlights the dangers associated with abstracting network routing from the traffic analysis of systems like Tor and could pave a way for the design of next generation anonymity solutions. The team also warned that by using their technique, intelligence agencies like NSA can unmask Tor users by analyzing only a small portion of traffic flowing through the servers of service providers. The research team also advocated including guard relays within the Tor client as well as the implementation of a secure inter domain routing to mitigate the risks arising out of traffic analysis at the AS level. Overall, the research conducted by the Princeton team clearly shows that if you are dead serious about your privacy, Tor is certainly not the answer.