Tor Weekly News — October 15th, 2014

harmony harmony01 at
Wed Oct 15 14:51:42 UTC 2014

Tor Weekly News                                       October 15th, 2014

Welcome to the forty-first issue in 2014 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.

Academic research into Tor: four recent studies

Major contributions to the development and security of Tor are often
made by academic researchers, either in a laboratory setting using
network simulators like Shadow [1], or through measurement and analysis
of the live network itself (taking care not to harm the security or
anonymity of clients and services). Different aspects of Tor’s
networking and security, from path selection to theoretical attacks,
have been analysed in three recently-published studies.

Otto Huhta’s MSc thesis [2] investigates the possibility that an
adversary in control of a non-exit relay could link two or more Tor
circuits back to the same client based on nothing more than timing
information. As Otto explained [3], “this is mainly the result of the
fixed 10 minute circuit lifetime and the fact that the transition to
using a new circuit is quite sharp.” With the help of a machine
classifier, and the fact that any one client will build its circuits
through a fixed set of entry guards, the study suggested that such an
adversary “can focus only on circuits built through these specific nodes
and quite efficiently determine if two circuits belong to the same
user.” There is no suggestion that this knowledge alone poses a serious
deanonymization risk to clients; however, wrote Otto, “our goal was not
to ultimately break the anonymity of any real user but instead to expose
a previously unknown threat so that it can be mitigated before anyone
actually devises an attack around it.”

Steven Murdoch published a paper [4] on the optimization of Tor’s node
selection probabilities showing, in Steven’s words [5], “that what Tor
used to do (distributing traffic to nodes in proportion to their
contribution to network capacity) is not the best approach.” Prior to
publication of the study, “Tor moved to actively measuring the network
performance and manipulating the consensus weights in response to
changes. This seems to have ended up with roughly the same outcome. […]
However, the disadvantage is that it can only react slowly to changes in
network characteristics.”

Sebastian Urbach shared [6] a link to “Defending Tor from Network
Adversaries: A Case Study of Network Path Prediction” [7], in which the
researchers analyze the effect of network features like autonomous
systems [8] and Internet exchanges [9] on the security of Tor’s path
selection, finding that “AS and IX path prediction significantly
overestimates the threat of vulnerability to such adversaries”, and that
“the use of active path measurement, rather than AS path models” would
be preferable “in further study of Tor vulnerability to AS- and IX-level
adversaries and development of practical defenses.”

Meanwhile, Philipp Winter took to the Tor blog [10] to summarize some
new findings concerning the the way in which the Chinese state Internet
censorship system (the “Great Firewall of China”) acts upon blocked
connections, like those trying to reach Tor, as detailed in a recent
project [11] to which he contributed. Searching for spatial and temporal
patterns in Chinese censorship activity, the researchers found that
“many IP addresses inside the China Education and Research Network
(CERNET) are able to connect” to Tor in certain instances, while the
filtering of other networks — centrally conducted at the level of
Internet exchanges — “seems to be quite effective despite occasional
country-wide downtimes”.

Each of these studies is up for discussion on the tor-dev mailing
list [12], so feel free to join in there with questions and comments for
the researchers!


Miscellaneous news

Michael Rogers submitted [13] patches against tor and jtorctl, making
two improvements to the performance of mobile hidden services: one
“avoids a problem where we'd try to build introduction circuits
immediately, all the circuits would fail, and we'd wait for 5 minutes
before trying again”, and the other “[adds] a command to the control
protocol to purge any cached state relating to a specified hidden


Karsten Loesing published [14] a “non-functional” mock-up [15] of a
possible redesign for the Tor Metrics portal, with notes on design
decisions: “Feedback much appreciated. This is the perfect time to
consider your ideas.”


Jeremy Gillula analyzed data relating to Tor node churn found in Tor
consensuses for September 2014, and found [16] that “on average, 0.003%
of nodes switch from being relay nodes to exit nodes in any given 1-hour
period, and 0.002% switch from being exit nodes to relay nodes”.


Noel Torres [17] and Andrew Lewman [18] sent their status reports for
September. Roger Dingledine also sent out the report for SponsorF [19].


Greg Norcie wondered [20] why the interval at which Tor switches to
using a new circuit was set at ten minutes, and Nick Mathewson
responded [21] that after the original period of thirty seconds was
found to be unworkable, the new number was selected in 2005 “more or
less intuitively”. Paul Syverson added [22] that the choice was “an
informed one”, taken after “a bunch of discussions concerning the
trade-offs between the overhead of the public-key operations of circuit
building and the pseudonymous profiling occurring at an exit”.


Both Tor and Tails received their first cinematic credits [23] with the
première of “CITIZENFOUR” [24], a documentary film concerning the recent
disclosure of intelligence documents by Edward Snowden. Eagle-eyed
viewers might spot a well-known hostname in the film’s trailer… [25]


WhonixQubes reported [26] on progress in many areas of the Whonix+Qubes
project, which as the name implies is a combination of the Whonix [27]
and Qubes [28] operating systems. Among other things, the system now
supports Whonix 9, a community forum has been set up, and greater
upstream integration is being discussed.


News from Tor StackExchange

"What happens when Tor always chooses the same path?" asks Mark [29] and
wants to know which weaknesses this exposes. User194 believes that this
would prevent a “predecessor attack” and make the system stronger, while
Lisbeth writes: “This makes your entire traffic highly fingerprintable
as compared to a standard random path. If your connections always used
A, B, and C nodes, it is statistically unlikely that many other people
are consistently using that same path, therefore it’s very easy to
correlate your traffic to your originating IP.”


Muncher visited a website [30] which asked to add HidServAuth into the
torrc and wants to know if it is safe to do so [31]. Jeff recommended
that this is safe because it doesn’t divulge anything about the identity
of a user. Mirimir furthermore referred to a question where adrelanos
looks for documentation [32].


Upcoming events

  Oct 15 13:30 UTC | little-t tor development meeting
                   | #tor-dev,
  Oct 17 17:00 CET | OONI development meeting
                   | #ooni,
  Oct 20 18:00 UTC | Tor Browser online meeting
                   | #tor-dev,
  Oct 21 17:00 UTC | little-t tor patch workshop
                   | #tor-dev,
  Oct 23 10:10 CET | Andrew @ Broadband World Forum
                   | Amsterdam, Netherlands

This issue of Tor Weekly News has been assembled by Lunar, qbi, and

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [33], write down your
name and subscribe to the team mailing list [34] if you want to
get involved!


More information about the tor-news mailing list