MIT researchers have devised a method for identifying anonymous Tor hidden services or hosts – with 88 percent certainty – by using a circuit fingerprinting attack to analyze traffic going through an attacker-controlled computer.
Once the attacker’s computer starts acting as a Tor guard, the researchers say they used a machine learning algorithm that analyzes traffic patterns that go through the computer to de-anonymize hidden service clients.
“The attacker sends crafted signals to speed up discovery of entry guards, which are first-hop routers on circuits, or use congestion attacks to bias entry guard selection towards colluding entry guards,” said the researchers in their paper. “Furthermore, all previous attacks require a malicious client to continuously attempt to connect to the hidden service.”
This type of passive attack is allegedly undetectable and could jeapordize the anonymity of users who rely on Tor to browse the web or the deep web.
“Since the attack is passive, it is undetectable until the nodes have been deanonymized, and can target thousands of hosts retroactively just by having access to clients’ old network traffic,” according to the research.
Although the researchers did provide some suggestions on how the Tor network should be upgraded to defend against this type of attack, Tor Project spokesperson Jordan Pearson says more research is needed to validate the attack and mitigation suggestions.
“This has yet to be proven. We are interested to see this article get officially published at Usenix Security where some Tor developers and privacy researchers will be attending,” said Pearson. “We need more concrete proof that these measures actually fix the issue.”
Due to these recent findings, it is possible that developers engaged with the Tor project will keep a close eye on research by the MIT researchers.