Academics build a new Tor client designed to beat the NSA

This new research paper caught my eye recently. It's in many ways a response to some of the latest research on how network-level adversaries attack Tor.

With the threat of powerful intelligence agencies, like the NSA, looming large, researchers have built a new Tor client called Astoria designed specifically to make eavesdropping harder for the world's richest, most aggressive, and most capable spies to track Tor users from start to finish.

Astoria reduces the number of vulnerable circuits from 58 percent to 5.8 percent, the researchers say. The new solution is the first designed to beat even the most recently proposed asymmetric correlation attacks on Tor.

Designed to beat such attacks, Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool, at its foundation, is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.

Read more...


Comments


[24 Points] None:

beat the NSA

I think it's a really interesting read and I like the idea they are posing but nothing will ever be 'NSA proof' IMHO.

I think everything is crack-able, it just takes the skills and the knowledge to do so.

That's how we improve. The current system is compromised in some way, we make something better, rinse and repeat.


[23 Points] GeneralStarkk:

Very interesting, thanks for sharing.


[13 Points] jatb_:

  1. This deals with attacks in which both your entry and exit node are controlled by an adversary (note the exit node, this means it only "addresses" attacks where you are visiting WWW sites).

  2. If your route selection is anything less than random then it makes you stand out. Any algorithm for selecting routes which is not random will likely result in more serious exploitation than what this was (attempting) to avoid.


[7 Points] Idonu:

I bet the NSA already sent someone to participate in that project so that they can feed them loopholes.....


[3 Points] thechildish:

great thread. 9/10 of all the Academics I've ever met have been snakes and worms. There are some Diamonds in the Rough though.


[2 Points] twofeetdown:

Link to paper at the bottom of the article.

http://arxiv.org/pdf/1505.05173.pdf


[1 Points] justwonderin24:

Looks good, where to download? Cant find link


[1 Points] auto587643:

Very interesting development. Seems to be an evolution of the Tor browser and concept, but this could be a major improvement if it's out now or soon. It'll probably retain Tor browser's noob friendliness, but be more secure at the same time. I'm going to keep an eye on this. If it's as good as they say it is, this could be a must-have for any DNM user.


[1 Points] DarkNetTarget:

That's great news. I'm glad scholars in academia are pursuing a good cause like this. Do some real good for our right for privacy.


[1 Points] LedLevee:

Why don't they help out the guys from TOR? Now we need to over-proof a new tool...


[1 Points] fuckoffplsthankyou:

No way I would ever trust it. Also, source pls.

Also, what does the Tor project have to say about this?


[-1 Points] misterchef1245:

This is very good news, if this becomes fully utilized markets would flourish.


[-5 Points] None:

[deleted]


[-20 Points] someoneknowsmynose:

Dude, please stop retweeting obvious shit