Defcon XVI - Tor Part 1
Wednesday, August 20, 2008
I was kind of excited about this years Tor talks because it was almost skipping over the details of what is Tor and going strait to some more advanced subjects. Roger Dingledine made a great presentation about the vulnerabilities of Tor where he went through each major security bug that was ever discovered. He is very honest about some of the future attacks like Latency Tables, SSL Website Fingerprinting, automatic control port authentication problems, attackers buying old certificate authorities so that SSL MITM attacks would be available anytime, and even how governments are starting to make laws forcing Tor admins to have an real time access to current Tor nodes.
Latency Tables
This was actually pretty interesting to me. Roger made a comment about how an attack would be easier if the attacker had access to a latency table which would keep track of the latency between one point to another on a global scale.
This is a theoretical attack as no one has been able to do this effectively.
SSL Website Fingerprinting
This is the theory that it would be possible to document the size of an SSL encrypted web site request so that although an attacker cannot see the data going over the connection, it is possible to see what website the user is visiting. It could even be taken one step further where the table could not only have the initial website size but the first page, and then the redirected page after login. For instance, if someone visits their bank, they first get an initial login, and then a secondary authentication screen, and finally their actual online banking information. Each of those pages have a size that when put together, makes a pretty unusual fingerprint.
If you tie this fact together with Mike Perry's SSL cookie exploit, one can imagine a situtuation where an attacker finds the website the user is visiting, inject an <img src="http://www.visitedwebsite.com"> where the cookie is sent in clear text and then a session hijack occurs.
Automatic Control Port Authentication
There has been an addressed issue that shows how an attacker could gain control of a Tor client's control port (which is what's used to generate tunnels) thereby granting the ability to redirect the tunnel or something even more malicious. The work around for this was to provide authentication done either by a password or by a session cookie. Clients like Vidalia now support the authentication mechanism but the problem currently is how is the authentication done at the boot time when a user installs Tor as a Windows Service. Roger didn't have an answer yet to this issue besides that it was currently being worked on.
Purchasing Old CA's
If you look in Firefox or IE or Opera or whatever, you'll see a pretty long list of pre-trusted certificate authorities that come when you install the browser. These are some of the most popular ones that have been trusted for years and come with the browser itself. It just so happens that a lot of these CA's are not even in business anymore but they're still in the browsers in case someone has purchased a certificate that extends through 2020. So what? Well the issue is what if an attacker purchased one of those old CA's, if they wanted to do a MITM attack with SSL, they could and the browser would have no problem with it. There was even a comment about how China is interested in purchasing one to help out with deep packet inspection even on SSL connections.
Governments and Law Enforcement
The last big issue that I thought was interesting to bring up was how some governments (see Germany and others) are pressuring Tor to provide "real time access to law enforcement." Whatever real time and law enforcement really ends up being. Roger makes the point that if it becomes this hard and this illegal, it may not be possible to run a Tor server in that country and it may be difficult to do so in the future.
External Links
http://www.torproject.org - Tor Project Website
http://www.kreativrauschen.com/blog/2007/11/09/german-bundestag-decides-to-implement-data-retention/ - Blog about the new German data retention logs
http://en.wikipedia.org /wiki/Data_retention - Wikipedia entry about data retention laws in other countries
Labels: privacy, Roger Dingledine, security, Tor
I was kind of excited about this years Tor talks because it was almost skipping over the details of what is Tor and going strait to some more advanced subjects. Roger Dingledine made a great presentation about the vulnerabilities of Tor where he went through each major security bug that was ever discovered. He is very honest about some of the future attacks like Latency Tables, SSL Website Fingerprinting, automatic control port authentication problems, attackers buying old certificate authorities so that SSL MITM attacks would be available anytime, and even how governments are starting to make laws forcing Tor admins to have an real time access to current Tor nodes.
Latency Tables
This was actually pretty interesting to me. Roger made a comment about how an attack would be easier if the attacker had access to a latency table which would keep track of the latency between one point to another on a global scale. This is a theoretical attack as no one has been able to do this effectively.
SSL Website Fingerprinting
This is the theory that it would be possible to document the size of an SSL encrypted web site request so that although an attacker cannot see the data going over the connection, it is possible to see what website the user is visiting. It could even be taken one step further where the table could not only have the initial website size but the first page, and then the redirected page after login. For instance, if someone visits their bank, they first get an initial login, and then a secondary authentication screen, and finally their actual online banking information. Each of those pages have a size that when put together, makes a pretty unusual fingerprint. If you tie this fact together with Mike Perry's SSL cookie exploit, one can imagine a situtuation where an attacker finds the website the user is visiting, inject an <img src="http://www.visitedwebsite.com"> where the cookie is sent in clear text and then a session hijack occurs.
Automatic Control Port Authentication
There has been an addressed issue that shows how an attacker could gain control of a Tor client's control port (which is what's used to generate tunnels) thereby granting the ability to redirect the tunnel or something even more malicious. The work around for this was to provide authentication done either by a password or by a session cookie. Clients like Vidalia now support the authentication mechanism but the problem currently is how is the authentication done at the boot time when a user installs Tor as a Windows Service. Roger didn't have an answer yet to this issue besides that it was currently being worked on.
Purchasing Old CA's
If you look in Firefox or IE or Opera or whatever, you'll see a pretty long list of pre-trusted certificate authorities that come when you install the browser. These are some of the most popular ones that have been trusted for years and come with the browser itself. It just so happens that a lot of these CA's are not even in business anymore but they're still in the browsers in case someone has purchased a certificate that extends through 2020. So what? Well the issue is what if an attacker purchased one of those old CA's, if they wanted to do a MITM attack with SSL, they could and the browser would have no problem with it. There was even a comment about how China is interested in purchasing one to help out with deep packet inspection even on SSL connections.
Governments and Law Enforcement
The last big issue that I thought was interesting to bring up was how some governments (see Germany and others) are pressuring Tor to provide "real time access to law enforcement." Whatever real time and law enforcement really ends up being. Roger makes the point that if it becomes this hard and this illegal, it may not be possible to run a Tor server in that country and it may be difficult to do so in the future.
External Links
http://www.torproject.org - Tor Project Websitehttp://www.kreativrauschen.com/blog/2007/11/09/german-bundestag-decides-to-implement-data-retention/ - Blog about the new German data retention logs
http://en.wikipedia.org /wiki/Data_retention - Wikipedia entry about data retention laws in other countries
Labels: privacy, Roger Dingledine, security, Tor
<< Home