New threats against anonymity on the internet
2016-10-05For some, anonymity on the internet is a necessity. Researchers at Karlstad University, KTH Royal Institute of Technology, and Princeton University have discovered a new attack against the Tor anonymity network that uses the Domain Name System (DNS).
Tor is the world’s largest anonymity network with around two million daily users, and it is used to avoid surveillance and to circumvent censorship online. Tobias Pulls, postdoc in Computer Science at Karlstad University, jointly with researchers at KTH Royal Institute of Technology and Princeton have discovered a new attack against Tor related to DNS monitoring.
To use Tor for browsing the internet you use the Tor Browser, a special version of the web-browser Firefox. With the Tor Browser, a user can send encrypted data back and forth via nodes in the Tor network to visit websites like Facebook. This means that citizens in states were Facebook is censored can still access it without detection.
- We have investigated if DNS could be a threat to the Tor network. DNS is a system which translates domain names to IP-addresses to connect computers over the internet, says Tobias Pulls, postdoc in Computer Science at Karlstad University. Information about IP-addresses and domain names are kept by DNS servers on the internet and traffic to and from these servers can be monitored.
When a user uses the Tor Browser to browse to a website, encrypted data is sent into the Tor network. While this data is encrypted, internet service providers and others can still see that someone is sending encrypted data back and forth. Once in the Tor network, the encrypted data is transferred to its intended destination like a website via a so-called exit node. At the exit node, even though the traffic is going through the Tor network, the IP-address of the final destination still has to be queried from a DNS server. Observing both the encrypted traffic going into the Tor network together with the DNS queries from exit nodes enables an attacker to look for patterns in the traffic and potentially deanonymize users.
- We already knew that monitoring traffic in and out of the Tor network is a threat, but nobody had looked at DNS traffic before. Our results show that DNS traffic is really useful for attackers, says Tobias Pulls. There’s no need to panic. Launching these types of attacks still take significant resources and as luck would have it the Tor community is already working on suitable defenses. At Karlstad University, we have a project funding by the Swedish Internet Fund also looking at defenses.
Read more about the project funded by Swedish Internet Fund here!