August 19, 2019 at
Tor browser’s anonymity network is endangered
yet again, as researchers uncover that nation-states and threat actors can
significantly impact its performance rather cheaply. A new report published by
researchers from the US Naval Research Laboratory and Georgetown University
indicates that only a few thousands of US dollars per month could be all it
takes to degrade Tor network.
Researchers point out that threat actors could
use simple tools to do so, including DDoS booters (stressers), which would slow
down Tor download speeds. Alternatively, these methods could also prevent
access to the network’s censorship-bypassing abilities.
According to researchers, an attack against the entire Tor network would not exactly be simple — it would require massive DDoS resources. Approximately 512.73 Gbit/s would be needed to do it, and the price of such an attack would be around $7.2 million per month. However, a similar result can be achieved for a far more approachable price. So far, academics identified three different approaches, as presented at the USENIX security conference last week.
Researchers have noted that these attacks would need to be extremely carefully targeted DDoS attacks, but if pulled off successfully, they could wreak havoc for all of the Tor network participants. The attacks would not clog the network, nor shut it down. However, they would be severe enough to make the network unusable and drive users away from it due to nothing but poor performance. In the long run (if the attackers have enough resources), this could turn out to be an extremely effective strategy.
1. Aiming at Tor bridges
As mentioned, researchers have come up with
three different scenarios for achieving the degradation of the Tor network. The
first of them includes DDoS attacks against Tor bridges, instead of simply
seeking out each of its servers.
Tor bridges are servers as well, although they
are specialized, and they act as an entry point into the network. However,
their IP addresses are not listed in public directories, which is what makes
them very resilient to simple blocking.
This is what makes them different from Tor guard servers. If the government of some country blocked the public guard servers, users could simply configure the browser and use one of the bridge servers, and still be able to bypass censorship and use the network. However, according to the researchers, not all of these bridges are operational at this point, with only 12 of them working as of now. Targeting them all would not cost more than $17,000 per month.
Even if all Tor bridges were to be repaired
and perfectly functional, they could still be targeted for only $31,000 per
month, which is a very low price for entities such as nation-states that wish
to control their citizens.
2. Hitting TorFlow
Another method would ai at TorFlow, the
network’s load balancing system. Basically, TorFlow measures Tor relay
capacity, and it is responsible for traffic distribution. That way, no server
within the network gets overcrowded, and the network manages to maintain some
functional speed at all times.
However, a DDoS attack launched against
TorFlow would definitely do the trick. Not only that, but it would cost barely
$2,800 per month, which is multiple times cheaper than the first method. Researchers
made a simulation of the event, deducing that the download speed of the network
would go down by 80% if such an event took place.
3. Attack on Tor relays
The final scenario that includes DDoS attacks
would be against Tor relays, which are the most common type of servers used by
the Tor network. They are also what allows users to maintain their anonymity,
bouncing the traffic from one relay to another.
This time, researchers did not rely on DDoS stressers. Instead, they tried to exploit the flaw within the Tor protocol. DoS bugs make use of logic faults in order to slow down the protocol, and thus impact the speed of the network. These flaws have always been there, and they were used and misused multiple times in the past. Tor developers finally managed to find the time to start patching them recently, but researchers still consider them a valid point of attack.
Their simulations have shown that this method could
be used for targeting the entire network for only $6.300 per month and decrease
the download time by 120%. Alternatively, it might also be enough to pay $1.600
per month and decrease the speed by 47%. With the network being relatively slow
as it is, this might be more than enough to cause Tor users to leave in
Cheap but effective
Now, most nation-states have enormous budgets,
including millions of dollars. Paying a few thousands of dollars per month to
get rid of the Tor network would not only be possible for them but also very
cheap. Besides, they are known for using DoS attacks, as they are easy to
deploy, cheap to fund, and very effective when used in the right way.
With Tor continuously improving its ability to avoid censorship, geo-restrictions, and other forms of blocking, nation-states may turn to these methods of reducing the network’s usefulness. Additionally, the second and third scenarios would not only be cheaper but would also deliver better results, in regards to the money invested in conducting them.
According to the researchers, it would be much more productive — not to mention cheaper — to try and slow down the network, than to use old methods of trying to deanonymize the traffic. However, researchers also have a few propositions in regards to mitigating these attacks. They suggest additional financing for meek bridges, the improvements of the Tor protocol, as well as distancing from load balancing approaches, that require centralized scanning.