This advisory-written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)-highlights risks associated with Tor, along with technical details and recommendations for mitigation. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Since the fundamental vulnerability exposed by this paper is not specific to web browsing via Tor but rather to the problem of other low-latency applications based on TCP streams, our study is critical for securing and improving low-latency anonymous communication systems.This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. Based on our analysis of the potential attack mechanism, we propose corresponding countermeasures to thwart such potential application-level attacks against Tor, thereby effectively securing and improving Tor networks. Our analytical and empirical results validate the feasibility and effectiveness of the attack. Such an application-level attack can efficiently and effectively compromise the anonymity of clients without using invasive plugins like Java or any other active content systems in a web browser, posing a serious threat to Tor. In this paper, we present a potential HTTP-based application-level attack against Tor, which exploits both Tor’s design features and HTTP’s vulnerability to man-in-the-middle attacks.
Although considerable effort has been made to secure and improve Tor networks, little attention has been paid to various application-level attacks against Tor. Tor has become one of the most popular overlay networks for anonymizing TCP traffic, however, the anonymity of Tor clients is threatened by various attacks exploiting traffic analysis or Tor’s design features.
0 kommentar(er)
