Saturday, November 5, 2011

Let us stop with the buzz on TOR

Hi to all

Since a few weeks a huge buzz has arised around the TOR security and especially regarding the attack we have designed and experimented. I decided not to react, not to feed the buzz since I do not like it and if controversy may sometimes be constructive, in the present case, things have gone too far: stupid comments on comments from others (on which basis since we have published only a very few things yet?), personal attacks close sometimes to libelling, huge emotions, doubts and fear that may be understood however, collective hysteria...

However, going on sticking away would in some sense backing this buzz. It is time to remind that the only possible goal is to have more security, to determine whether really our attack can put seriously TOR security into question and go ahead to try to find solutions to improve. Security is a too serious thing to be only a playground for buzz. Even if -- especially as a former military cryptanalyst -- I do not fully agree on a few conceptual choices in TOR, there must be no doubt for anyone about our will to contribute to the TOR security and this from the very beginning. We must not forget that a few people who use TOR are putting sometimes their life into danger (political opponents, militaries...) for a more democratic and free society. In this respect, we cannot waste a precious time. Up to me, the issue is very clear: there is absolutely no doubt that we need a solution like TOR even this solution is far from being perfect. But is there such a thing as a perfect solution, especially if you add political and national security issues?

When I decided to work on TOR -- by mid of 2010 -- I was just interested in the crypto part, looking for some application of the concept of dynamic cryptographic trapdoor that I had imagined a few years ago. So far I could test it only in non public yet real networks. Hence it was not possible to publish anything on those results. So at the beginning, I had nothing against TOR and I still don't.

When it was clear that TOR could also succumbed to this concept, I imagined the attack under the present light of media. If I have a rather good knowledge of network technology, it was not sufficient and I needed to have more skilled guys, especially to find ways to force 3-node routes through compromised nodes with a very high probability. Two of my best students of our N&IS Specialised master, Seun from Nigeria and Leonard from Tanzania -- two really excellent students -- have joined the party on April 2011. They have worked very hard, have done an excellent job both at the academic level and at the operational/technical level. I can say that as a tutor, I am really proud of their work. Of course, for anyone who knows how research works, you never totally start from scratch and Seun and Leonard's first tasks were to establish a bibliography on the existing network approaches used by previous researchers: Murdoch, Evans, Danezis, Pappas, Bendiken... who all have been mentioned in the slides. Then they have developped their own tools/approaches to fit my operational intent. Just as it is required in any research work. And other people doing hacking or research are doing the same.

We have just done research, serious, good and operational research up to me. We have tested our attack in conditions close to the reality. People will make their own ideas. I decided at that time not to make buzz, just to present this work in hacking conferences. Unfortunately my employer -- an academic institution -- has required from me to present my attack to French journalists. I have accepted since an employer is always right...or you have to resign. But at the very end, I did not really mind: who cares about news published in French in the world? Then things went wrong and the hype created by others has gone too far. The TOR foundation contacted me in a form that was probably not very fair -- to my perception at last -- and myself I have to make a throrough criticism of myself when facing the resulting buzz. After 22 years in the Army (in the French Marine Corps Infantry), I suppose that I have kept a not very flexible and accomodating mind. Sorry for that. We have decided that it was necessary to restore the contact with the TOR foundation and its president Roger Dingledine to go beyond our differences in opinions, views and interpretations and go ahead towards more security in TOR in a more constructive way. Any other end would have been totally irresponsible from Seun and me.

Our attack works not because the TOR source code has flaws. Once again, it is well-written and in a secure way. It is more related to conceptual issues. We have just analyzed the TOR network at a higher level, by considering it as a critical infrastructure and using a large, multi-level and coordinated attacks. Up to me according to personal information, which are confirmed partly on the TOR website, I am convinced that China (especially in 2009 and late 2010) has already tried similar attacks and has been, at least partly successful. Of course we cannot accept that.

The main problem comes from the fact that
  1. the TOR network relies on volunteers which most of the time do not secure their computers. That is dramatic. Just imagine the security nightmare in a big company where every user would be free to choose the operationg system, the way to configure it... We will not publish all what we have detected. But be sure that we have seen horrible things as far as security is concerned. In this respect, we think that an overall computer security policy should be enforced and any OR not complying with it should be banned from the network.
  2. TCP is a nightmare as well and this is the main issue. I am not a network expert but I have the feeling that it will difficult to built more security at that level. We have managed to return a few of the TOR protections against DDoS against TOR itself when considering local, surgical strikes.
But to be honest, being able to force 3-node circuits can be exploited only if there exists a significant part of ORs that have been compromised. So back to the first point.

Up to me there is some hope and technical improvements should be possible. Among many possible ideas. we propose:
  • as an emergency measure, to ban weak ORs that are not secure enough. This requires to make fingerprinting and active auditing what we did actually but only partly for legal reasons.
  • to add steganography techniques in TOR. Remember that using cryptography focuses attention and hence attacks. Why not a steganographic version of TOR?
  • to limit not so say prevent the installation of dynamic cryptographic backdoors (memory protection by hardware-based virtualization for instance, malicious cryptography techniques to prevent memory tampering, process protection techniques [we have developped a few in our lab]...).
Seun intends to dedicate his PhD thesis to the enhancement of the TOR security with innovative propositions. He is just waiting for a PhD grant. We are ready to contribute and to be involved anyway.

We have sent all source code and slides to the TOR foundation in order to help it to design and release a potentially more secure version of TOR. Recent exchanges with Roger seem to show that somehow our work is considered as significant and was not greatly exaggerated. That is sufficient to us. I let him confirm or not. We will release the source code and data as scheduled on November 10th (right after PacSec 2011) unless the TOR foundation recommends to wait a little bit more. As researchers and hackers we just need our contribution to be recognized. If it has helped finally to take part to the enhancement of overall TOR security, well we will proud of that.

Special thanks to Dragos, Rodrigo and Filipe.

Eric Filiol & Oluwaseun REMI-OMOSOWON

Tuesday, November 1, 2011

TOR Attack Technical Details

Hi to all

As announced in a previous one, this post presents and details the different technical details on our TOR attack. These data will be released little by little but everything should be finally available before the end of November. So stay tuned to follow regular additions to this post.

We do prefer take time and release the most recent developments with respect to the TOR foundation updates, patches... But we also understand that people are looking forward to have those technical details. Since some of them are ready and since making them public does not challenge the interests of H2HC2011/PacSec 2011 organizers, well why wait more?

An updated version of the attack (to adapt to the forthcoming updates and patches of the TOR code in November and December and to present the TOR security evaluation dedicated botnet we are currently developping) will be presented at the 28th Chaos Communication Congress (28C3) in Berlin.

Here are the data provided:
  • The Google Earth maps of existing ORs (public and hidden ones; allOS ORs and Windows ORs) at the date of November 1st, 2011. Hidden TOR relay bridges (195 extracted by now; text list here) have been automatically extracted with the tor_brige library provided hereafter. This map is essentiel and is part of the intelligence step of the attack. Building large, coordinated, multilevel attacks -- as militaries usually do -- requires to have this generalized view of the target. New maps at the date of November 10th, 2011 (310 hidden relay bridges extracted so far): all ORS and Windows ORs.
  • The tor_extend library which enables (1) to automate the extraction of hidden TOR nodes (relay bridges) and (2) to execute the spinning technique (second of the 3 combined techniques to force 3-node routes towards compromised nodes). This library has been written by Oluwaseun Remi-Omowoson. The library can also be accessed through the Rubyforge link and Rubygem link (relevant documentation here). Simply typeset "gem install tor-extend" to install.
  • H2HC 2011/Pacsec 2011 slides.
  • PacSec video.
  • Technical paper which also contains the SCAPY script code to play the TCP Reset technique (first of the 3 techniques combined to force 3-node routes towards compromised nodes). Available by end of January 2012.
  • The tor_extend library version 2.0.0 (28C3 version). Contains everything in a single file (source code, documentation, ruby code, Google Earth map of ORs including 355 hidden relays extracted so far...). 28C3 slides. These data will be the last public version available. Very important point following feedbacks and comments from Roger Dingledine (thanks Roger!): in our slides we focus on Windows ORs/relays without correlating to bandwidth. This was just a choice among many other possible. Optimally it is true that we have to target/infect primarily the nodes with high bandwidth. And following this dicussion it is clear that many other options are possible. So, up to the choice of the target subset to infect, the general concept/approach of our attack remains valid.
  • The malware part (installing the dynamic cryptographic trapdoor) is not public. The malware also embeds a few structures to contribute to forcing 3-route nodes (refer to the paper).
Please note that the source code provided (when relevant) is the PoC version only (not optimized). Optimized versions are not public (since they are part of the TOR security evaluation botnet which is currently developped).

To conclude, we would like to stress on the fact that TOR is not only solution available (just to counter stupid comments claiming that without TOR the security world would be empty). We recommand the excellent book (free) "How to bypass Internet censorship" which describes various tools which are worth mentioning and considering.