May 16, 2005 | By Annalee Newitz

Academics Analyze TOR Security in Paper at IEEE Symposium

Two computer scientists from Cambridge University, Steven Murdoch and George Danezis, presented a paper on the anonymous communication system Tor earlier this week at the IEEE Symposium on Security and Privacy. Entitled "Low-Cost Traffic Analysis of Tor," the paper describes one possible attack on Tor's security that allows an attacker to learn the nodes in a user's circuit, but not the identity of the user. The attacker must also control the server that users are trying to reach. But no aspect of the attack compromises user anonymity -- Tor users' identities are still secure.

"The paper is useful because it points out problems in some future design directions we were considering," said Tor developer Roger Dingledine. "I'm happy that we're getting serious academic research on Tor, and I'm happy that they didn't discover any attacks that could uncover users' identities. The next research question here is to try to show that their attack becomes weaker as the Tor network grows."

Tor is an open source, anonymous communication tool for the Internet, developed primarily by Dingledine and Nick Mathewson, and is currently supported by EFF.

"The reason Murdoch and Danezis picked Tor for their paper is that Tor is publicly documented, easily accessible, and is the free-route system to research," said Mathewson. "Not only is Tor advancing the state of anonymity research, but it's also getting better each time we learn about a new vulnerability."


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Congress just voted to repeal #broadbandprivacy rules & we need you on our side in the coming battles. Support EFF. https://supporters.eff.org/do...

Mar 29 @ 12:12pm

Watch this video tutorial and share it with your friends to make your Facebook posts more private. https://www.eff.org/deeplinks...

Mar 29 @ 9:47am

EFF kicks off intro security trainings for tech newbies at the @SFPublicLibrary tonight. Tell your friends! https://www.eff.org/deeplinks...

Mar 28 @ 4:49pm
JavaScript license information