Monthly Archives: October 2016

Successful attacks against popular anonymity network

With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and websites hosting content that’s been deemed subversive have used it to hide the locations of their servers.

Researchers at MIT and the Qatar Computing Research Institute (QCRI) have now demonstrated a vulnerability in Tor’s design. At the Usenix Security Symposium this summer, they will show that an adversary could infer a hidden server’s location, or the source of the information reaching a given Tor user, by analyzing the traffic patterns of encrypted data passing through a single computer in the all-volunteer Tor network.

Fortunately, the same paper also proposes defenses, which representatives of the Tor project say they are evaluating for possible inclusion in future versions of the Tor software.

“Anonymity is considered a big part of freedom of speech now,” says Albert Kwon, an MIT graduate student in electrical engineering and computer science and one of the paper’s first authors. “The Internet Engineering Task Force is trying to develop a human-rights standard for the Internet, and as part of their definition of freedom of expression, they include anonymity. If you’re fully anonymous, you can say what you want about an authoritarian government without facing persecution.”

Layer upon layer

Sitting atop the ordinary Internet, the Tor network consists of Internet-connected computers on which users have installed the Tor software. If a Tor user wants to, say, anonymously view the front page of The New York Times, his or her computer will wrap a Web request in several layers of encryption and send it to another Tor-enabled computer, which is selected at random. That computer — known as the guard — will peel off the first layer of encryption and forward the request to another randomly selected computer in the network. That computer peels off the next layer of encryption, and so on.

The last computer in the chain, called the exit, peels off the final layer of encryption, exposing the request’s true destination: the Times. The guard knows the Internet address of the sender, and the exit knows the Internet address of the destination site, but no computer in the chain knows both. This routing scheme, with its successive layers of encryption, is known as onion routing, and it gives the network its name: “Tor” is an acronym for “the onion router.”

In addition to anonymous Internet browsing, however, Tor also offers what it calls hidden services. A hidden service protects the anonymity of not just the browser, but the destination site, too. Say, for instance, that someone in Iran wishes to host a site archiving news reports from Western media but doesn’t want it on the public Internet. Using the Tor software, the host’s computer identifies Tor routers that it will use as “introduction points” for anyone wishing to access its content. It broadcasts the addresses of those introduction points to the network, without revealing its own location.

If another Tor user wants to browse the hidden site, both his or her computer and the host’s computer build Tor-secured links to the introduction point, creating what the Tor project calls a “circuit.” Using the circuit, the browser and host identify yet another router in the Tor network, known as a rendezvous point, and build a second circuit through it. The location of the rendezvous point, unlike that of the introduction point, is kept private.

Traffic fingerprinting

Kwon devised an attack on this system with joint first author Mashael AlSabah, an assistant professor of computer science at Qatar University, a researcher at QCRI, and, this year, a visiting scientist at MIT; Srini Devadas, the Edwin Sibley Webster Professor in MIT’s Department of Electrical Engineering and Computer Science; David Lazar, another graduate student in electrical engineering and computer science; and QCRI’s Marc Dacier.

The researchers’ attack requires that the adversary’s computer serve as the guard on a Tor circuit. Since guards are selected at random, if an adversary connects enough computers to the Tor network, the odds are high that, at least on some occasions, one or another of them would be well-positioned to snoop.

During the establishment of a circuit, computers on the Tor network have to pass a lot of data back and forth. The researchers showed that simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit. Breaking Tor’s encryption wasn’t necessary.

Intelligence Lab work together more effectively in the face of uncertainty

If companies like Amazon and Google have their way, soon enough we will have robots air-dropping supplies from the sky. But is our software where it needs to be to move and deliver goods in the real world?

This question has been explored for many years by researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL), who have worked on scenarios inspired by domains ranging from factory floors to drone delivery.

At the recent Robotics Science and Systems (RSS) conference, a CSAIL team presented a new system of three robots that can work together to deliver items quickly, accurately and, perhaps most importantly, in unpredictable environments. The team says its models could extend to a variety of other applications, including hospitals, disaster situations, and even restaurants and bars.

To demonstrate their approach, the CSAIL researchers converted their lab into a miniature “bar” that included a PR2 robot “bartender” and two four-wheeled Turtlebot robots that would go into the different offices and ask the human participants for drink orders. The Turtlebots then reasoned about which orders were required in the different rooms and when other robots may have delivered drinks, in order to search most efficiently for new orders and deliver the items to the spaces.

The team’s techniques reflect state-of-the-art planning algorithms that allow groups of robots to perform tasks given little more than a high-level description of the general problem to be solved.

The RSS paper, which was named a Best Paper Finalist, was co-authored by Duke University professor and former CSAIL postdoc George Konidaris, MIT graduate students Ariel Anders and Gabriel Cruz, MIT professors Jonathan How and Leslie Kaelbling, and lead author Chris Amato, a former CSAIL postdoc who is now a professor at the University of New Hampshire.

Humanity’s one certainty: uncertainty

One of the big challenges in getting robots to work together is the fact that the human world is full of so much uncertainty.

More specifically, robots deal with three kinds of uncertainty, related to sensors, outcomes, and communications.

“Each robot’s sensors get less-than-perfect information about the location and status of both themselves and the things around them,” Amato says. “As for outcomes, a robot may drop items when trying to pick them up or take longer than expected to navigate. And, on top of that, robots often are not able to communicate with one another, either because of communication noise or because they are out of range.”

These uncertainties were reflected in the team’s delivery task: among other things, the supply robot could serve only one waiter robot at a time, and the robots were unable to communicate with one another unless they were in close proximity. Communication difficulties such as this are a particular risk in disaster-relief or battlefield scenarios.

“These limitations mean that the robots don’t know what the other robots are doing or what the other orders are,” Anders says. “It forced us to work on more complex planning algorithms that allow the robots to engage in higher-level reasoning about their location, status, and behavior.”