Tor Anonymity: DeepCorr Risks

TL;DR

DeepCorr is a correlation technique that could de-anonymize Tor users, but it’s not a guaranteed ‘all or nothing’ scenario. It relies on timing data and specific network conditions. While concerning, practical attacks are complex and require significant resources. Mitigation strategies exist for both Tor operators and users.

Understanding the Threat: DeepCorr

DeepCorr attempts to link incoming and outgoing connections in Tor by analysing subtle timing differences (correlation) between a user’s initial connection request and subsequent data transfers. The idea is that even with onion routing, predictable patterns can emerge if enough information is gathered.

How DeepCorr Works

1. Data Collection: An attacker needs to monitor both the entry (guard) nodes and exit nodes of Tor circuits. This requires control over network infrastructure or significant passive monitoring capabilities.
2. Timing Analysis: The attacker records precise timestamps for incoming requests from users connecting to guard nodes, and outgoing responses from exit nodes.
3. Correlation: DeepCorr uses statistical methods (correlation analysis) to identify patterns in these timings. If a user consistently connects through the same guard/exit node pairs with predictable delays, it suggests they might be the same person.
4. De-anonymization: By correlating enough data points over time, an attacker can potentially link a user’s Tor traffic to their real IP address and activity.

Is DeepCorr a Complete De-Anonymization Tool?

No. Several factors limit its effectiveness:

• Tor Circuit Rotation: Tor regularly changes circuits, making long-term correlation harder. Frequent circuit rotation is a key defence.
• Network Variability: Internet latency and congestion introduce noise into the timing data, reducing accuracy.
• Guard Node Diversity: If users connect to different guard nodes frequently, it breaks the correlation chain.
• Exit Node Diversity: Similarly, using diverse exit nodes makes tracking more difficult.
• Hidden Services: DeepCorr is less effective against hidden services (onion sites) because traffic doesn’t flow through standard entry/exit points.

Mitigation Strategies for Tor Users

1. Use the Latest Tor Browser: Newer versions include improvements to circuit rotation and timing obfuscation.
2. Bridge Usage: Using bridges can obscure your initial connection, making it harder to identify guard nodes.
3. Obfsproxy/Meek: These pluggable transports disguise Tor traffic as normal web browsing, further complicating monitoring.
4. Avoid Long Sessions: Frequent restarts of Tor Browser and new identity requests reduce the amount of data an attacker can collect.
5. Consider VPNs (with caution): A VPN before connecting to Tor adds another layer of obfuscation but introduces trust issues with the VPN provider. Ensure your VPN doesn’t log connection times.

Mitigation Strategies for Tor Operators

1. Guard Node Diversity: Encourage users to connect to a wide range of guard nodes.
2. Exit Node Diversity: Maintain a diverse set of exit nodes.
3. Traffic Shaping: Introduce artificial delays in traffic flow to disrupt timing analysis (though this can impact performance).
4. Research and Development: Continue researching techniques to improve Tor’s anonymity guarantees and counter correlation attacks.

Checking Your Tor Circuit

You can check your current Tor circuit using the Tor Browser’s built-in tool:

about:circuits

This shows you the guard, middle relay, and exit node in use. Regularly changing circuits is a good practice.

Conclusion

DeepCorr represents a real threat to Tor anonymity, but it’s not an insurmountable one. By understanding its limitations and implementing appropriate mitigation strategies, both users and operators can significantly reduce the risk of de-anonymization. Ongoing research in cyber security is crucial for maintaining Tor’s effectiveness.