According to security researchers Rob Jansen from the U.S. Naval Research Laboratory, and Tavish Vaidya and Micah Sherr from Georgetown University, launching denial-of-service (
For a modest sum, threat actors could target Tor bridges saturating their resources and causing significant degradation of network performance.
In a research paper presented at the 2019 USENIX Security Symposium, the experts explained that targeting the entire Tor network with a
“First, we explore an attack against Tor’s most commonly used default bridges (for censorship circumvention) and estimate that flooding those that are operational would cost $17K/
The experts estimate that the total link capacity across the Tor network ranged from 429 to 575 Gbit/s over the year; for their research, the experts used the average of 512.73 Gbit/s this means that the attacker would spend around $10,000 per hour to use a
An attack on Tor’s most commonly used default bridges and flooding them would only cost around $17,000 per month, in this way the attackers could reduce client throughput by 44% and more than double bridge maintenance costs.
An attack aimed at all scanners in the Tor Flow bandwidth measurement system would cost $2,800 per month and reduce the median client download rate by 80%.
The expert discovered that threat actors could use Tor to congest itself and such kind of attack would cost $1,600 per month, resulting in the median client download time increasing by 47%.
In order to examine the performance of the network’s bridges the experts focused on 25 default bridges that use obfs4 obfuscation protocol2, because most of Tor bridge use default bridges and obfs4.
“To test their performance, we use a modified version of Tor to download a 6 MiB file through each bridge. Surprisingly, we find that only 48% (12/25) of the obfs4 default bridges included in Tor Browser Bundle (TBB) are operational.” continues the experts. “The Tor Browser Bundle (TBB) includes a set of 38 hard-coded default bridges (as of version 8.0.3). Users who cannot directly access Tor relays can configure TBB to connect via one of these default bridges “
To compare against the performance of unlisted bridges, the experts requested 135 unlisted obfs4 bridges from the Tor Project’s bridge authority via its web and email interfaces. 95 of the acquired unlisted bridges were found to be functional.
The researchers estimate that the costs to launch a
Experts explained that considering that 90% of bridge traffic passes through default bridges, forcing it to unlisted bridges could have a significant impact on network performance.
The study also compared the presented attack scenarios with launching a Sybil DoS attack, where the adversary could run Sybil relays and then arbitrarily degrade traffic performance or deny service by dropping circuits, or de-anonymize users by observing both the entry and exit points in a vulnerable circuit, and concludes that attacks on Tor bridges are more flexible and less expensive.
“On the positive side, we find that Tor’s growth has made it more resilient at least
Further technical details on the attack techniques are reported in the interesting analysis published by the experts
(SecurityAffairs – Tor