Some people claim that Tor users can be deanonymized through BGP routing attacks. Are there any preventive measures?
Video link: https://youtu.be/XDsLDhKG8Cs?si=tf-D5me38c0-VmBt
Hi. The kind of attack you’re talking about is called RAPTOR – Routing Attacks On Privacy in Tor. Several - very - interesting papers have been written about it. I have to admit I have only skimmed these and yet have to study them more thoroughly. I’ll give my 2 cents but keep in mind I am no expert and I am not (an official) member of the Tor Project team.
Can Tor traffic be deanonymized by leveraging RAPTOR? Yes. Is this a vulnerability in Tor? No!
RAPTOR is a subset of BGP (Border Gateway Protocol) hijacking. BGP is a protocol as old as the internet itself used to route traffic between ISPs and crucial for keeping the global internet running as we know it. Thanks to BGP you can stream Netflix movies in your homecountry all the way from the American servers.
Despite being essential, BGP by default lacks many security and validation mechanisms – AFAIK, it actually contains absolutely no security mechanisms. Resulting in ALL PUBLICLY ACCESSIBLE INFRASTRUCTURE being susceptible to this type of attack. Banking systems, payment providers, corporate networks, government infrastructure, and yes also Tor.
I fear the Tor Project can’t solve this issue, because it exploits the basic workings of the internet, and traffic is intercepted even before it was able to reach the Tor network.
However, there is also a paper [Counter-RAPTOR - IEEE Xplore] suggesting monitoring mechanisms and a new algorithm for more resilient guard relay selection – which would strengthen the Tor network against these type of attacks. I am sure the Tor Project is internally considering implementing this, but it might take a long time due to the complexity.
Currently the operators of the large networks back-boning the internet (Autonomous Systems) are also implementing mechanisms like RPKI (Resource Public Key Infrastructure) and BGPSec which would massively improve the security of the Border Gateway Protocol and almost completely mitigate the possibility for BGP hijacking.
You can use the Cloudflare website IsBGPSafeYet.com to check if your ISP implements RPKI (Note: RPKI alone doesn’t protect your traffic against all BGP hijacking techniques). Cloudflare also has a lot of interesting articles explaining BGP (hijacking) very well.
TL;DR: So yes, in theory Tor traffic could be deanonymized at this time, but slow and small steps are taken to reduce this risk and finally mitigate it. BGP hijacking also requires a lot of resources and can only be done by state actors.
4 Likes
I never knew Cloudflare provided that website, thank you so much!
2 Likes