Tor Users Now Offered New Defenses


Researchers from TU Darmstadt collaborated with the University of California Irvine in order to successfully create a new protection for the users of Tor. What they have called “Selfrando” makes the Tor Browser stronger against hack attempts as well as attempts to de-anonymize the users of the service.

CYSESC researchers Tommaso Frassetto, Christopher Liebchen and Ahmad-Reza Sadeghi collaborated with Immunant, Inc., University of California Irvine and the Tor Project to integrate new software security research into the hardened version of the Tor Browser. Their defense, known as “Selfrando”, works to strengthen the Tor Browser and offers much greater protection for all of its users.

Tor users include activists, journalists and whistleblowers that use the Tor Browser to preserve their anonymity while on the World Wide Web to report the latest and most shocking news. These people want to stay unknown, as their mere goal is to offer information to people who they believe deserve it. They do not post to be known or get famous for the information they obtain. Because of this, the Tor Browser constantly has a very large target on its back. Hackers include nation-states that often attempt to leak information about the people who are posting on the browser. Within the hardened Tor Browser series, the Tor Project is testing out new types of defenses in order to proactively protect Tor users from attacks on their browsers.

Common ASLR moves the full code of the application as a single block to a different sector of memory. Selfrando randomly reorganizes the code in a fine-grained fashion each time the application is launched. (Image credit: Technische Universitat Darmstadt)

The most powerful attacks against browsers such as Tor Browser have the goal of remotely exploiting a victim by using state of the art techniques that many know as “code reuse”. Basically, the attacker pieces together bits of the target program into malware that is able to control the computer of the person being targeted. The hacker does not need to inject code into the victim’s machine to begin the process.

Selfrando defends modern software against this class of exploits by randomizing the internals of the software. Hackers do not have any way of knowing these randomized details, making it much more difficult for an attacker to construct a reliable code-reuse attack.

What is so great about the Selfrando defense is that is not only significantly increases security, but at the same time does not limit performance or compatibility. The new technique does not require software build tools to change their processes and even adds less than 1% performance overhead. Selfrando is completely unnoticeable to users while offering them a drastically safer browsing experience. This is a great addition to the service because when users feel safer, they are much more likely to post the things they want to share. Better security for the service is expected to bring more users who had previously feared sharing information and being found out, which depending on what they are reporting could be dangerous to not only the individuals themselves but also their families.

Full copy of the research paper is available here.