Security and anonymity vulnerabilities in Tor: past, present, and future

Presented at DEF CON 16 (2008), Aug. 8, 2008, noon (50 minutes).

There have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric --- and increasingly effective! --- attacks against all anonymity designs, including Tor. Roger will walk through some of the most egregious bugs and design flaws we've had, and give some intuition about lessons learned building and deploying the largest distributed anonymity network ever. Then he'll outline the wide variety of current vulnerabilities we have, explain what they mean for our users, and talk about which ones we have a plan for and which ones will continue to be a pain for the coming years. Last, we'll speculate about categories and topics that are likely to introduce new problems in the future.

Presenters:

  • Roger Dingledine - Project leader, The Tor Project
    Roger Dingledine is project leader for The Tor Project. The Tor network has grown to over 1500 relays handling traffic for hundreds of thousands of users daily. In the past few years The Tor Project has also gotten an increasingly diverse set of funders, become an official 501c3 nonprofit, and expanded its community of both volunteer and funded developers. In addition to all the hats he wears for Tor, Roger organizes academic conferences on anonymity and security, speaks at industry and hacker cons, and does tutorials on anonymity for national and foreign law enforcement.

Links:

Similar Presentations: