For the last 6 years a research has been completed, stating that 81% of the people who use a Tor proxy can easily be identified. These people can be identified by the Netflow technology that is used by Cisco. Cisco uses a router protocol suite and some other traffic analysis tools that make it easy to identify Tor users.
The leader of the researching group has been Professor Sambuddho Chakravarty. He is a man that has been involved for many years now with such studies, thus with studies that were involved with anonymity and privacy issues. The specific Professor who cooperates with the Cisco company has achieved to collect IP traffic and provides them to the network admin. In this way the researching group identifies the users.
The same protocol is used from other companies and other manufacturers too. The technique that Mr Chakravarty suggests has to do with traffic analysis through deviations on the server. One of their latest statements says: “We present an active traffic analysis method based on deliberately perturbing the characteristics of user traffic at the server side, and observing a similar perturbation at the client side through statistical correlation. We evaluate the accuracy of our method using both in-lab testing, as well as data gathered from a public Tor relay serving hundreds of users. Our method revealed the actual sources of anonymous traffic with 100% accuracy for the in-lab tests, and achieved an overall accuracy of about 81.4% for the real-world experiments, with an average false positive rate of 6.4.”
With this process they prove that Tor is really vulnerable to traffic analysis and it is definitely something that must concerns the users of Tor. Chakravarty actual words to his effort to explain the process are: “To achieve acceptable quality of service, [Tor attempts] to preserve packet interarrival characteristics, such as inter-packet delay. Consequently, a powerful adversary can mount traffic analysis attacks by observing similar traffic patterns at various points of the network, linking together otherwise unrelated network connections.”
In this study, it has been mentioned that some of the “victims” of this research were located in Belgium, in Greece and of course in the US. Unfortunately, these victims used different kinds of configurations and techniques that made them really vulnerable regarding their identification. Is small words these users have downloaded files which contained deviations in the TCP traffic and this action of them send a traffic pattern from the server to the exit node.
A Test of Two Parts
This kind of test was performed in two parts. The first part was performed in order to see and realize how effective the data retrieval from the Netflow packages. The second part was performed in order to be able to use sparse data that were included in the Cisco router.
The traffic analysis that was used in the specific study has not got any kind of enormous infrastructure because it relies on the high performance and the popularity of Tor. The only thing that the research group used is the free server of Tor and the Columbia University that host this effort.