/>
X

Tor Project teams up with researchers to toughen up Tor browser

The non-profit is going the extra mile to try and prevent the network being compromised again.
charlie-osborne.jpg
Written by Charlie Osborne, Contributor on
tor-research-exploit.jpg
Symantec

The Tor Project is working with researchers to harden the anonymising Tor network and prevent law enforcement or cyberattackers from being able to snoop on users.

The Tor network, also known as the onion router, is used by the privacy-conscious as well as activists, journalists and those seeking to avoid censorship restrictions worldwide. The network operates through nodes and relays which disguise the true IP addresses of users, and is one of the most stable ways out there to hide your digital footprint.

However, no solution is foolproof -- as US law enforcement showed when the FBI was able to compromise the network in order to track down Silk Road marketplace operators and users (despite evidence being thrown out of court for refusing to reveal how).

In order to prevent such a scenario happening again and maintaining the privacy of users, Tor is working with researchers from the University of California, Irvine, to create a hardened version of the Tor browser, used to access the onion router network.

In the paper "Securing the Tor Browser against De-anonymization Exploits" (.PDF), the team notes that "Selfrando" acts as an alternative to address space layout randomization (ASLR).

As noted by IBM's Security Intelligence, ASLR takes code and shifts the memory location to limit user exposure, but Selfrando improves on this system by increasing the granularity of code execution by separating each function and then randomizing the memory address.

This could potentially ramp up Tor's security dramatically and make it that much harder to break Tor. If cyberattackers and spies cannot predict where code will execute in memory, then memory corruption bugs -- which could compromise the network -- are rendered useless.

Selfrando's GitHub page states:

"Software written in C and C++ is exposed to exploitation of memory corruption. Inspired by biodiversity in nature and existing randomizing defenses, Selfrando varies the attack surface, i.e., the code layout, by randomizing each function separately.
This makes exploit writing harder and increases resilience to information leakage relative to traditional address space layout randomization (ASLR) techniques."

The latest alpha release of the Tor browser, 6.5a1, has been released with hardened elements and a range of fixes and improvements.

Essential smartphone, tablet apps for busy professionals

Related

How to stop spam messages on your iPhone with this almost-secret hidden switch
messages.jpg

How to stop spam messages on your iPhone with this almost-secret hidden switch

Security
The 5 best tiny houses of 2022: Modern tiny homes
Placeholder product image alt text

The 5 best tiny houses of 2022: Modern tiny homes

Home & Office
This hidden iPhone feature makes you sound better on calls
Control Center icon in macOS

This hidden iPhone feature makes you sound better on calls

iPhone