News
Selfrando improves the security of the Tor Browser
CRISP researchers are involved in the developement of Selfrando
An international research group has developed a new system to harden the Tor Browser for anonymous Internet access. The system could significantly improve the security of the Tor Browser.
Their defense, called "selfrando", strengthens the Tor Browser against attempts to hack and de-anonymize Tor users.
Tor users, such as activists, journalists, and whistleblowers, use the Tor Browser to preserve their anonymity online. Obviously the Tor Browser is an enticing target for hackers, including nation-states, attempting to de-anonymize and track Tor users. In the hardened Tor Browser series, the Tor Project is testing new defenses to proactively protect Tor users from attacks on their browser.
The most powerful attacks against browsers such as the Tor Browser aim to remotely exploit a victim using state-of-the-art techniques known as ?code reuse?. Essentially, an attacker pieces together bits of the target program into malware that controls the victim?s computer meaning that the attacker does not need to inject code to the victim?s machine at first place. Selfrando defends modern software against this class of exploits by randomizing the internals of the software. Without knowing these randomized details, an attacker has a much harder time constructing a reliable (code-reuse) attack.
Selfrando significantly increases security without sacrificing performance or compatibility. It does not require changes to software build tools or processes and adds less than 1% performance overhead. In practice, selfrando is completely unnoticeable to users while significantly increasing security.
The three scientists from TU Darmstadt involved in this project are Prof. Dr. Ahmad-Reza Sadeghi, CRISP-PI, Head of the System Security Lab and Director of Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU Darmstadt, Tommaso Frasetti, M. Sc., Christopher darling, M. Sc.
They will present their project in July at the Privacy Enhancing Technologies Symposium (PETS) during Security & Privacy Week in Darmstadt, Germany.
Paper ?Securing the Tor Browser against De-anonymization Exploits? (PDF)
Selfrando is available for use in other open-source projects at GitHub.
Article in German on ZDNet.de
show all news