Tor Browser Integrates Tool to Fend Off Deanonymization Exploits

[Exterminator]

At the start of June, the Tor Project introduced version 6.5a1 of the Tor Browser, but compared to previous releases, this one also included a "hardened" version.

According to a research paper published by nine researchers from the University of California, Irvine (UCI), this hardened version includes a new feature called Selfrando.

The researchers describe Selfrando as "an enhanced and practical load-time randomization technique." In layman's terms, Selfrando will prevent attacks aimed at deanonymizing Tor users.

Selfrando will help the Tor Project fight off the FBI's hacking
In the past years, the FBI has been very active in developing or paying others to develop exploits to use against Tor users, in order to unmask their real identities.

There have been many notorious cases where Tor exploits have been used, such as the SilkRoad marketplace and the Playpen child pornography portal.

While the FBI is justified to hack Tor users to unmask low-lifes, nobody knows if these exploits have been used for other purposes. The secrecy that masks how these exploits have been developed and used by US officials is scaring privacy groups and the Tor Project itself.

Selfrando, an alternative to ASLR
In the past months, the Tor Project and the UCI researchers have collaborated to create Selfrando, an alternative to ASLR (Address Space Layout Randomization).

While ASLR takes code and shifts the memory location in which it runs, Selfrando works by taking each code function separately and randomizing the memory address at which it runs.

If the attacker cannot predict the memory position at which pieces of code execute, then they cannot trigger memory corruption bugs that usually allow them to run rogue code inside the Tor Browser.

Selfrando vs. ASLR
"Binaries built with selfrando are all identical on-disk because the code layout is not randomized until it is loaded into main memory," the researchers explain.

Selfrando only adds a 1% performance dip
If randomizing code when loading it into memory sounds like a performance dip, it's not. Researchers say benchmarks show that Tor Browsers with Selfrando (hardened versions) add less than 1% overhead to running times.

Also good news is that Selfrando doesn't need developers to make too many changes to existing code. "No changes to build tools or processes are required," the researchers add. "In most cases, using selfrando is as easy as adding a new compiler and linker flags to your existing build scripts."

For more information on the Selfrando project, check out the GitHub repo and the Selfrando: Securing the Tor Browser against De-anonymization Exploits research paper, set to be presented at the Privacy Enhancing Technologies Symposium next month.

Other projects are welcome to integrate Selfrando in their code because the project has been open-sourced under the GNU Affero General Public License (AGPL).