Scientists use Cisco Netflow to identify Tor users

Computer scientists have uncovered a way of identifying around 80 per cent of the people using anonymous web browsing network Tor.

Sambuddho Chakravarty, along with several others, have published research demonstrating how the Netflow technology contained in Cisco routers can be used to monitor internet traffic sent via Tor.

More than half a million people use Tor to allow them to operate anonymously on the web, according to the researchers.

It works by effectively scrambling web traffic patterns by relaying user-generated transmission control protocol (TCP) streams through a network of overlay nodes, allowing the source and destination of the traffic to be hidden.

"The main objective of our attack is to determine the source of anonymous connection arriving to a server using NetFlow data, available easily from network operators," the research paper states.

"Overall, we gathered a total of 90 measurement and in 71 of those we were able to correctly identify the victim flow," it continues, which equates to a successful identification rate of 80 per cent.

The researchers also revealed that when performing the test in controlled environments, free from external network congestion, they could use this technique to accurately identify the source of traffic with 100 per cent accuracy.

"In experiments that involved data from public Tor relays, using both open source Netflow emulation packages and our institutional Cisco router that monitored traffic using [the] Netflow framework, we were able to correctly identify the source of anonymous traffic in about 81.4 per cent of cases, with about 6.4 per cent false positives," the report concluded.