Selfrando: a technique that secures Tor Browser against unmasking exploits

TOR tries to resist to FBI attacks with a new project


Apparently, the FBI seem capable to discover real address of the users of the Tor Network, and many experts are trying to win legal battles to force FBI to confess as to how they’re doing it:

In 2013, the FBI compromised a number of servers used by Tor hidden services and used them to serve an exploit to de-anonymize users of the Tor network. When the user visited one of the booby-trapped pages in Tor Browser, the exploit abused an use-after-free vulnerability of Firefox in order to enable arbitrary code execution . 
The main payload of the exploit collected the MAC address and the host name from the victim machine and sent the data to an attacker-controlled web server, bypassing Tor. 
That message also included a unique ID provided by the booby-trapped page in order to correlate a specific user to a specific visit. 
The attacker then knew the public IP address, MAC address and host name of every user that visited the boobytrapped page.

Meantime, a team of researchers have come up with a technique called Selfrando they believe defends against such kind of attacks.


How it works?

Probably the attacks are realized exploiting memory corruption: these attacks reuse existing, legitimate code in memory for malicious purposes and have therefore proven far harder to stop than code injection.

Return-into-libc (RILC) attacks, for example, arrange the stack contents
so the attacker can call dangerous functions inside the
C library with attacker-controlled arguments

Selfrando is designed to work alongside existing technologies in the Tor Browser that protect against memory-corruption attacks, such as Address Space Layout Randomization (ASLR).

ASLR randomizes where executables will loaded into memory, in theory making it difficult for attackers determine where to point attacks.


Selfrando preserves the same features of ASLR but improves security with a load-time randomization technique that makes it impossible for attackers to observe binaries during download or after they’re on the disk


The original paper

https://www.ics.uci.edu/~perl/pets16_selfrando.pdf

Comments