Tor browser developers are looking for a way to use “anonymous tokens” to stop denial-of-service (DoS) attacks, one of the biggest issues afflicting users on this network. Although it is one of the main anonymous browsing options, Tor’s intrinsic features make it highly susceptible to this attack variant.
This idea was raised a few months ago, as the developers felt that they could identify normal traffic and malicious traffic, as well as prevent the implementation of user accounts.
At a recent remote event, Tor’s team endorsed their interest in developing this technology: “Tor does not use the concept of memory. This network does not track its users in any way, does not use cookies or anything like that; this seems to cause some problems,” says George Kadianakis, a member of Tor’s developer team, in reference to the cause of these attacks.
This network is really vulnerable to these attacks due to its focus on anonymity, because unlike conventional networks, Tor does not link identity to a user account and therefore cannot differentiate between legitimate traffic and malicious traffic. In addition, the process of connecting to Tor consumes large system resources, making it easier to deploy a DoS attack.
The developer mentions that these tokens could be included in user traffic requests, which would allow websites in Tor to prioritize the requests to which they will respond. Kadianakis believes that the onion service could issue these tokens and put them in the hands of trusted users, strengthening joint work for network maintenance.
The developer also mentions that these tokens could be used to design a secure naming system so that users can register names using their own tickets, which would help site owners in Tor reach new audiences: “We will continue to focus on investigating methods to limit the number of security incidents; In addition to privacy, Tor will become a cyberattack-free network,” Kadianakis concludes.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.