Sign In

Communications of the ACM

ACM TechNews

Tor Project Says It Can Quickly Catch Spying Code


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A Tor logo.

Tor Browser lead developer Mike Perry says the Tor Project is working to enable its software to rapidly detect tampering to its network.

Credit: The Tor Project, Inc.

A Tor Project developer reports the project is enhancing its software to rapidly detect tampering to its network for the purpose of surveillance.

Tor Browser lead developer Mike Perry says the system is now being designed so many people can confirm if code has been revised and "eliminate single points of failure." He notes, "even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue. From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered."

Distributing a tampered Tor Browser without at least initially triggering security checks requires two cryptographic keys. The SSL/TLS secures the connection between a user and Tor Project servers, while the key employed to sign a software update is the other required component.

Perry says the keys are currently not accessible by the same people, and they also use different securing techniques.

From IDG News Service
View Full Article

 

Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


 

No entries found