The developers behind one of the most secure browsers around, the Tor Project, have just increased the security of its onion sites against cyberattacks.
Onion services are sites that can be accessed only by using the Tor browser. However, while seeking to maximize users’ privacy online, their technical design has also made these more vulnerable to DoS (denial-of-service) attacks.
That’s why the team added its latest version a new proof-of-work (PoW) defense to prioritize verified network traffic and deter attackers. Let’s see how this works in practice.
Proof-of-Work defense for onion services
As the provider explains in a blog post, “Tor’s PoW defense is a dynamic and reactive mechanism, remaining dormant under normal use conditions to ensure a seamless user experience, but when an onion service is under stress, the mechanism will prompt incoming client connections to perform a number of successively more complex operations. The onion service will then prioritize these connections based on the effort level demonstrated by the client.”
The need for such an additional tool comes from the fact that when an IP address gets obfuscated, connections are more likely to be seen as illegitimate. This makes DoS attackers’ duties, whose aim is making a machine or network inaccessible, even easier to accomplish.
This is why the Tor Project team devised a PoW mechanism involving a client puzzle to prevent DoS attacks from happening, without affecting user privacy. Simply put, it “blocks attackers while giving real users a chance to reach their destination.”
This process acts as a ticket system which is turned off by default and gets triggered when it reveals some stress on the network. For attackers, who make a huge number of connection attempts to an onion service, this means a way greater computational effort. While users will barely notice such a process most of the time.
This past year, we worked hard to mitigate attacks on our network & enhancing our defense for onion services. 🛡️💪Today, we released a PoW defense designed to prioritize verified network traffic as a deterrent against DoS attacks. See how it works: https://t.co/svT8EVYhhHAugust 23, 2023
The Tor team believes the tool will discourage bad actors by making large-scale attacks more expensive and impractical. That’s mainly because the Tor PoW will give priority to traffic verified as legitimate.
Even better, Tor promises that performance will benefit from the new tool as well: “The introduction of Tor’s PoW defense not only positions onion services among the few communication protocols with built-in DoS protections but also when adopted by major sites, promises to reduce the negative impact of targeted attacks on network speeds.
The dynamic nature of this system helps balance the load during sudden surges in traffic ensuring more consistent and reliable access to onion services.” All onion sites are then encouraged to upgrade to version 0.4.8. right away to be sure of delivering users the safest possible service.