Communications of the ACM
Tor Project Says It Can Quickly Catch Spying Code
Tor Browser lead developer Mike Perry says the Tor Project is working to enable its software to rapidly detect tampering to its network.
Credit: The Tor Project, Inc.
A Tor Project developer reports the project is enhancing its software to rapidly detect tampering to its network for the purpose of surveillance.
Tor Browser lead developer Mike Perry says the system is now being designed so many people can confirm if code has been revised and "eliminate single points of failure." He notes, "even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue. From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered."
Distributing a tampered Tor Browser without at least initially triggering security checks requires two cryptographic keys. The SSL/TLS secures the connection between a user and Tor Project servers, while the key employed to sign a software update is the other required component.
Perry says the keys are currently not accessible by the same people, and they also use different securing techniques.
From IDG News Service
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found