Thursday, March 16, 2017

Research Claims: The Dark Net Is Less Vulnerable To Hacking Attacks

The dark web is a part of the internet, which provides and maintains anonymity to its users. People can use this privacy to either illegal and legal ways. For example, in countries where freedom of speech is oppressed, or the media is censored, the citizens can use the Tor browser to connect to the dark web and anonymously browse the internet without legal consequences. In some countries, for instance, Facebook is banned, and people can only connect to the social media platform using the Tor browser. However, the dark web is mostly known for illegal activities. Cybercriminals often exchange sensitive information, including stolen banking and credit card details, narcotics, weapons, and child pornography material on the dark side of the internet.

Since the illegal nature of some websites on the dark net, they are often attacked by both rival hackers and law enforcement. Recently, Manlio De Domenico and Alex Arenas, from the department of Computer Engineering and Mathematics of the University Rovira i Virgili (URV), conducted a research regarding attacks against dark net sites. According to them, websites there are harder to attack than the ones on the clearnet (the normal part of the internet).

The two researchers explained in an article published in the journal Physical Review E that the dark net is practically impenetrable because of its unique topology. The dark web is characterized by a non-homogenous distribution of connections, established in very short paths with a high level of clusterings or clusters, as well as by a lack of highly connected nodes. This structure differs significantly from the rest of the internet.

On the current figure, the researchers modelled the structure of the dark web in 2015. The degree distribution obtained from an ensemble of 50 random realizations of the model is compared against the empirical distribution.

De Domenico and Arenas used the data of the Internet Research Lab of the University of California, Los Angeles. They quantified the resilience (ability to recover or adapt) of the dark web using network analysis.

“While the statistical and resilience properties of the Internet are no longer changing significantly across time, the Darknet still experiences rapid changes to improve the security of its users,” the researchers’ article goes by. “Here we study the structure of the Darknet and find that its topology is rather peculiar, being characterized by a nonhomogeneous distribution of connections, typical of scale-free networks; very short path lengths and high clustering, typical of small-world networks; and lack of a core of highly connected nodes.”

On the below figure, De Domenico and Arenas drew the rich club structure of the dark web in 2015. The ratio between the rich-club coefficient calculated for the empirical networks and its random expectation is plotted as a function of the degree threshold. 

De Domenico and Arenas simulated how the dark web would respond to three types of alterations: attacks targeting a specific node causing some nodes to randomly fail, and attacks attempting to trigger a cascade of errors that propagate through the network. The researcher duo discovered, to cause a major disturbance, it is necessary to attack various nodes of the dark net four times more than it would be on the normal part of the internet. Additionally, cascading attacks across different nodes could be easily fixed by adding more capacity to the network.

According to the authors, this resilience is a feature of the more decentralized topology emerging spontaneously from the protocol of the “onion layer path”. The rest of the internet is more heterogeneous.

The dark web could be more protected against hacker attacks than the normal internet, however, the Tor network’s biggest fear is correlation attacks. This type of breach is a favored technique of governmental agencies against illicit sites on the dark net. The method includes the exploitation of human errors as well as mathematical calculation. In a correlation attack, the attacker controlling the first and last router in a Tor circuit can use timing data properties to correlate streams observed at the routers to break Tor’s anonymity. Since the technique only uses math and statistics (not exploiting any bug) to attacks the logic of the Tor network, there is no fix that could be used to prevent such attacks. Bay...RI 01