Cryptography vs. Cryptanalysis: Black Hat Talk on Hacking Tor Pulled from Conference

Historians of cryptology often describe the development of the discipline of "secret writing" in terms of a dialectic between cryptography and cryptanalysis, that is, between code makers and code breakers.  Cryptographers seek to create ever more indecipherable encryption schemes and cryptanalysts seek to break them.  An article on the cancellation of a Black Hat conference talk on the Tor privacy service from Reuters provides us with an interesting glimpse of how this tension is currently playing out among hackers and security researchers within the US government.  From Reuters, on the cancelled talk:

A highly anticipated talk on how to identify users of the Internet privacy service Tor was withdrawn from the upcoming Black Hat security conference, a spokeswoman for the event said on Monday.

The talk was canceled at the request of attorneys for Carnegie Mellon University in Pittsburgh, where the speakers work as researchers, the spokeswoman, Meredith Corley, told Reuters . . . a Carnegie Mellon attorney informed Black Hat that one of the speakers could not give the Tor talk because the materials he would discuss have not been approved for public release by the university or the Software Engineering Institute (SEI). . . .

Its abstract, titled "You don't have to be the NSA to Break Tor: De-Anonymizing Users on a Budget," had attracted attention within the security and privacy communities. The abstract had been published on Black Hat's website but has since been removed.

While the media often identify Tor as the preferred browser of child pornographers, criminal cartels and terrorist groups they often fail to note that it was actually originally developed by US government researchers. Or perhaps their implication is that the US government naturally falls under one of those umbrella terms? Whatever the case may be in that regard, the Reuters article hints at the state of the arms race between US government cryptographers and cryptanalysts. Another excerpt:

The U.S. government funded the creation and much of the operation of Tor as a communications tool for dissidents in repressive countries. But Tor has frustrated the U.S. National Security Agency for years, according to documents released by former agency contractor Edward Snowden.

That revelation has helped increase adoption by those seeking privacy for political reasons, as well as criminals, researchers say. 

Some criminal suspects on Tor have been unmasked by the U.S. Federal Bureau of Investigation and other law enforcement or intelligence agencies using a variety of techniques, including tampering with software often used alongside Tor.

Check out the EFF for more information on Tor.