Skip to main content

Security Audit of Safeplug "Tor in a Box"

Author(s): Edmundson, Anne; Simpson, Anna K; Kroll, Joshua A; Felten, Edward W

Download
To refer to this page use: http://arks.princeton.edu/ark:/88435/pr1pv8d
Full metadata record
DC FieldValueLanguage
dc.contributor.authorEdmundson, Anne-
dc.contributor.authorSimpson, Anna K-
dc.contributor.authorKroll, Joshua A-
dc.contributor.authorFelten, Edward W-
dc.date.accessioned2021-10-08T19:50:43Z-
dc.date.available2021-10-08T19:50:43Z-
dc.date.issued2014en_US
dc.identifier.citationEdmundson, Anne, Anna Kornfeld Simpson, Joshua A. Kroll, and Edward W. Felten. "Security Audit of Safeplug 'Tor in a Box.'" In 4th USENIX Workshop on Free and Open Communications on the Internet (2014).en_US
dc.identifier.urihttps://www.usenix.org/system/files/conference/foci14/foci14-edmundson.pdf-
dc.identifier.urihttp://arks.princeton.edu/ark:/88435/pr1pv8d-
dc.description.abstractWe present the first public third-party security audit of Pogoplug’s Safeplug device, which markets “complete security and anonymity online” by using Tor technology to protect users’ IP addresses. We examine the hardware, software, and network behavior of the Safeplug device, as well as the user experience in comparison to other forms of web browsing. Although the Safeplug appears to use Tor as advertised, users may still be identified in ways they may not expect. Furthermore, an engineering vulnerability in how the Safeplug accepts settings changes would allow an adversary internal or external to a user’s home network to silently disable Tor or modify other Safeplug settings, which completely invalidates the security claims of the device. Beyond this problem, the user experience challenges of this type of device make it inferior to the existing gold standard for anonymous browsing: the Tor Browser Bundle.en_US
dc.language.isoen_USen_US
dc.relation.ispartof4th USENIX Workshop on Free and Open Communications on the Interneten_US
dc.rightsFinal published version. This is an open access article.en_US
dc.titleSecurity Audit of Safeplug "Tor in a Box"en_US
dc.typeConference Articleen_US
pu.type.symplectichttp://www.symplectic.co.uk/publications/atom-terms/1.0/conference-proceedingen_US

Files in This Item:
File Description SizeFormat 
SecurityAudit.pdf357.31 kBAdobe PDFView/Download


Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.