IMSI catcher (cell site simulator) and tor

If a tor circuit is built over LTE with the potential for cell site simulator interception, is the circuit still secure? What information could the dirtbox obtain? It would still be a completely encrypted connection, wouldn’t it?

I have a LTE modem whose connection gets broken only in a certain area (targeted geofense?). The modem gets hot in that location unlike in other locations. VPNs also get disrupted. Wifi is similarly vulnerable to rf interference. If those lengths are taken to interfere with an internet connection, why wouldn’t ethernet from a cable, fiber, or DSL router also be manipulable by hostile forces? Is the encryption math independent enough from the medium of connection?

The encryption does not care about the medium. RFI could be sign of DoS or could be something more mundane.

While the content should be safe, metadata/timing is another story and may be an issue given a powerful enough adversary:

I don’t believe in mundane. What is happening is an example of “wrong side of the tracks” digital redlining or prejudical profiling and discriminatory geofensing.

A cell site simulator is impersonating the legitimate cell tower and capturing the traffic. When tor is used over LTE, the connection remains encrypted but initializing metadata can be gathered. If the connection is to the legitimate ISP tower, why wouldn’t the ISP perform the same kind of disruptions on other towers in different geographical areas? I suppose someone could gain unauthorized access to a tower and launch attacks.

What I was wondering is if tor could be impersonated like a imposter/clone access point. If a handshake is sent out, for example, could someone with control over the access point pretend to be the tor network?

What they did first was sever VPN connections but continue the internet connection. Then I activated a kill switch so they would sever the VPN and then the internet connection would also be disconnected. Then I started using tor which they can’t sever like a VPN. But then they would just disconnect the internet connection. I can’t see why an ISP would do this, so I thought, well, maybe the cellular access point is being impersonated like wifi can be faked. Then I started wondering, if we can’t trust the medium of the connection, if wifi AP and cellular AP can be faked–and why not fake hardline also, redirected and rerouted by insider threats–then the connections built with encryption have to remain agnostic and independent of the source of the bandwidth. If the state and structure of the medium or infrastructure is controlled, how does the information propagated by that medium maintain its integrity, determine itself? You just have to hope that an adversary that can influence the medium/infrastructure is weaker than the cypher who is sending the message?

It shouldn’t matter if the entity that controls your Internet access (wireless or wired), whoever it may be, is an adversary for your Tor activity: they can either allow it, or not but they can’t alter it. It would matter if this entity controls enough of the Tor network to correlate the metadata it gathers from your connections to determine your Internet destination.

Not really, no. In the same way that someone who controls one of the many devices in the network path between Firefox and an HTTPS-enabled website can’t claim to be that website.

Exactly. If you control the VPN client and server, I don’t think anyone in the network path between them can do a man-in-the-middle attack without you knowing unless they’re privy to “useful” bugs in the software or have access to unknown (as of yet) weaknesses in the encryption protocols. They can “sever” the connection - your kill switch - but they can’t impersonate the VPN server.

From a mathematical point of view, in public-key cryptography, once I established a secure exchange of public keys with someone, I can exchange encrypted messages with them over any hostile medium and always be sure they’re who they are (authenticity and non-repudiability) and that the message was not decrypted (confidentiality) or altered (integrity). The (official) Tor Browser comes bundled with the public keys for the directory authorities which in turn control the relays you’re going to use.

Quality answers. Thanks. So forged cryptographic keys are highly unlikely.

Still, I know there are ways to degrade encrypted connections. For example, downgrades with upgrades. I have had tor browser updates that don’t work like they should. Security Level doesn’t block JS when it should, start page anomalies, etc. That must be done with the permission of the tor project?

Besides global adversaries that can correlate metadata, rootkits and trojans that can’t be detected or removed, connections must be interfered with via side-channel attacks. If all connections are not routed through tor and there are other ways in, then tor can get disrupted. Then again, I’ve had moderators on Debian forums say tor can be highjacked and it’s a “misconception” to think tor improves security. But every security oriented Linux OS I have seen depends heavily on tor. Tor+http sources - Security InRelease - Debian User Forums

What do you think about these advanced tor disruption possibiliites:
http://phabricator.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/T540

Tor doesn’t improve security in my opinion. Using more software in general adds to the complexity which is worse for security. Also, Tor exit nodes may well be malicious for all intents and purposes and should be treated as such.

That being said, Tor provides some level of privacy for my Internet connections routed through it.

The Tor Browser provides some better security and privacy defaults when compared to Firefox. But browsers in general are very complex and mostly compete on feature sets, not security. Also, by default, Tor Browser uses the most lax security level:

It makes sense if you think that most users want it to just work (most websites won’t break).

Linux distributions that value privacy and have good Tor integration, like Tails or Whonix, also take security seriously as are especially promoted to vulnerable people (like journalists or activists). But privacy already weighs heavily on usability, so when you add even more security on top, you get something like Qubes OS which is anything but popular for obvious reasons. I’m not suggesting that any other operating systems aren’t private/secure, nor that these are the best, just that it’s a spectrum and you may choose what suits your needs. For example, if I didn’t care anything about control or privacy, Chrome OS might be secure enough (or the latest stock iPhone or Pixel). I usually unlock/flash/jailbreak/root my devices “despite” making them more insecure because I value control/privacy over security, and because I know the stock security they provide is bundled with anti-user features that benefit only the “provider”.

From an OPSEC point of view, I try concentrating my efforts on covering weakest links, which Tor’s encryption isn’t in my opinion. My devices’ firmware, OS, myriad of applications, or the people using them are usually much easier to exploit.

Doesn’t improve the security of your attackers? What perspective are you taking? It is more difficult to hit a target you can’t track: thus the security of anonymity. But attacks can be hidden via anonymous covert channels. Still, with a full audit oversight always in place, that’s only security if your auditor/network admin has your best interests at heart and is not using security surveillance just to exploit you. If you will admit for privacy of the tor network, that should be the same as recognizing its personal security. Tor might not be security for oppressive regimes, admittedly.

Remember I said that I didn’t belive in the mundane? INL/another State-Fed or Nation State actor just removed my SIM pin from my cellular modem and then when I put an new pin on it, they changed the pin remotely so I can’t use my SIM anymore. That is not a mundane attack. The entire point of a lock is to deny access to unauthorized parties while allowing the owner entry which is the opposite of being locked out of your own system. That is not a simple attack. But they can’t change your soul hardware. The fight against totalitarianism must go on! I might hear your screams from Room 101, comrades!

I think you are over doing the paranoia a bit. Nobody cares about you enough to do anything unless you are a terrorist. Read the ToS of your mobile network and you will probably find a legitimate explanation for your SIM based issues.

Also: if you are worried to the extent you are displaying then its probably not good to publicly tell everybody about it. You won’t have to worry about corrupt security auditors when you’re broadcasting out to the entire globe.