Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Workshop Organizers
  • At a Glance
  • Workshop Program
  • Co-Located Workshops
  • Activities
    • Birds-of-a-Feather Sessions
  • Students and Grants
  • Sponsorship
  • Questions?
  • Help Promote!
  • For Participants
  • Calls for Papers
  • Past Workshops

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Security Audit of Safeplug "Tor in a Box"
Tweet

connect with us

http://twitter.com/usenixsecurity
http://www.usenix.org/facebook
http://www.usenix.org/linkedin
http://www.usenix.org/gplus
http://www.usenix.org/youtube

Security Audit of Safeplug "Tor in a Box"

Friday, July 25, 2014 - 9:30am
Authors: 

Anne Edmundson, Anna Kornfeld Simpson, Joshua A. Kroll, and Edward W. Felten, Princeton University

Abstract: 

We present the first public third-party security audit of Pogoplug’s Safeplug device, which markets “complete security and anonymity online” by using Tor technology to protect users’ IP addresses. We examine the hardware, software, and network behavior of the Safeplug device, as well as the user experience in comparison to other forms of web browsing. Although the Safeplug appears to use Tor as advertised, users may still be identified in ways they may not expect. Furthermore, an engineering vulnerability in how the Safeplug accepts settings changes would allow an adversary internal or external to a user’s home network to silently disable Tor or modify other Safeplug settings, which completely invalidates the security claims of the device. Beyond this problem, the user experience challenges of this type of device make it inferior to the existing gold standard for anonymous browsing: the Tor Browser Bundle.

Anne Edmundson, Princeton University

Anna Kornfeld Simpson, Princeton University

Joshua A. Kroll, Princeton University

Edward W. Felten, Princeton University

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {185065,
author = {Anne Edmundson and Anna Kornfeld Simpson and Joshua A. Kroll and Edward W. Felten},
title = {Security Audit of Safeplug "Tor in a Box"},
booktitle = {4th USENIX Workshop on Free and Open Communications on the Internet (FOCI 14)},
year = {2014},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/foci14/workshop-program/presentation/edmundson},
publisher = {USENIX Association},
month = aug,
}
Download
Edmundson PDF

Presentation Video 

Presentation Audio

MP3 Download

Download Audio

  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us