Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L
|
|
- Ernest Barnett
- 5 years ago
- Views:
Transcription
1 Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L
2 Tor: The Second- Generation Onion Router R. DINGLEDINE N. MATHEWSON P. SYVERSON
3 So, what is Onion-Routing? A technique for Anonymous communication over a computer network. Encrypting a message like an onion(??) What is Anonymity? Maintaining (real-world) identity hidden while using web services.
4 Anonymity Systems Chaum s Mix-Net Design Hiding correspondence between sender and receiver by wrapping messages in layers of public key encryption These messages would traverse a series of mixes enroute to the receiver Mixes decrypt, delay and re-order messages before passing the onward High Latency = More Security Max Anonymity ->Large Latencies Network Resist on Global Adversaries Too much lag for some TCP apps Low Latency = Less Security (Tor) Time dependent packets Bidirectional protocols Time dependency is a concern
5 Why Tor? Perfect forward secrecy Recording of traffic -> Telescoping path-building design Separation of protocol cleaning from anonymity Original routing required separate application proxy -> Tor uses Standard SOCKS proxy Many TCP streams can share one circuit Separate circuits for each TCP app -> Tor multiplexes multiple TCP streams. Leaky-pipe circuit topology Tor initiators can direct traffic nodes partway down circuit Congestion control End-to-end ACKs -> maintain anonymity while allowing edge nodes to detect congestion or flooding
6 Why Tor? Directory servers Tor uses trusted nodes as Directory Servers to provide network state Variable exit policies Provides a mechanism to advertise policies, describing hosts and ports a node connects End-to-end integrity checking No integrity checking -> Tor verifies data integrity before it leaves Rendezvous points and hidden services Tor clients negotiate rendezvous points to connect to hidden servers
7 Tor Design: Goals & Non-Goals Goals Deployability: 1. Not expensive to run 2. No heavy liability on operators 3. Not be difficult or expensive to implement 4. Not require non-anonymous parties Usability: (More users -> More security Thus,) 1. Not require modifying familiar application 2. Not introduce prohibitive delays 3. Few configuration decisions as possible 4. Easily implementable on all common platforms Flexibility: 1. Tor serve as a test-bed for future research 2. Future systems will not need to reinvent Tor s design Simple Design: 1. Design and security must be well understood 2. Aim to deploy a simple and stable system that integrates the best accepted approaches to protecting anonymity
8 Tor Design: Goals & Non-Goals Non - Goals Not peer-to-peer: Decentralizing peer-to-peer environment with thousands of short-lived severs that may be controlled by adversaries. Not secured against end-to-end attacks No protocol normalization: Tor has to be layered with filtering proxy to get anonymity while using complex and variable protocols like HTTP. Not steganographic: No conceal on who is connected to the network.
9 The Tor Design Each user runs local software called Onion Proxy(OP) that is responsible for Fetching OR directories, establishing circuits, handling connections from applications Onion router (OR) keys: Long-term identity key: signs TLS certificates, OR descriptors and directories if applicable Short-term onion key: used with circuit establishment requests Short-term TLS Key: link level between ORs
10 The Tor Design: Cells Traffic passes along in fixed-size cells of 512 bytes. Two kind of cells: Control and Relay CircID: Which circuit the cell refers to. Control commands(cmd): Padding (keepalive) Create/ed (set up a circuit) Destroy (tear down a circuit) Relay Cells have additional header: streamid, end-to-end checksum for integrity checking, length of the relay payload, and a relay command Relay commands: Relay data, relay begin, relay end, relay teardown, relay connected, relay extend/ed, relay truncate/ed, relay sendme, relay drop
11 The Tor Design: Circuits and Streams
12 The Tor Design: Leaky-Pipe Circuits
13 The Tor Design: Integrity Checking Check Integrity at the edges of each stream Initial SHA-1 digest set at the time of key negotiation as a derivative of negotiated key Digest added incrementally to all relay cells exchanged First 4 bytes of current digest added to each cell Digest is encrypted as part of the relay header
14 The Tor Design: Rate Limiting & Fairness Volunteers are more willing to run services that can limit their bandwidth usage (token byte approach) Limit number of incoming bytes not to overwhelm volunteer ORs Preferential treatment of interactive streams Preferential treatment presents a possible end-to-end attack
15 The Tor Design: Congestion Control Needed in addition to bandwidth rate limiting to prevent circuit congestion Additional to TCP congestion control Two-fold congestion control: Circuit-level throttling & Stream-level throttling Packaging: tracks number of cells packaged by the OR and directed towards the OP Delivery: tracks number of cells OR is willing to deliver outside the network Each window is initialized to maximum allowable value of When a certain block of cells (100) is packaged or delivered, the window size is decremented The OR sends a relay sendme towards the client s OP The receiving OR increments its window size by the block size (100 in this case)
16 The Tor Design: Congestion Control
17 Rendezvous Points & Hidden Services The server advertises a set of ORs as introduction points (IP) The client chooses an OR as a rendezvous point (RP) and builds a circuit to it The client contacts one of service provider s IP and informs it of its RP If the service provider wants to respond to the client, it builds a circuit to the client s RP The RP connects the client s circuit to the service provider s circuit The client send a relay begin cell to the service provider over the established circuit..and they communicate as explained before
18 Exit Policies & Abuse Anonymity permits abusers to hide the origins of their activity Attackers can implicate exit nodes for their abuse Tor allows each OR to specify an exit policy that describes which external addresses and ports it will connect Open exit nodes will connect to anywhere Middleman nodes only relay traffic to other Tor nodes Private exit nodes only connect to a local host or network Restricted exit nodes prevent access to abuse-prone addresses and services
19 Directory Servers Directories in Tor are a small group of redundant well-known onion routers to track changes in the topology of the network and the node state Each directory acts as an HTTP server, clients fetch network info ORs post signed statements to the directories They must be synchronized Tor assumes that a threshold of participants agree on the set of directory servers with human administrators resolving problems when consensus cannot be reached
20 Attacks: Passive Observing User traffic patterns Traffic patterns Yes, Destination or Data No Observing User Content: To responders may not be encrypted Option distinguishability: Clients choose if they want to rotate circuits more often to avoid traceability End-to-End timing correlation: Minimally hides such correlations End-to-End size correlation: Just like timing Website Fingerprinting: Build a database of Fingerprints for a website and use that info to confirm a user s connection
21 Attacks: Active Compromise Keys Iterated compromise: Adversary has to complete this attack within the lifetime of the circuit. Run a recipient Run an onion proxy: Compromising an onion proxy DoS non observed nodes: Observer DoSes non-observed nodes so that nodes he observes become more busy Run a Hostile OR Tagging attacks Integrity checks prevent this attack
22 Attacks: Active Replace contents of unauthenticated protocols: Prefer protocols with End-to-End authentication Replay Attack: Replaying one side of the handshake will result in a different negotiated session key Smear Attack: Use the Tor network for socially disapproved acts. Exit policies Distribute Hostile Node: Running subverted Tor software Signing all Tor releases with official public key
23 Attacks: Directory Destroy directory servers: Other directory servers will decide a valid directory Subvert a directory server: Majority of votes to reach decision Subvert a majority of directory servers: Oh well Encourage directory server dissent: Fight of the directories. Tor does not address this attack Trick the directory servers into listing a hostile OR Operators will filter out most hostiles ORs Convince the directory that a malfunctioning OR is working Directory servers assume that an OR is running correctly if they can start a TLS connection to it.
24 Attacks: Rendezvous Points Make many introduction requests: Attacker floods Bob s IP. Block requests that lack authorization tokens Attack an IP: Simply re-advertise new. Compromise an IP: Flood Bob with introduction requests or prevent valid ones. Close circuit or periodically send rendezvous requests Compromise a RP: Encrypted
25 Tor in the wild (of 2004) 32 Nodes Each node has at least 768Kb/768Kb connection Several companies have taken use of Tor Processed 800,000 relay cells per week
26 Conclusions When designing anonymity preserving systems, the main challenge is striking balance between scalability, decentralization and privacy Tor adds several enhancements to the original Onion Routing system, but there are still many open issues, vulnerabilities and areas of future work More information is needed about the selection of volunteer ORs and circuit establishment.
27 Low-Cost Traffic Analysis of Tor STEVEN MURDOCH GEORGE DANEZIS
28 What is this paper about? Attack on Tor, using Tor itself. Traffic Analysis attack as we discussed earlier and linkability.
29 Traffic Analysis on Tor Using the ability to route over Tor a modest adversary can still detect the path that target connections are using. Due to the low-latency design, Tor does not use any batching strategy. This means that the load on a Tor node affects the latency of all connection streams through that node.
30 The Attack Setup Adversary controls a network server and a corrupt Tor node The victim uses this network server through the Tor network. The corrupt server sends short bursts of data to the user.
31 The Attack Setup Goal: Identify which nodes are carrying the traffic with the pattern For each node, they performed a test where the stream went through the target node and one where it s not. Obviously for this to be a success, the traffic modulation and probe latency in the first case should be higher than the second one. If this is not the case, then either the stream was not affected (false negatives) or echos of the victim stream and affected the probe stream (false positives) The was done on a Debian GNU/Linux 3.0 using Tor OR was setup to be a client only that chooses routes of 1 The corrupt server was simulated by a TCP server that sent pseudorandom generated data for random time periods.
32 Results
33 Results
34 Discussion Timing characteristics of streams are not substantially altered is no surprise. Tor s low latency is a requirement. Interference in timing might be a good solution. Perfect-interference: The output streams all have the same shape, or a random one. BUT, Latency++. Non-interference: Difficult to implement. But will be easier for adversaries Linkability: A variant of this attack can be used to determine if two streams belong to the same initiator. Also more nodes!= Better Anonymity
35 Variants of the Attacks Detect the effects on request sent from the initiator when modulating traffic into a loop. Alternatively the adversary can probe all nodes and observe the result. This test can be used to eliminate nodes that are NOT on the path. Then repeat until you get 3 nodes. Another attack is to DoS attack the server and watch the load of the victim for correlations. At what cost? O(N)
36 Understanding the Artifacts If a different stream is relayed will delay the probe stream and leak information on latency. Also the OS, Memory Management, TCP protocol etc. could delay and give information.
37 Conclusions This kind of attack can be performed by a modest adversary. This attack does not give away the originator of the communication, however, it gives information about the path. All of the strategies involve an increase in latency.
38 Any questions? I promise you I won t tell anyone.
39 Thank You
Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson
Tor: The Second-Generation Onion Router Roger Dingledine, Nick Mathewson, Paul Syverson Introduction Second Generation of Onion Routing Focus on deployability Perfect forward secrecy Separation of protocol
More informationTHE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
More information2 ND GENERATION ONION ROUTER
2 ND GENERATION ONION ROUTER Roger Dingledine, Nick Mathewson and Paul Syverson Presenter: Alejandro Villanueva Agenda Threat model Cells and circuits Other features Related work How does it work? Rendezvous
More informationOnion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring
Onion Routing Varun Pandey Dept. of Computer Science, Virginia Tech 1 What is Onion Routing? a distributed overlay network to anonymize TCP based routing Circuit based (clients choose the circuit) Each
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationAnonymous communications: Crowds and Tor
Anonymous communications: Crowds and Tor Basic concepts What do we want to hide? sender anonymity attacker cannot determine who the sender of a particular message is receiver anonymity attacker cannot
More informationThe Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
More informationCE Advanced Network Security Anonymity II
CE 817 - Advanced Network Security Anonymity II Lecture 19 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationCS526: Information security
Cristina Nita-Rotaru CS526: Information security Anonymity systems. Based on slides by Chi Bun Chan 1: Terminology. Anonymity Anonymity (``without name ) means that a person is not identifiable within
More informationLow-Cost Traffic Analysis of Tor
Low-Cost Traffic Analysis of Tor Steven J. Murdoch, George Danezis University of Cambridge, Computer Laboratory Review of Tor Support anonymous transport of TCP streams over the Internet Support anonymous
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationPrivacy defense on the Internet. Csaba Kiraly
Advanced Networking Privacy defense on the Internet Csaba Kiraly 1 Topics Anonymity on the Internet Chaum Mix Mix network & Onion Routing Low-latency anonymous routing 2 Anonymity: Chaum mix David L. Chaum
More informationTor: The Second-Generation Onion Router
Tor: The Second-Generation Onion Router Roger Dingledine The Free Haven Project arma@freehaven.net Nick Mathewson The Free Haven Project nickm@freehaven.net Paul Syverson Naval Research Lab syverson@itd.nrl.navy.mil
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationProtocols for Anonymous Communication
18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your
More informationENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
More informationTor: An Anonymizing Overlay Network for TCP
Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication?
More informationAnalysing Onion Routing Bachelor-Thesis
Analysing Onion Routing Bachelor-Thesis Steffen Michels June 22, 2009 Abstract Although methods for reaching security goals such as secrecy, integrity and authentication are widely used in the Internet,
More informationAnonymity Analysis of TOR in Omnet++
Anonymity Analysis of TOR in Omnet++ Carmelo Badalamenti Mini Workshop on Security Framework 2006, Catania, December 12, 2006 "Security in Mobility" Badalamenti TOR & Omnet++
More informationOnion services. Philipp Winter Nov 30, 2015
Onion services Philipp Winter pwinter@cs.princeton.edu Nov 30, 2015 Quick introduction to Tor An overview of Tor Tor is a low-latency anonymity network Based on Syverson's onion routing......which is based
More informationUntraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym?
More informationComputer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationPrivate Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes
Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,
More informationAnonymity With Tor. The Onion Router. July 21, Technische Universität München
The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 21, 2011 Overview What is Tor? Motivation Background Material How Tor Works Hidden Services Attacks Specific Attack
More informationTor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.
Tor Tor Anonymity Network Free software that helps people surf on the Web anonymously and dodge censorship. CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk Initially developed at the U.S.
More informationChallenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London
Challenges in building overlay networks: a case study of Steven Murdoch Principal Research Fellow University College London Who uses? Ordinary people e.g. to avoid unscrupulous marketers, protect children,
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Anonymity Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationanonymous routing and mix nets (Tor) Yongdae Kim
anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1 q Why? Anonymous web browsing 1. Discuss health issues or financial matters anonymously
More informationIntroduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?
Introduction 1 Overview of Tor What is Tor? Why use Tor? How Tor works Encryption, Circuit Building, Directory Server Drawback of Tor s directory server Potential solution Using DNS Security Extension
More informationcommunication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.
Introduction to anonymous communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.Leuven) 1 a few words on the scope of the
More informationPutting the P back in VPN: An Overlay Network to Resist Traffic Analysis
Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The Free Haven Project http://freehaven.net/ Black Hat 2004 July 29, 2004 Talk Outline Motivation: Why anonymous
More informationAnonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012
Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hübner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28(10), October 1985 Who paid for the
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationCS6740: Network security
Cristina Nita-Rotaru CS6740: Network security Anonymity. Sources 1. Crowds: http://avirubin.com/crowds.pdf 2. Chaum mix: http://www.ovmj.org/gnunet/papers/p84-chaum.pdf 3. Tor: https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf
More informationLINKING TOR CIRCUITS
LINKING TOR CIRCUITS MSc Information Security, 2014 University College London Otto Huhta Supervisor: Dr George Danezis This report is submitted as part requirement for the MSc in Information Security at
More informationThe New Cell-Counting-Based Against Anonymous Proxy
The New Cell-Counting-Based Against Anonymous Proxy Yadarthugalla Raju M.Tech Student, Department of CSE, Dr.K.V.S.R.I.T, Kurnool. K. Pavan Kumar Assistant Professor, Department of IT, Dr.K.V.S.R.I.T,
More informationPluggable Transports Roadmap
Pluggable Transports Roadmap Steven J. Murdoch and George Kadianakis steven.murdoch@cl.cam.ac.uk,asn@torproject.org Tor Tech Report 2012-03-003 March 17, 2012 Abstract Of the currently available pluggable
More informationAnonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München
Anonymity With Tor The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 5, 2012 It s a series of tubes. Ted Stevens Overview What is Tor? Motivation Background Material
More informationA New Replay Attack Against Anonymous Communication Networks
1 A New Replay Attack Against Anonymous Communication Networks Ryan Pries, Wei Yu, Xinwen Fu and Wei Zhao Abstract Tor is a real-world, circuit-based low-latency anonymous communication network, supporting
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, autumn 2015 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationImpact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks
Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks Claudia Diaz 1, Steven J. Murdoch 2, Carmela Troncoso 1 1 K.U.Leuven, ESAT/COSIC 2 University of Cambridge / The Tor
More informationThe Loopix Anonymity System
The Loopix Anonymity System Ania M. Piotrowska 1 Jamie Hayes 1 Tariq Elahi 2 Sebastian Meiser 1 George Danezis 1 1 University College London, UK 2 KU Leuven 1 / 19 Mixnets Background A set of cryptographic
More informationCS 134 Winter Privacy and Anonymity
CS 134 Winter 2016 Privacy and Anonymity 1 Privacy Privacy and Society Basic individual right & desire Relevant to corporations & government agencies Recently increased awareness However, general public
More informationWhat's the buzz about HORNET?
1 What's the buzz about HORNET? 2 You've probably all seen the news "Internet-scale anonymity" "Without sacrificing security, the network supports data transfer speeds of up to 93GBps" "can be scaled at
More informationAchieving Privacy in Mesh Networks
Achieving Privacy in Mesh Networks Xiaoxin Wu Intel China Research Center Ltd Beijing, China xiaoxin.wu@intel.com Ninghui Li Department of Computer Science Purdue University West Lafayette, IN 47907-2086,
More informationAnalysis on End-to-End Node Selection Probability in Tor Network
Analysis on End-to-End Node Selection Probability in Tor Network Saurav Dahal 1, Junghee Lee 2, Jungmin Kang 2 and Seokjoo Shin 1 1 Department of Computer Engineering, Chosun University, Gwangju, South
More informationAnonymity and Privacy
Computer Security Spring 2008 Anonymity and Privacy Aggelos Kiayias University of Connecticut Anonymity in networks Anonymous Credentials Anonymous Payments Anonymous E-mail and Routing E-voting Group,
More informationPrivCount: A Distributed System for Safely Measuring Tor
PrivCount: A Distributed System for Safely Measuring Tor Rob Jansen Center for High Assurance Computer Systems Invited Talk, October 4 th, 2016 University of Oregon Department of Computer and Information
More informationTor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.
Tor Hidden Services Roger Dingledine Free Haven Project Electronic Frontier Foundation http://tor.eff.org/ 31 July 2005 Talk Outline Tor overview Circuit-building in Tor Hidden services in Tor Demo Anonymity
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Anonymity Mobile Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationIntroduction to Network. Topics
Introduction to Network Security Chapter 7 Transport Layer Protocols 1 TCP Layer Topics Responsible for reliable end-to-end transfer of application data. TCP vulnerabilities UDP UDP vulnerabilities DNS
More informationTor: Online anonymity, privacy, and security.
Tor: Online anonymity, privacy, and security. Runa A. Sandvik runa@torproject.org 12 September 2011 Runa A. Sandvik runa@torproject.org () Tor: Online anonymity, privacy, and security. 12 September 2011
More informationThinking Different. Assumptions about Operating Environments
Thinking Different Protocol Design 1 Assumptions about Operating Environments We always make assumptions about operating environments These obviously do not hold everywhere Wireless communications Node
More informationIntroduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory
Introduction to Traffic Analysis George Danezis University of Cambridge, Computer Laboratory Outline Introduction to anonymous communications Macro-level Traffic Analysis Micro-level Traffic Analysis P2P
More informationCryptanalysis of a fair anonymity for the tor network
Cryptanalysis of a fair anonymity for the tor network Amadou Moctar Kane KSecurity, BP 47136, Dakar, Senegal amadou1@gmailcom April 16, 2015 Abstract The aim of this paper is to present an attack upon
More informationPerfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen. 20 June 2017 EPFL Summer Research Institute
Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich Ian Goldberg 20 June 2017 EPFL Summer Research Institute Censorship Censors may monitor, alter or block traffic
More informationUNIT IV -- TRANSPORT LAYER
UNIT IV -- TRANSPORT LAYER TABLE OF CONTENTS 4.1. Transport layer. 02 4.2. Reliable delivery service. 03 4.3. Congestion control. 05 4.4. Connection establishment.. 07 4.5. Flow control 09 4.6. Transmission
More informationPractical Anonymity for the Masses with MorphMix
Practical Anonymity for the Masses with MorphMix Marc Rennhard, Bernhard Plattner () Financial Cryptography 2004 12 th February 2004 http://www.tik.ee.ethz.ch/~morphmix Overview Circuit-based mix networks
More informationHow Alice and Bob meet if they don t like onions
How Alice and Bob meet if they don t like onions Survey of Network Anonymisation Techniques Erik Sy 34th Chaos Communication Congress, Leipzig Agenda 1. Introduction to Anonymity Networks Anonymity Strategies
More informationComputer Networks 57 (2013) Contents lists available at SciVerse ScienceDirect. Computer Networks
Computer Networks 57 (213) 869 886 Contents lists available at SciVerse ScienceDirect Computer Networks journal homepage: www.elsevier.com/locate/comnet Protocol-level attacks against Tor Zhen Ling a,1,
More informationAnonymous Communications
Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationVPN Overview. VPN Types
VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat
More informationPort-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009
Port-Scanning Resistance in Tor Anonymity Network Presented By: Shane Pope (Shane.M.Pope@gmail.com) Dec 04, 2009 In partial fulfillment of the requirements for graduation with the Dean's Scholars Honors
More informationToward Improving Path Selection in Tor
Toward Improving Path Selection in Tor Fallon Chen Department of Computer Science and Engineering University of California, San Diego La Jolla, CA 203-00 Email: ftchen@cs.ucsd.edu Joseph Pasquale Department
More informationDesign Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks
Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks Rungrat Wiangsripanawan, Willy Susilo and Rei Safavi-Naini Center for Information Security School of Information
More informationANONYMOUS CONNECTIONS AND ONION ROUTING
I J C I T A E Serials Publications 6(1) 2012 : 31-37 ANONYMOUS CONNECTIONS AND ONION ROUTING NILESH MADHUKAR PATIL 1 AND CHELPA LINGAM 2 1 Lecturer, I. T. Dept., Rajiv Gandhi Institute of Technology, Mumbai
More informationContext. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!
Context Protocols for anonymity The nternet is a public network: Myrto Arapinis School of nformatics University of Edinburgh Routing information is public: P packet headers contain source and destination
More informationAnonymous Connections and Onion Routing
Anonymous Connections and Onion Routing David Goldschlag, Michael Reed, and Paul Syverson Center for High Assurance Computer Systems Naval Research Laboratory Washington, D.C. 1 Who is Talking to Whom?
More informationSafely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems
Safely Measuring Tor Safely Measuring Tor, Rob Jansen and Aaron Johnson, In the Proceedings of the 23rd ACM Conference on Computer and Communication Security (CCS 2016). Rob Jansen Center for High Assurance
More informationSample excerpt. Virtual Private Networks. Contents
Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................
More informationShare Count Analysis HEADERS
Measuring Network Privacy with It s 11PM. DO YOU KNOW WHERE YOUR Share Count Analysis HEADERS ARE? David Naylor Peter Steenkiste GOAL measure how private a network architecture or protocol is GOAL measure
More informationDefinition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party
Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone
More informationPerformance Evaluation of Tor Hidden Services
University of Bamberg Distributed and Mobile Systems Group Paper on the Seminar Tor Research Topic: Performance Evaluation of Tor Hidden Services Presented by: Christian Wilms Supervisor: Karsten Loesing
More informationONIONS ADVENTURES HOW TO USE ONION SERVICES AND THE NETWORK IN YOUR WEB ENDEAVORS hiro@torproject.org https://mastodon.social/@nopressure https://twitter.com/nopressure HI! TOR BOOTH IN BUILDING K (we
More informationCISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues
CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security A Brief Overview of Security & Privacy Issues 1 Topics to Be Covered Cloud computing RFID systems Bitcoin
More informationDissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures
Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures Srdjan Matic, Carmela Troncoso, Juan Caballero Dublin 31 March 2017 Privacy in electronic communications Alice Bob
More informationWeighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P
Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P Khalid Shahbar A. Nur Zincir-Heywood Faculty of Computer Science Dalhousie University Halifax, Canada {Shahbar,
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationRAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with
RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationResearch Collection. Systematic Testing of Tor. Master Thesis. ETH Library. Author(s): Lazzari, Marco. Publication Date: 2014
Research Collection Master Thesis Systematic Testing of Tor Author(s): Lazzari, Marco Publication Date: 2014 Permanent Link: https://doi.org/10.3929/ethz-a-010144381 Rights / License: In Copyright - Non-Commercial
More informationThinking Different. Assumptions about Operating Environments. We always make assumptions about operating environments
Thinking Different Protocol Design 2009 Jörg Ott & Carsten Bormann 1 Assumptions about Operating Environments We always make assumptions about operating environments These obviously do not hold everywhere
More informationAnonymity. With material from: Dave Levin and Michelle Mazurek
http://www.sogosurvey.com/static/sogo_resp_images/tat_resp_images/designimg/guaranteed-anonymous-survey.png Anonymity With material from: Dave Levin and Michelle Mazurek What is anonymity? Dining cryptographers
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationStudent ID: CS457: Computer Networking Date: 5/8/2007 Name:
CS457: Computer Networking Date: 5/8/2007 Name: Instructions: 1. Be sure that you have 10 questions 2. Write your Student ID (email) at the top of every page 3. Be sure to complete the honor statement
More informationThe Onion Routing Performance using Shadowplugin-TOR
The Onion Routing Performance using Shadowplugin-TOR Hartanto Kusuma Wardana, Liauw Frediczen Handianto, Banu Wirawan Yohanes * Faculty of Electronic and Computer Engineering Universitas Kristen Satya
More informationA Report on Modified Onion Routing and its Proof of Concept
A Report on Modified Onion Routing and its Proof of Concept Introduction: This document briefly describes the architecture, code layout, operation principles and testing covered in the implementation of
More informationLocating Hidden Servers
Locating Hidden Servers Lasse Øverlier Norwegian Defence Research Establishment and Gjøvik University College lasse.overlier@{ffi,hig}.no Paul Syverson Naval Research Laboratory syverson@itd.nrl.navy.mil
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationSam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF
Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Who am I? Sam Pickles Senior Engineer for F5 Networks WAF Specialist and general security type Why am I here? We get to see the pointy end of a lot of
More informationImproving stream correlation attacks on anonymous networks
Improving stream correlation attacks on anonymous networks Gavin O Gorman Dublin City University Glasnevin, D9 Dublin, Ireland gavin.ogorman@computing.dcu.ie Stephen Blott Dublin City University Glasnevin,
More informationMixminion: Design of a Type III Anonymous R er Protocol
Mixminion: Design of a Type III Anonymous Remailer Protocol George Danezis University of Cambridge george.danezis@cl.cam.ac.uk Roger Dingledine and Nick Mathewson The Free Haven Project farma,nickmg@freehaven.net
More informationMetrics for Security and Performance in Low-Latency Anonymity Systems
Metrics for Security and Performance in Low-Latency Anonymity Systems Tor user Entry node Tor Network Middle node Exit node Bandwidth per node (kb/s) (log scale) 1e+01 1e+03 1e+05 Encrypted tunnel Web
More informationAnonymity Tor Overview
Anonymity Tor Overview Andrew Lewman andrew@torproject.org April 21, 2011 Andrew Lewman andrew@torproject.org () Anonymity Tor Overview April 21, 2011 1 / 1 What are we talking about? Crash course on anonymous
More informationHerbivore: An Anonymous Information Sharing System
Herbivore: An Anonymous Information Sharing System Emin Gün Sirer August 25, 2006 Need Anonymity Online Current networking protocols expose the identity of communication endpoints Anyone with access to
More informationYour projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100
You should worry if you are below this point Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /0 * 100 o Optimistic: (Your
More informationBBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1
BBC Tor Overview Andrew Lewman andrew@torproject.org March 7, 2011 Andrew Lewman andrew@torproject.org () BBC Tor Overview March 7, 2011 1 / 1 What are we talking about? Crash course on anonymous communications
More information