The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
|
|
- Bruno Joseph
- 6 years ago
- Views:
Transcription
1 The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014
2 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
3 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality symmetric encryption, data integrity hash functions, authentication asymmetric encrytpion, and non-repudiation signatures.
4 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality symmetric encryption, data integrity hash functions, authentication asymmetric encrytpion, and non-repudiation signatures. Privacy goals of cryptography: deniability, anonymity, perfect forward secrecy,...
5 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality symmetric encryption, data integrity hash functions, authentication asymmetric encrytpion, and non-repudiation signatures. Privacy goals of cryptography: deniability, anonymity, perfect forward secrecy,... May depend on meta-data: sender, receiver, keying data...
6 Tor Network Introduction 3/33 Who needs anonymity?
7 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes,
8 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship,
9 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies,
10 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies,
11 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists,
12 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists, citizens under data-retention laws,
13 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists, citizens under data-retention laws, freedom of speech,
14 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists, citizens under data-retention laws, freedom of speech,...
15 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists, citizens under data-retention laws, freedom of speech,... Anonymity only works by hiding in the masses. You can help people in need of anonymity by using anonymity-enhancing software even if you do not depend on it yourself!
16 Tor Network Introduction 4/33 Tor (previously an acronym for The Onion Router) is free software for enabling online anonymity and resisting censorship. Wikipedia
17 Tor Network Introduction 5/33 Additional goals: deployability: usable in the real world, interoperable with existing protocols; usability: anonymity requires many users; flexibility: easy addition of future features; simplicity: avoid bugs, understand security parameters and features.
18 Tor Network Introduction 6/33 Non-goals: not peer-to-peer: requires centralized directory servers; not secure against end-to-end attacks: no protection against global adversary; no protocol normalization: no anonymization towards receiver; not steganographic: does not hide usage of the network.
19 Tor Network Thread Model 7/33 Global passive adversary: global view on the network, sees entry and exit links, and sees timing and volume patterns.
20 Tor Network Thread Model 7/33 Global passive adversary: global view on the network, sees entry and exit links, and sees timing and volume patterns. Tor does not protect against this type of adversary!
21 Tor Network Thread Model 8/33 Real-world adversary: view on a fraction the network, generate, modify, delete, or delay traffic, operate Tor routers, or compromise some Tor routers.
22 Tor Network Thread Model 8/33 Real-world adversary: view on a fraction the network, generate, modify, delete, or delay traffic, operate Tor routers, or compromise some Tor routers.? Tor attempts to protect against this type of adversary.
23 Tor Network Design Overview 9/33
24 Tor Network Design Overview 9/33
25 Tor Network Design Overview 9/33
26 Tor Network Design Overview 9/33
27 Tor Network Design Overview 9/33
28 Tor Network Design Overview 10/33
29 Tor Network Design Overview 10/33
30 Tor Network Design Overview 10/33
31 Tor Network Design Overview 10/33
32 Tor Network Design Overview 11/33 User Entry Middle Exit Data
33 Tor Network Design Details 12/33 Players: Onion Router (OR): Routers in the onion overlay network. Onion Proxy (OP): Local proxy of each Tor user. Directory Server: More-trusted entity providing an OR directory. Each OR maintains a TLS connection to all other ORs. Each OP maintains TLS connections to his entry ORs. Tor is using TLS cipher suites with ephemeral keys.
34 Tor Network Design Details 12/33 Players: Onion Router (OR): Routers in the onion overlay network. Onion Proxy (OP): Local proxy of each Tor user. Directory Server: More-trusted entity providing an OR directory. Each OR maintains a TLS connection to all other ORs. Each OP maintains TLS connections to his entry ORs. Tor is using TLS cipher suites with ephemeral keys. TLS is used for OR authentication and transport integrity, NOT for payload encryption!
35 Tor Network Design Details 13/33 Keys Asymmetric Keys: Each OR publishes a Router Identity Key in the directory. Additionally, directory servers have: a long-term Authority Identity Key (stored offline) and a medium-term Authority Signing Key (3 12 months). OPs do NOT have identity keys! Symmetric Keys: All TLS connections use short-term ephemeral keys. Onion encryption keys are short-term ephemeral keys; Tor is using AES128 in counter mode for onion encryption.
36 Tor Network Design Details 14/33 Directory Server:
37 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers.
38 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections.
39 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state.
40 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers.
41 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document.
42 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document. The client accepts the consensus document if it is signed by at least halve of the directory servers.
43 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document. The client accepts the consensus document if it is signed by at least halve of the directory servers. Later, the clients request cached consensus docs from known ORs.
44 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document. The client accepts the consensus document if it is signed by at least halve of the directory servers. Later, the clients request cached consensus docs from known ORs. Each consensus is restricted to a specific time period.
45 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document. The client accepts the consensus document if it is signed by at least halve of the directory servers. Later, the clients request cached consensus docs from known ORs. Each consensus is restricted to a specific time period. The consensus document contains bandwidth and exit policy informations for each OR.
46 Consensus Document (1) 15/33 network-status-version 3 vote-status consensus valid-after :00:00 fresh-until :00:00 valid-until :00:00 [...] contact Peter Palfrader vote-digest DE88ACE5E41B7BDD59A9FA29481D7D2BCF20C08D dir-source maatuska 49015F contact 4096R/ Linus Nordberg vote-digest ECFE99490D9E6ED7AB7598AD5B8BCDA43E5C53DF dir-source dannenberg C78... dannenberg.ccc.de [...]
47 Consensus Document (2) 16/33 r CalgaryRelay AhtWK/ebprD1KAbOKdWFQ+mlVE0 FIUMkqViP7mkBn :15: s Fast HSDir Running Stable V2Dir Valid v Tor w Bandwidth=247 p reject r TelosTorExit2 AhzRl+9BYl9I1Znz0ZM6GpU7mBs RGvsM1rZM2v3n :25: s Exit Fast HSDir Running Stable V2Dir Valid v Tor w Bandwidth=69200 p reject 25 [...]
48 Consensus Document (3) 17/33 directory-footer [...] directory-signature 49015F E3B66A1707A00E60F2D15B F98E385F F50925F54F832E2FE744B5ED BEGIN SIGNATURE----- qqbsasctppsb5butm6frzuoudk+oux76eb+gpaglzac/yqofqxpzbb9i[...] -----END SIGNATURE----- directory-signature C78764D58426B8B52B6651A5A A 6B82B0EC44BD79CB0D1F1BB2A0C597E0FEC71AE BEGIN SIGNATURE----- LcmuTT/5qwA+L9pcxGbRTz74YiqH4rQo5Wz3piSXmD/j4rcahfbmVHmi[...] -----END SIGNATURE----- [...]
49 Tor Network Design Details 18/33 Tor Statistics (June 13th, 2014): Total Bandwidth of Routers [KBytes/s] Total Number of Routers 5477 Total Number of Authority Routers 10 Total Number of Bad Directory Routers 0 Total Number of Bad Exit Routers 11 Total Number of Exit Routers 977 Total Number of Fast Routers 4588 Total Number of Guard Routers 2152 Total Number of Stable Routers 3824 Total Number of Valid Routers 5477 Total Number of Directory Mirror Routers 3430
50 Tor Network Design Details 19/33 Router Flags: Authority if the router is a directory authority. BadDirectory if the router is believed to be useless as a directory cache (because its directory port isn t working, its bandwidth is always throttled,... ). Exit if the router is more useful for building general-purpose exit circuits than for relay circuits. BadExit if the router is believed to be useless as an exit node (because its ISP censors it, because of TLS stripping,... ). Fast if the router is suitable for high-bandwidth circuits. Guard if the router is suitable for use as an entry guard. Stable if the router is suitable for long-lived circuits. Valid if the router has been validated.
51 Number of Routers 20/33 Germany the Netherlands USA
52 Number of Exit Routers 21/33 Germany the Netherlands USA
53 Tor Network Design Details 22/33 Cells: Control: padding, create, created, destroy, CircID CMD DATA
54 Tor Network Design Details 22/33 Cells: Control: padding, create, created, destroy, CircID CMD DATA Relay: relay data, relay begin, relay end, relay teardown, relay connected, relay extend, relay extended, relay truncate, relay truncated, relay drop, CircID Relay StreamID Digest Len CMD DATA Onion Encrypted
55 Tor Network Design Details 23/33 OP OR 1 OR 2 website (link TLS encrypted) (link TLS encrypted)
56 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) (link TLS encrypted) (link TLS encrypted)
57 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) (link TLS encrypted) (link TLS encrypted)
58 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} (link TLS encrypted) (link TLS encrypted)
59 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} create c 2, E(g x2 ) (link TLS encrypted) (link TLS encrypted)
60 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) (link TLS encrypted) (link TLS encrypted)
61 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) (link TLS encrypted) (link TLS encrypted)
62 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) (link TLS encrypted) (link TLS encrypted)
63 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 1, {{begin, website:80}} (link TLS encrypted) (link TLS encrypted)
64 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} (link TLS encrypted) (link TLS encrypted)
65 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} (TCP handshake) (link TLS encrypted) (link TLS encrypted)
66 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) (link TLS encrypted) (link TLS encrypted)
67 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) (link TLS encrypted) (link TLS encrypted)
68 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} relay c 1, {{data, HTTP GET... }} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) (link TLS encrypted) (link TLS encrypted)
69 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } (link TLS encrypted) (link TLS encrypted)
70 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } HTTP GET... (link TLS encrypted) (link TLS encrypted)
71 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } HTTP GET... (response) (link TLS encrypted) (link TLS encrypted)
72 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } relay c 2, {data, (response)} HTTP GET... (response) (link TLS encrypted) (link TLS encrypted)
73 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } relay c 1, {{data, response}} relay c 2, {data, (response)} HTTP GET... (response) (link TLS encrypted) (link TLS encrypted)
74 Tor Network Circuits 24/33
75 Tor Network Circuits 24/33
76 Tor Network Circuits 24/33
77 Tor Network Circuits 24/33
78 Tor Network Circuits 24/33
79 Tor Network Circuits 24/33
80 Tor Network Circuits 24/33 Adversary able to detect pattern in massage flow!
81 Tor Network Circuits 24/33 Adversary able to detect pattern in massage flow!
82 Tor Network Circuits 25/33 Choosing nodes for circuits:
83 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits.
84 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs)
85 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs) Risk grows with many connections/re-routs.
86 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs) Risk grows with many connections/re-routs. Choose a guard node as single entry for all circuits.
87 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs) Risk grows with many connections/re-routs. Choose a guard node as single entry for all circuits. All connections potentially compromised iff guard node is compromised; fine otherwise.
88 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs) Risk grows with many connections/re-routs. Choose a guard node as single entry for all circuits. All connections potentially compromised iff guard node is compromised; fine otherwise. Probability pinned to c/n regardless of number of connections.
89 Rendezvous Points, Hidden Services 26/33 Provide location hidden, anonymous services (responder anonymity): Access control: Filter incoming connections, avoid DoS. Robustness: Long-term pseudonymous identity, not tied to single OR. Smear-resistance: Rendezvous router protected against illegal activities. Application transparency: Hidden services directly accessible via the Tor network.
90 Rendezvous Points, Hidden Services 27/33
91 Rendezvous Points, Hidden Services 27/33
92 Rendezvous Points, Hidden Services 27/33
93 Rendezvous Points, Hidden Services 27/33
94 Rendezvous Points, Hidden Services 27/33
95 Rendezvous Points, Hidden Services 27/33
96 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns:
97 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation,
98 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation, end-to-end size correlation,
99 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation, end-to-end size correlation, website fingerprinting.
100 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation, end-to-end size correlation, website fingerprinting. Observing user content (see below).
101 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation, end-to-end size correlation, website fingerprinting. Observing user content (see below). Option distinguishability.
102 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys!
103 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys! Iterate compromise: Follow circuit from end to end. Possible only during lifetime of circuit.
104 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys! Iterate compromise: Follow circuit from end to end. Possible only during lifetime of circuit. Run recipient: Simplifies passive attacks.
105 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys! Iterate compromise: Follow circuit from end to end. Possible only during lifetime of circuit. Run recipient: Simplifies passive attacks. Run onion proxy: Usually not more likely than compromising users machine; possible in company settings with institutional onion proxy.
106 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys! Iterate compromise: Follow circuit from end to end. Possible only during lifetime of circuit. Run recipient: Simplifies passive attacks. Run onion proxy: Usually not more likely than compromising users machine; possible in company settings with institutional onion proxy. DoS non-observed nodes: Force traffic on controlled nodes by disabling other nodes.
107 Tor Network Attacks 30/33 Active Attacks (cont.): Run hostile OR: Observe connections, induce traffic patterns. Mitigated by use of guard nodes.
108 Tor Network Attacks 30/33 Active Attacks (cont.): Run hostile OR: Observe connections, induce traffic patterns. Mitigated by use of guard nodes. Introducing timing into messages: Strengthens passive attacks.
109 Tor Network Attacks 30/33 Active Attacks (cont.): Run hostile OR: Observe connections, induce traffic patterns. Mitigated by use of guard nodes. Introducing timing into messages: Strengthens passive attacks. Tagging attacks: Manipulate payload and observe garbled content on exit nodes. Prevented by integrity checks.
110 Tor Network Attacks 30/33 Active Attacks (cont.): Run hostile OR: Observe connections, induce traffic patterns. Mitigated by use of guard nodes. Introducing timing into messages: Strengthens passive attacks. Tagging attacks: Manipulate payload and observe garbled content on exit nodes. Prevented by integrity checks. Replay attacks: Replaying handshake messages results in different session key; replaying relay messages results in broken decryption (AES-CTR).
111 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators.
112 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators. Distribute hostile code: Backdoored or broken Tor client or server software. Tor binaries are signed, Tor is open source.
113 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators. Distribute hostile code: Backdoored or broken Tor client or server software. Tor binaries are signed, Tor is open source. Verify your version!
114 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators. Distribute hostile code: Backdoored or broken Tor client or server software. Tor binaries are signed, Tor is open source. Verify your version! Audit Tor source code!
115 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators. Distribute hostile code: Backdoored or broken Tor client or server software. Tor binaries are signed, Tor is open source. Verify your version! Audit Tor source code! Block access to Tor (censorship): IP addressed of directory servers are well-known. Tor offers bridge nodes which are protected from full-enumeration. Steganographic protocols can be used to tunnel Tor traffic.
116 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle.
117 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by:
118 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins,
119 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution,
120 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors,
121 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies,
122 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage,
123 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs,
124 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache,
125 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache,...
126 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache,... Use the Tor Browser Bundle to handle.
127 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache,... Use the Tor Browser Bundle to handle. User data in the last hop; encrypt actual connection with, e.g., TLS.
128 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache, Tails: Live CD/USB operating system... preconfigured to use Tor safely. Use the Tor Browser Bundle to handle. User data in the last hop; encrypt actual connection with, e.g., TLS.
129 Tor Network 33/33 Run exit nodes! Run onion routers! Run bridge nodes!
A SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationTor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson
Tor: The Second-Generation Onion Router Roger Dingledine, Nick Mathewson, Paul Syverson Introduction Second Generation of Onion Routing Focus on deployability Perfect forward secrecy Separation of protocol
More informationOnion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring
Onion Routing Varun Pandey Dept. of Computer Science, Virginia Tech 1 What is Onion Routing? a distributed overlay network to anonymize TCP based routing Circuit based (clients choose the circuit) Each
More informationAnonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L
Anonymity C S 6 8 2 A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L 2 0 1 9 Tor: The Second- Generation Onion Router R. DINGLEDINE N.
More information2 ND GENERATION ONION ROUTER
2 ND GENERATION ONION ROUTER Roger Dingledine, Nick Mathewson and Paul Syverson Presenter: Alejandro Villanueva Agenda Threat model Cells and circuits Other features Related work How does it work? Rendezvous
More informationAnonymous communications: Crowds and Tor
Anonymous communications: Crowds and Tor Basic concepts What do we want to hide? sender anonymity attacker cannot determine who the sender of a particular message is receiver anonymity attacker cannot
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationTHE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
More informationIntroduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?
Introduction 1 Overview of Tor What is Tor? Why use Tor? How Tor works Encryption, Circuit Building, Directory Server Drawback of Tor s directory server Potential solution Using DNS Security Extension
More informationOnion services. Philipp Winter Nov 30, 2015
Onion services Philipp Winter pwinter@cs.princeton.edu Nov 30, 2015 Quick introduction to Tor An overview of Tor Tor is a low-latency anonymity network Based on Syverson's onion routing......which is based
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationAnalysing Onion Routing Bachelor-Thesis
Analysing Onion Routing Bachelor-Thesis Steffen Michels June 22, 2009 Abstract Although methods for reaching security goals such as secrecy, integrity and authentication are widely used in the Internet,
More informationTor: Online anonymity, privacy, and security.
Tor: Online anonymity, privacy, and security. Runa A. Sandvik runa@torproject.org 12 September 2011 Runa A. Sandvik runa@torproject.org () Tor: Online anonymity, privacy, and security. 12 September 2011
More informationChallenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London
Challenges in building overlay networks: a case study of Steven Murdoch Principal Research Fellow University College London Who uses? Ordinary people e.g. to avoid unscrupulous marketers, protect children,
More informationComputer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes
More informationPrivate Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes
Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationCS526: Information security
Cristina Nita-Rotaru CS526: Information security Anonymity systems. Based on slides by Chi Bun Chan 1: Terminology. Anonymity Anonymity (``without name ) means that a person is not identifiable within
More informationProtocols for Anonymous Communication
18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your
More informationTor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.
Tor Tor Anonymity Network Free software that helps people surf on the Web anonymously and dodge censorship. CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk Initially developed at the U.S.
More informationCE Advanced Network Security Anonymity II
CE 817 - Advanced Network Security Anonymity II Lecture 19 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Anonymity Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationPrivacy defense on the Internet. Csaba Kiraly
Advanced Networking Privacy defense on the Internet Csaba Kiraly 1 Topics Anonymity on the Internet Chaum Mix Mix network & Onion Routing Low-latency anonymous routing 2 Anonymity: Chaum mix David L. Chaum
More informationAnonymity Analysis of TOR in Omnet++
Anonymity Analysis of TOR in Omnet++ Carmelo Badalamenti Mini Workshop on Security Framework 2006, Catania, December 12, 2006 "Security in Mobility" Badalamenti TOR & Omnet++
More informationOnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization
The Tor Project Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention.
More informationTor: An Anonymizing Overlay Network for TCP
Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication?
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, autumn 2015 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationCS6740: Network security
Cristina Nita-Rotaru CS6740: Network security Anonymity. Sources 1. Crowds: http://avirubin.com/crowds.pdf 2. Chaum mix: http://www.ovmj.org/gnunet/papers/p84-chaum.pdf 3. Tor: https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf
More informationHow Alice and Bob meet if they don t like onions
How Alice and Bob meet if they don t like onions Survey of Network Anonymisation Techniques Erik Sy 34th Chaos Communication Congress, Leipzig Agenda 1. Introduction to Anonymity Networks Anonymity Strategies
More informationPutting the P back in VPN: An Overlay Network to Resist Traffic Analysis
Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The Free Haven Project http://freehaven.net/ Black Hat 2004 July 29, 2004 Talk Outline Motivation: Why anonymous
More informationCS 134 Winter Privacy and Anonymity
CS 134 Winter 2016 Privacy and Anonymity 1 Privacy Privacy and Society Basic individual right & desire Relevant to corporations & government agencies Recently increased awareness However, general public
More informationAnonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München
Anonymity With Tor The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 5, 2012 It s a series of tubes. Ted Stevens Overview What is Tor? Motivation Background Material
More informationAnonymity With Tor. The Onion Router. July 21, Technische Universität München
The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 21, 2011 Overview What is Tor? Motivation Background Material How Tor Works Hidden Services Attacks Specific Attack
More informationAnonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012
Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hübner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28(10), October 1985 Who paid for the
More informationAnonymous Communications
Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit
More informationPluggable Transports Roadmap
Pluggable Transports Roadmap Steven J. Murdoch and George Kadianakis steven.murdoch@cl.cam.ac.uk,asn@torproject.org Tor Tech Report 2012-03-003 March 17, 2012 Abstract Of the currently available pluggable
More informationanonymous routing and mix nets (Tor) Yongdae Kim
anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1 q Why? Anonymous web browsing 1. Discuss health issues or financial matters anonymously
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationUntraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym?
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationLecture III : Communication Security Mechanisms
Lecture III : Communication Security Mechanisms Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 X.800 : Security
More informationPeeling Onions Understanding and using
hiro@torproject.org Peeling Onions Understanding and using the network Know your onions What is Tor and what it can do for you. How Tor provides privacy and anonymity Using Tor at the application layer:
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationDefinition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party
Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone
More informationTorScan: Tracing Long-lived Connections and Differential Scanning Attacks
TorScan: Tracing Long-lived Connections and Differential Scanning Attacks A. Biryukov, I. Pustogarov, R.P. Weinmann University of Luxembourg ivan.pustogarov@uni.lu September 5, 2012 A. Biryukov, I. Pustogarov,
More informationTor: The Second-Generation Onion Router
Tor: The Second-Generation Onion Router Roger Dingledine The Free Haven Project arma@freehaven.net Nick Mathewson The Free Haven Project nickm@freehaven.net Paul Syverson Naval Research Lab syverson@itd.nrl.navy.mil
More informationResearch Collection. Systematic Testing of Tor. Master Thesis. ETH Library. Author(s): Lazzari, Marco. Publication Date: 2014
Research Collection Master Thesis Systematic Testing of Tor Author(s): Lazzari, Marco Publication Date: 2014 Permanent Link: https://doi.org/10.3929/ethz-a-010144381 Rights / License: In Copyright - Non-Commercial
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 10 1 Announcements Project Group Due today Attendance Mandatory Ave. 85% ( 4 absentees
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationAnonymity Tor Overview
Anonymity Tor Overview Andrew Lewman andrew@torproject.org April 21, 2011 Andrew Lewman andrew@torproject.org () Anonymity Tor Overview April 21, 2011 1 / 1 What are we talking about? Crash course on anonymous
More informationBBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1
BBC Tor Overview Andrew Lewman andrew@torproject.org March 7, 2011 Andrew Lewman andrew@torproject.org () BBC Tor Overview March 7, 2011 1 / 1 What are we talking about? Crash course on anonymous communications
More informationSurfing safely over the Tor anonymity network. Georg Koppen Philipp Winter
Surfing safely over the Tor anonymity network Georg Koppen gk@torproject.org Philipp Winter phw@torproject.org How does Tor work? What are exit relays? Currently ~7,000 relays, ~1,000 are exits All run
More informationWhat's the buzz about HORNET?
1 What's the buzz about HORNET? 2 You've probably all seen the news "Internet-scale anonymity" "Without sacrificing security, the network supports data transfer speeds of up to 93GBps" "can be scaled at
More informationCS232. Lecture 21: Anonymous Communications
CS232 Lecture 21: Anonymous Communications November 21, 2018 2 You Are Not Anonymous 3 Your IP address can be linked directly to you ISPs store communications records Usually for several years (Data Retention
More informationANONYMOUS CONNECTIONS AND ONION ROUTING
I J C I T A E Serials Publications 6(1) 2012 : 31-37 ANONYMOUS CONNECTIONS AND ONION ROUTING NILESH MADHUKAR PATIL 1 AND CHELPA LINGAM 2 1 Lecturer, I. T. Dept., Rajiv Gandhi Institute of Technology, Mumbai
More informationDissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures
Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures Srdjan Matic, Carmela Troncoso, Juan Caballero Dublin 31 March 2017 Privacy in electronic communications Alice Bob
More informationPort-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009
Port-Scanning Resistance in Tor Anonymity Network Presented By: Shane Pope (Shane.M.Pope@gmail.com) Dec 04, 2009 In partial fulfillment of the requirements for graduation with the Dean's Scholars Honors
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationVirtual Private Networks
EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner April 29, 2016 Announcements Final exam in RSF Fieldhouse, 5/10, arrive by 7PM HW4 due Monday, 5/2, 11:59pm Review
More informationNetwork Security - ISA 656 IPsec IPsec Key Management (IKE)
Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating
More informationENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
More informationA New Replay Attack Against Anonymous Communication Networks
1 A New Replay Attack Against Anonymous Communication Networks Ryan Pries, Wei Yu, Xinwen Fu and Wei Zhao Abstract Tor is a real-world, circuit-based low-latency anonymous communication network, supporting
More informationIP Security IK2218/EP2120
IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous
More informationthis security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities
INFRASTRUCTURE SECURITY this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities Goals * prevent or mitigate resource attacks
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationFBI Tor Overview. Andrew Lewman January 17, 2012
FBI Tor Overview Andrew Lewman andrew@torproject.org January 17, 2012 Andrew Lewman andrew@torproject.org () FBI Tor Overview January 17, 2012 1 / 28 What are we talking about? Crash course on anonymous
More informationAchieving Privacy in Mesh Networks
Achieving Privacy in Mesh Networks Xiaoxin Wu Intel China Research Center Ltd Beijing, China xiaoxin.wu@intel.com Ninghui Li Department of Computer Science Purdue University West Lafayette, IN 47907-2086,
More informationWeighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P
Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P Khalid Shahbar A. Nur Zincir-Heywood Faculty of Computer Science Dalhousie University Halifax, Canada {Shahbar,
More information(S//REL) Open Source Multi-Hop Networks
TOP SECRET//SI/IRELTO USA,FVEY (C//REL) Types ofiat- Advanced Open Source Multi-Hop (S//REL) Open Source Multi-Hop Networks (S//REL) Tor (S//REL) Very widely used worldwide (S//REL) Open Source (S//REL)
More informationAnalysis on End-to-End Node Selection Probability in Tor Network
Analysis on End-to-End Node Selection Probability in Tor Network Saurav Dahal 1, Junghee Lee 2, Jungmin Kang 2 and Seokjoo Shin 1 1 Department of Computer Engineering, Chosun University, Gwangju, South
More informationIntroduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh
Introduction to Tor Secure Web Browsing and Anonymity Tor Mumbai Meetup, 2018 Sukhbir Singh sukhbir@torproject.org January 20, 2018 Before We Begin... 2 / 18 Before We Begin... Understand your threat model
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationTelex Anticensorship in the
Telex Anticensorship in the Network Infrastructure Eric Wustrow Ian Goldberg * Scott Wolchok J. Alex Halderman University of Michigan University of Michigan * University of Waterloo Background Internet
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec
More information8. Network Layer Contents
Contents 1 / 43 * Earlier Work * IETF IP sec Working Group * IP Security Protocol * Security Associations * Authentication Header * Encapsulation Security Payload * Internet Key Management Protocol * Modular
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationCryptography opportunities in Tor. Nick Mathewson The Tor Project 21 January 2013
Cryptography opportunities in Tor Nick Mathewson The Tor Project 21 January 2013 Summary Very quick Tor overview Tor's cryptography, and how it's evolving Various opportunities for more Tor crypto work
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationPerfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen. 20 June 2017 EPFL Summer Research Institute
Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich Ian Goldberg 20 June 2017 EPFL Summer Research Institute Censorship Censors may monitor, alter or block traffic
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationFirewall-Friendly VoIP Secure Gateway and VoIP Security Issues
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationTor Experimentation Tools
Tor Experimentation Tools Fatemeh Shirazi TU Darmstadt / KU Leuven Darmstadt, Germany fshirazi@cdc.informatik.tu-darmstadt.de Matthias Göhring TU Darmstadt Darmstadt, Germany de.m.goehring@ieee.org Claudia
More informationExtremely Sensitive Communication
MSc System and Network Engineering Research Project 2 Extremely Sensitive Communication secure, secret, and private e-mail Author: Loek Sangers loek.sangers@os3.nl Supervisor: Ruud Verbij verbij.ruud@kpmg.nl
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More information