The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
Size: px
Start display at page:

Download "The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science"

Transcription

1 The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014

2 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.

3 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality symmetric encryption, data integrity hash functions, authentication asymmetric encrytpion, and non-repudiation signatures.

4 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality symmetric encryption, data integrity hash functions, authentication asymmetric encrytpion, and non-repudiation signatures. Privacy goals of cryptography: deniability, anonymity, perfect forward secrecy,...

5 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality symmetric encryption, data integrity hash functions, authentication asymmetric encrytpion, and non-repudiation signatures. Privacy goals of cryptography: deniability, anonymity, perfect forward secrecy,... May depend on meta-data: sender, receiver, keying data...

6 Tor Network Introduction 3/33 Who needs anonymity?

7 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes,

8 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship,

9 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies,

10 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies,

11 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists,

12 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists, citizens under data-retention laws,

13 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists, citizens under data-retention laws, freedom of speech,

14 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists, citizens under data-retention laws, freedom of speech,...

15 Tor Network Introduction 3/33 Who needs anonymity? opposition in autocratic regimes, journalists under dictatorship, journalists in democracies, law enforcement, spies, criminals, terrorists, citizens under data-retention laws, freedom of speech,... Anonymity only works by hiding in the masses. You can help people in need of anonymity by using anonymity-enhancing software even if you do not depend on it yourself!

16 Tor Network Introduction 4/33 Tor (previously an acronym for The Onion Router) is free software for enabling online anonymity and resisting censorship. Wikipedia

17 Tor Network Introduction 5/33 Additional goals: deployability: usable in the real world, interoperable with existing protocols; usability: anonymity requires many users; flexibility: easy addition of future features; simplicity: avoid bugs, understand security parameters and features.

18 Tor Network Introduction 6/33 Non-goals: not peer-to-peer: requires centralized directory servers; not secure against end-to-end attacks: no protection against global adversary; no protocol normalization: no anonymization towards receiver; not steganographic: does not hide usage of the network.

19 Tor Network Thread Model 7/33 Global passive adversary: global view on the network, sees entry and exit links, and sees timing and volume patterns.

20 Tor Network Thread Model 7/33 Global passive adversary: global view on the network, sees entry and exit links, and sees timing and volume patterns. Tor does not protect against this type of adversary!

21 Tor Network Thread Model 8/33 Real-world adversary: view on a fraction the network, generate, modify, delete, or delay traffic, operate Tor routers, or compromise some Tor routers.

22 Tor Network Thread Model 8/33 Real-world adversary: view on a fraction the network, generate, modify, delete, or delay traffic, operate Tor routers, or compromise some Tor routers.? Tor attempts to protect against this type of adversary.

23 Tor Network Design Overview 9/33

24 Tor Network Design Overview 9/33

25 Tor Network Design Overview 9/33

26 Tor Network Design Overview 9/33

27 Tor Network Design Overview 9/33

28 Tor Network Design Overview 10/33

29 Tor Network Design Overview 10/33

30 Tor Network Design Overview 10/33

31 Tor Network Design Overview 10/33

32 Tor Network Design Overview 11/33 User Entry Middle Exit Data

33 Tor Network Design Details 12/33 Players: Onion Router (OR): Routers in the onion overlay network. Onion Proxy (OP): Local proxy of each Tor user. Directory Server: More-trusted entity providing an OR directory. Each OR maintains a TLS connection to all other ORs. Each OP maintains TLS connections to his entry ORs. Tor is using TLS cipher suites with ephemeral keys.

34 Tor Network Design Details 12/33 Players: Onion Router (OR): Routers in the onion overlay network. Onion Proxy (OP): Local proxy of each Tor user. Directory Server: More-trusted entity providing an OR directory. Each OR maintains a TLS connection to all other ORs. Each OP maintains TLS connections to his entry ORs. Tor is using TLS cipher suites with ephemeral keys. TLS is used for OR authentication and transport integrity, NOT for payload encryption!

35 Tor Network Design Details 13/33 Keys Asymmetric Keys: Each OR publishes a Router Identity Key in the directory. Additionally, directory servers have: a long-term Authority Identity Key (stored offline) and a medium-term Authority Signing Key (3 12 months). OPs do NOT have identity keys! Symmetric Keys: All TLS connections use short-term ephemeral keys. Onion encryption keys are short-term ephemeral keys; Tor is using AES128 in counter mode for onion encryption.

36 Tor Network Design Details 14/33 Directory Server:

37 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers.

38 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections.

39 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state.

40 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers.

41 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document.

42 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document. The client accepts the consensus document if it is signed by at least halve of the directory servers.

43 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document. The client accepts the consensus document if it is signed by at least halve of the directory servers. Later, the clients request cached consensus docs from known ORs.

44 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document. The client accepts the consensus document if it is signed by at least halve of the directory servers. Later, the clients request cached consensus docs from known ORs. Each consensus is restricted to a specific time period.

45 Tor Network Design Details 14/33 Directory Server: ORs send a signed statement to the directory servers. The directory servers test if the OR accepts connections. Periodically, the directory servers vote on the network state. The consensus is signed by all agreeing directory servers. On bootstrap, a client connects to a directory server to receive a the signed consensus document. The client accepts the consensus document if it is signed by at least halve of the directory servers. Later, the clients request cached consensus docs from known ORs. Each consensus is restricted to a specific time period. The consensus document contains bandwidth and exit policy informations for each OR.

46 Consensus Document (1) 15/33 network-status-version 3 vote-status consensus valid-after :00:00 fresh-until :00:00 valid-until :00:00 [...] contact Peter Palfrader vote-digest DE88ACE5E41B7BDD59A9FA29481D7D2BCF20C08D dir-source maatuska 49015F contact 4096R/ Linus Nordberg vote-digest ECFE99490D9E6ED7AB7598AD5B8BCDA43E5C53DF dir-source dannenberg C78... dannenberg.ccc.de [...]

47 Consensus Document (2) 16/33 r CalgaryRelay AhtWK/ebprD1KAbOKdWFQ+mlVE0 FIUMkqViP7mkBn :15: s Fast HSDir Running Stable V2Dir Valid v Tor w Bandwidth=247 p reject r TelosTorExit2 AhzRl+9BYl9I1Znz0ZM6GpU7mBs RGvsM1rZM2v3n :25: s Exit Fast HSDir Running Stable V2Dir Valid v Tor w Bandwidth=69200 p reject 25 [...]

48 Consensus Document (3) 17/33 directory-footer [...] directory-signature 49015F E3B66A1707A00E60F2D15B F98E385F F50925F54F832E2FE744B5ED BEGIN SIGNATURE----- qqbsasctppsb5butm6frzuoudk+oux76eb+gpaglzac/yqofqxpzbb9i[...] -----END SIGNATURE----- directory-signature C78764D58426B8B52B6651A5A A 6B82B0EC44BD79CB0D1F1BB2A0C597E0FEC71AE BEGIN SIGNATURE----- LcmuTT/5qwA+L9pcxGbRTz74YiqH4rQo5Wz3piSXmD/j4rcahfbmVHmi[...] -----END SIGNATURE----- [...]

49 Tor Network Design Details 18/33 Tor Statistics (June 13th, 2014): Total Bandwidth of Routers [KBytes/s] Total Number of Routers 5477 Total Number of Authority Routers 10 Total Number of Bad Directory Routers 0 Total Number of Bad Exit Routers 11 Total Number of Exit Routers 977 Total Number of Fast Routers 4588 Total Number of Guard Routers 2152 Total Number of Stable Routers 3824 Total Number of Valid Routers 5477 Total Number of Directory Mirror Routers 3430

50 Tor Network Design Details 19/33 Router Flags: Authority if the router is a directory authority. BadDirectory if the router is believed to be useless as a directory cache (because its directory port isn t working, its bandwidth is always throttled,... ). Exit if the router is more useful for building general-purpose exit circuits than for relay circuits. BadExit if the router is believed to be useless as an exit node (because its ISP censors it, because of TLS stripping,... ). Fast if the router is suitable for high-bandwidth circuits. Guard if the router is suitable for use as an entry guard. Stable if the router is suitable for long-lived circuits. Valid if the router has been validated.

51 Number of Routers 20/33 Germany the Netherlands USA

52 Number of Exit Routers 21/33 Germany the Netherlands USA

53 Tor Network Design Details 22/33 Cells: Control: padding, create, created, destroy, CircID CMD DATA

54 Tor Network Design Details 22/33 Cells: Control: padding, create, created, destroy, CircID CMD DATA Relay: relay data, relay begin, relay end, relay teardown, relay connected, relay extend, relay extended, relay truncate, relay truncated, relay drop, CircID Relay StreamID Digest Len CMD DATA Onion Encrypted

55 Tor Network Design Details 23/33 OP OR 1 OR 2 website (link TLS encrypted) (link TLS encrypted)

56 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) (link TLS encrypted) (link TLS encrypted)

57 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) (link TLS encrypted) (link TLS encrypted)

58 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} (link TLS encrypted) (link TLS encrypted)

59 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} create c 2, E(g x2 ) (link TLS encrypted) (link TLS encrypted)

60 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) (link TLS encrypted) (link TLS encrypted)

61 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) (link TLS encrypted) (link TLS encrypted)

62 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) (link TLS encrypted) (link TLS encrypted)

63 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 1, {{begin, website:80}} (link TLS encrypted) (link TLS encrypted)

64 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} (link TLS encrypted) (link TLS encrypted)

65 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} (TCP handshake) (link TLS encrypted) (link TLS encrypted)

66 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) (link TLS encrypted) (link TLS encrypted)

67 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) (link TLS encrypted) (link TLS encrypted)

68 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} relay c 1, {{data, HTTP GET... }} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) (link TLS encrypted) (link TLS encrypted)

69 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } (link TLS encrypted) (link TLS encrypted)

70 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } HTTP GET... (link TLS encrypted) (link TLS encrypted)

71 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } HTTP GET... (response) (link TLS encrypted) (link TLS encrypted)

72 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } relay c 2, {data, (response)} HTTP GET... (response) (link TLS encrypted) (link TLS encrypted)

73 Tor Network Design Details 23/33 OP OR 1 OR 2 website create c 1, E(g x1 ) created c 1, g y1, H(g xy 1 1 ) relay c 1, {extend, OR 2, E(g x2 )} relay c 1, {extended, g y2, H(g xy 2 2 )} relay c 1, {{begin, website:80}} relay c 1, {{connected}} create c 2, E(g x2 ) created c 2, g y2, H(g xy 2 2 ) relay c 2, {begin, website:80} relay c 2, {connected} (TCP handshake) relay c 1, {{data, HTTP GET... }} relay c2, {data, HTTP GET... } relay c 1, {{data, response}} relay c 2, {data, (response)} HTTP GET... (response) (link TLS encrypted) (link TLS encrypted)

74 Tor Network Circuits 24/33

75 Tor Network Circuits 24/33

76 Tor Network Circuits 24/33

77 Tor Network Circuits 24/33

78 Tor Network Circuits 24/33

79 Tor Network Circuits 24/33

80 Tor Network Circuits 24/33 Adversary able to detect pattern in massage flow!

81 Tor Network Circuits 24/33 Adversary able to detect pattern in massage flow!

82 Tor Network Circuits 25/33 Choosing nodes for circuits:

83 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits.

84 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs)

85 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs) Risk grows with many connections/re-routs.

86 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs) Risk grows with many connections/re-routs. Choose a guard node as single entry for all circuits.

87 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs) Risk grows with many connections/re-routs. Choose a guard node as single entry for all circuits. All connections potentially compromised iff guard node is compromised; fine otherwise.

88 Tor Network Circuits 25/33 Choosing nodes for circuits: Circuit length: 3 ORs entry, mid, and exit. Attacks most efficient at entry and exit; no need for long circuits. Avoid both entry and exit to be controlled by attacker. Probability: (c/n) 2 per circuit (c: attacker-controlled ORs, N: total ORs) Risk grows with many connections/re-routs. Choose a guard node as single entry for all circuits. All connections potentially compromised iff guard node is compromised; fine otherwise. Probability pinned to c/n regardless of number of connections.

89 Rendezvous Points, Hidden Services 26/33 Provide location hidden, anonymous services (responder anonymity): Access control: Filter incoming connections, avoid DoS. Robustness: Long-term pseudonymous identity, not tied to single OR. Smear-resistance: Rendezvous router protected against illegal activities. Application transparency: Hidden services directly accessible via the Tor network.

90 Rendezvous Points, Hidden Services 27/33

91 Rendezvous Points, Hidden Services 27/33

92 Rendezvous Points, Hidden Services 27/33

93 Rendezvous Points, Hidden Services 27/33

94 Rendezvous Points, Hidden Services 27/33

95 Rendezvous Points, Hidden Services 27/33

96 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns:

97 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation,

98 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation, end-to-end size correlation,

99 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation, end-to-end size correlation, website fingerprinting.

100 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation, end-to-end size correlation, website fingerprinting. Observing user content (see below).

101 Tor Network Attacks 28/33 Passive Attacks: Observing user traffic patterns: end-to-end timing correlation, end-to-end size correlation, website fingerprinting. Observing user content (see below). Option distinguishability.

102 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys!

103 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys! Iterate compromise: Follow circuit from end to end. Possible only during lifetime of circuit.

104 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys! Iterate compromise: Follow circuit from end to end. Possible only during lifetime of circuit. Run recipient: Simplifies passive attacks.

105 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys! Iterate compromise: Follow circuit from end to end. Possible only during lifetime of circuit. Run recipient: Simplifies passive attacks. Run onion proxy: Usually not more likely than compromising users machine; possible in company settings with institutional onion proxy.

106 Tor Network Attacks 29/33 Active Attacks: Compromise keys: TLS session key, circuit session key, OR private key. Past connections can t be compromised due to ephemeral keys! Iterate compromise: Follow circuit from end to end. Possible only during lifetime of circuit. Run recipient: Simplifies passive attacks. Run onion proxy: Usually not more likely than compromising users machine; possible in company settings with institutional onion proxy. DoS non-observed nodes: Force traffic on controlled nodes by disabling other nodes.

107 Tor Network Attacks 30/33 Active Attacks (cont.): Run hostile OR: Observe connections, induce traffic patterns. Mitigated by use of guard nodes.

108 Tor Network Attacks 30/33 Active Attacks (cont.): Run hostile OR: Observe connections, induce traffic patterns. Mitigated by use of guard nodes. Introducing timing into messages: Strengthens passive attacks.

109 Tor Network Attacks 30/33 Active Attacks (cont.): Run hostile OR: Observe connections, induce traffic patterns. Mitigated by use of guard nodes. Introducing timing into messages: Strengthens passive attacks. Tagging attacks: Manipulate payload and observe garbled content on exit nodes. Prevented by integrity checks.

110 Tor Network Attacks 30/33 Active Attacks (cont.): Run hostile OR: Observe connections, induce traffic patterns. Mitigated by use of guard nodes. Introducing timing into messages: Strengthens passive attacks. Tagging attacks: Manipulate payload and observe garbled content on exit nodes. Prevented by integrity checks. Replay attacks: Replaying handshake messages results in different session key; replaying relay messages results in broken decryption (AES-CTR).

111 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators.

112 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators. Distribute hostile code: Backdoored or broken Tor client or server software. Tor binaries are signed, Tor is open source.

113 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators. Distribute hostile code: Backdoored or broken Tor client or server software. Tor binaries are signed, Tor is open source. Verify your version!

114 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators. Distribute hostile code: Backdoored or broken Tor client or server software. Tor binaries are signed, Tor is open source. Verify your version! Audit Tor source code!

115 Tor Network Attacks 31/33 Active Attacks (cont.): Smear attacks: Use Tor for socially disapproved acts, bring network to disrepute. Exit policies reduce abuse; string exit-node operators. Distribute hostile code: Backdoored or broken Tor client or server software. Tor binaries are signed, Tor is open source. Verify your version! Audit Tor source code! Block access to Tor (censorship): IP addressed of directory servers are well-known. Tor offers bridge nodes which are protected from full-enumeration. Steganographic protocols can be used to tunnel Tor traffic.

116 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle.

117 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by:

118 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins,

119 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution,

120 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors,

121 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies,

122 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage,

123 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs,

124 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache,

125 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache,...

126 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache,... Use the Tor Browser Bundle to handle.

127 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache,... Use the Tor Browser Bundle to handle. User data in the last hop; encrypt actual connection with, e.g., TLS.

128 Tor Network Attacks 32/33 De-anonymization by information leaks: DNS resolution: usually via UDP; use torsocks to handle. Browser-fingerprinting user can be identified by: browser plugins, screen resolution, system colors, cookies, DOM storage, TLS session IDs, page cache, Tails: Live CD/USB operating system... preconfigured to use Tor safely. Use the Tor Browser Bundle to handle. User data in the last hop; encrypt actual connection with, e.g., TLS.

129 Tor Network 33/33 Run exit nodes! Run onion routers! Run bridge nodes!

Similar documents

A SIMPLE INTRODUCTION TO TOR

A SIMPLE INTRODUCTION TO TOR A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that

More information

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson Tor: The Second-Generation Onion Router Roger Dingledine, Nick Mathewson, Paul Syverson Introduction Second Generation of Onion Routing Focus on deployability Perfect forward secrecy Separation of protocol

More information

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring Onion Routing Varun Pandey Dept. of Computer Science, Virginia Tech 1 What is Onion Routing? a distributed overlay network to anonymize TCP based routing Circuit based (clients choose the circuit) Each

More information

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L Anonymity C S 6 8 2 A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L 2 0 1 9 Tor: The Second- Generation Onion Router R. DINGLEDINE N.

More information

2 ND GENERATION ONION ROUTER

2 ND GENERATION ONION ROUTER 2 ND GENERATION ONION ROUTER Roger Dingledine, Nick Mathewson and Paul Syverson Presenter: Alejandro Villanueva Agenda Threat model Cells and circuits Other features Related work How does it work? Rendezvous

More information

Anonymous communications: Crowds and Tor

Anonymous communications: Crowds and Tor Anonymous communications: Crowds and Tor Basic concepts What do we want to hide? sender anonymity attacker cannot determine who the sender of a particular message is receiver anonymity attacker cannot

More information

Anonymity. Assumption: If we know IP address, we know identity

Anonymity. Assumption: If we know IP address, we know identity 03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We

More information

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design

More information

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor? Introduction 1 Overview of Tor What is Tor? Why use Tor? How Tor works Encryption, Circuit Building, Directory Server Drawback of Tor s directory server Potential solution Using DNS Security Extension

More information

Onion services. Philipp Winter Nov 30, 2015

Onion services. Philipp Winter Nov 30, 2015 Onion services Philipp Winter pwinter@cs.princeton.edu Nov 30, 2015 Quick introduction to Tor An overview of Tor Tor is a low-latency anonymity network Based on Syverson's onion routing......which is based

More information

0x1A Great Papers in Computer Security

0x1A Great Papers in Computer Security CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,

More information

Analysing Onion Routing Bachelor-Thesis

Analysing Onion Routing Bachelor-Thesis Analysing Onion Routing Bachelor-Thesis Steffen Michels June 22, 2009 Abstract Although methods for reaching security goals such as secrecy, integrity and authentication are widely used in the Internet,

More information

Tor: Online anonymity, privacy, and security.

Tor: Online anonymity, privacy, and security. Tor: Online anonymity, privacy, and security. Runa A. Sandvik runa@torproject.org 12 September 2011 Runa A. Sandvik runa@torproject.org () Tor: Online anonymity, privacy, and security. 12 September 2011

More information

Challenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London

Challenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London Challenges in building overlay networks: a case study of Steven Murdoch Principal Research Fellow University College London Who uses? Ordinary people e.g. to avoid unscrupulous marketers, protect children,

More information

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017 Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes

More information

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a private browsing modes Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,

More information

CS Paul Krzyzanowski

CS Paul Krzyzanowski Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide

More information

CS526: Information security

CS526: Information security Cristina Nita-Rotaru CS526: Information security Anonymity systems. Based on slides by Chi Bun Chan 1: Terminology. Anonymity Anonymity (``without name ) means that a person is not identifiable within

More information

Protocols for Anonymous Communication

Protocols for Anonymous Communication 18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your

More information

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship. Tor Tor Anonymity Network Free software that helps people surf on the Web anonymously and dodge censorship. CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk Initially developed at the U.S.

More information

CE Advanced Network Security Anonymity II

CE Advanced Network Security Anonymity II CE 817 - Advanced Network Security Anonymity II Lecture 19 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained

More information

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012 Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor

More information

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010 Network Security: Anonymity Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor

More information

Privacy defense on the Internet. Csaba Kiraly

Privacy defense on the Internet. Csaba Kiraly Advanced Networking Privacy defense on the Internet Csaba Kiraly 1 Topics Anonymity on the Internet Chaum Mix Mix network & Onion Routing Low-latency anonymous routing 2 Anonymity: Chaum mix David L. Chaum

More information

Anonymity Analysis of TOR in Omnet++

Anonymity Analysis of TOR in Omnet++ Anonymity Analysis of TOR in Omnet++ Carmelo Badalamenti Mini Workshop on Security Framework 2006, Catania, December 12, 2006 "Security in Mobility" Badalamenti TOR & Omnet++

More information

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization The Tor Project Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention.

More information

Tor: An Anonymizing Overlay Network for TCP

Tor: An Anonymizing Overlay Network for TCP Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication?

More information

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015 Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, autumn 2015 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor

More information

CS6740: Network security

CS6740: Network security Cristina Nita-Rotaru CS6740: Network security Anonymity. Sources 1. Crowds: http://avirubin.com/crowds.pdf 2. Chaum mix: http://www.ovmj.org/gnunet/papers/p84-chaum.pdf 3. Tor: https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf

More information

How Alice and Bob meet if they don t like onions

How Alice and Bob meet if they don t like onions How Alice and Bob meet if they don t like onions Survey of Network Anonymisation Techniques Erik Sy 34th Chaos Communication Congress, Leipzig Agenda 1. Introduction to Anonymity Networks Anonymity Strategies

More information

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The Free Haven Project http://freehaven.net/ Black Hat 2004 July 29, 2004 Talk Outline Motivation: Why anonymous

More information

CS 134 Winter Privacy and Anonymity

CS 134 Winter Privacy and Anonymity CS 134 Winter 2016 Privacy and Anonymity 1 Privacy Privacy and Society Basic individual right & desire Relevant to corporations & government agencies Recently increased awareness However, general public

More information

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München Anonymity With Tor The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 5, 2012 It s a series of tubes. Ted Stevens Overview What is Tor? Motivation Background Material

More information

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Anonymity With Tor. The Onion Router. July 21, Technische Universität München The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 21, 2011 Overview What is Tor? Motivation Background Material How Tor Works Hidden Services Attacks Specific Attack

More information

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012 Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hübner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28(10), October 1985 Who paid for the

More information

Anonymous Communications

Anonymous Communications Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit

More information

Pluggable Transports Roadmap

Pluggable Transports Roadmap Pluggable Transports Roadmap Steven J. Murdoch and George Kadianakis steven.murdoch@cl.cam.ac.uk,asn@torproject.org Tor Tech Report 2012-03-003 March 17, 2012 Abstract Of the currently available pluggable

More information

anonymous routing and mix nets (Tor) Yongdae Kim

anonymous routing and mix nets (Tor) Yongdae Kim anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1 q Why? Anonymous web browsing 1. Discuss health issues or financial matters anonymously

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym?

More information

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification

More information

Lecture III : Communication Security Mechanisms

Lecture III : Communication Security Mechanisms Lecture III : Communication Security Mechanisms Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 X.800 : Security

More information

Peeling Onions Understanding and using

Peeling Onions Understanding and using hiro@torproject.org Peeling Onions Understanding and using the network Know your onions What is Tor and what it can do for you. How Tor provides privacy and anonymity Using Tor at the application layer:

More information

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1 IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service

More information

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone

More information

TorScan: Tracing Long-lived Connections and Differential Scanning Attacks

TorScan: Tracing Long-lived Connections and Differential Scanning Attacks TorScan: Tracing Long-lived Connections and Differential Scanning Attacks A. Biryukov, I. Pustogarov, R.P. Weinmann University of Luxembourg ivan.pustogarov@uni.lu September 5, 2012 A. Biryukov, I. Pustogarov,

More information

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router Tor: The Second-Generation Onion Router Roger Dingledine The Free Haven Project arma@freehaven.net Nick Mathewson The Free Haven Project nickm@freehaven.net Paul Syverson Naval Research Lab syverson@itd.nrl.navy.mil

More information

Research Collection. Systematic Testing of Tor. Master Thesis. ETH Library. Author(s): Lazzari, Marco. Publication Date: 2014

Research Collection. Systematic Testing of Tor. Master Thesis. ETH Library. Author(s): Lazzari, Marco. Publication Date: 2014 Research Collection Master Thesis Systematic Testing of Tor Author(s): Lazzari, Marco Publication Date: 2014 Permanent Link: https://doi.org/10.3929/ethz-a-010144381 Rights / License: In Copyright - Non-Commercial

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 10 1 Announcements Project Group Due today Attendance Mandatory Ave. 85% ( 4 absentees

More information

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security 1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of

More information

Anonymity Tor Overview

Anonymity Tor Overview Anonymity Tor Overview Andrew Lewman andrew@torproject.org April 21, 2011 Andrew Lewman andrew@torproject.org () Anonymity Tor Overview April 21, 2011 1 / 1 What are we talking about? Crash course on anonymous

More information

BBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1

BBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1 BBC Tor Overview Andrew Lewman andrew@torproject.org March 7, 2011 Andrew Lewman andrew@torproject.org () BBC Tor Overview March 7, 2011 1 / 1 What are we talking about? Crash course on anonymous communications

More information

Surfing safely over the Tor anonymity network. Georg Koppen Philipp Winter

Surfing safely over the Tor anonymity network. Georg Koppen Philipp Winter Surfing safely over the Tor anonymity network Georg Koppen gk@torproject.org Philipp Winter phw@torproject.org How does Tor work? What are exit relays? Currently ~7,000 relays, ~1,000 are exits All run

More information

What's the buzz about HORNET?

What's the buzz about HORNET? 1 What's the buzz about HORNET? 2 You've probably all seen the news "Internet-scale anonymity" "Without sacrificing security, the network supports data transfer speeds of up to 93GBps" "can be scaled at

More information

CS232. Lecture 21: Anonymous Communications

CS232. Lecture 21: Anonymous Communications CS232 Lecture 21: Anonymous Communications November 21, 2018 2 You Are Not Anonymous 3 Your IP address can be linked directly to you ISPs store communications records Usually for several years (Data Retention

More information

ANONYMOUS CONNECTIONS AND ONION ROUTING

ANONYMOUS CONNECTIONS AND ONION ROUTING I J C I T A E Serials Publications 6(1) 2012 : 31-37 ANONYMOUS CONNECTIONS AND ONION ROUTING NILESH MADHUKAR PATIL 1 AND CHELPA LINGAM 2 1 Lecturer, I. T. Dept., Rajiv Gandhi Institute of Technology, Mumbai

More information

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures Srdjan Matic, Carmela Troncoso, Juan Caballero Dublin 31 March 2017 Privacy in electronic communications Alice Bob

More information

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009 Port-Scanning Resistance in Tor Anonymity Network Presented By: Shane Pope (Shane.M.Pope@gmail.com) Dec 04, 2009 In partial fulfillment of the requirements for graduation with the Dean's Scholars Honors

More information

Chapter 4: Securing TCP connections

Chapter 4: Securing TCP connections Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

Network Security Chapter 8

Network Security Chapter 8 Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

Introduction and Overview. Why CSCI 454/554?

Introduction and Overview. Why CSCI 454/554? Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book

More information

L13. Reviews. Rocky K. C. Chang, April 10, 2015

L13. Reviews. Rocky K. C. Chang, April 10, 2015 L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing

More information

Anonymous Communication and Internet Freedom

Anonymous Communication and Internet Freedom Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

Virtual Private Networks

Virtual Private Networks EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,

More information

Anonymous Communication and Internet Freedom

Anonymous Communication and Internet Freedom Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner April 29, 2016 Announcements Final exam in RSF Fieldhouse, 5/10, arrive by 7PM HW4 due Monday, 5/2, 11:59pm Review

More information

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Network Security - ISA 656 IPsec IPsec Key Management (IKE) Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating

More information

ENEE 459-C Computer Security. Security protocols (continued)

ENEE 459-C Computer Security. Security protocols (continued) ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p

More information

A New Replay Attack Against Anonymous Communication Networks

A New Replay Attack Against Anonymous Communication Networks 1 A New Replay Attack Against Anonymous Communication Networks Ryan Pries, Wei Yu, Xinwen Fu and Wei Zhao Abstract Tor is a real-world, circuit-based low-latency anonymous communication network, supporting

More information

IP Security IK2218/EP2120

IP Security IK2218/EP2120 IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous

More information

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities INFRASTRUCTURE SECURITY this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities Goals * prevent or mitigate resource attacks

More information

CSC 4900 Computer Networks: Security Protocols (2)

CSC 4900 Computer Networks: Security Protocols (2) CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication

More information

FBI Tor Overview. Andrew Lewman January 17, 2012

FBI Tor Overview. Andrew Lewman January 17, 2012 FBI Tor Overview Andrew Lewman andrew@torproject.org January 17, 2012 Andrew Lewman andrew@torproject.org () FBI Tor Overview January 17, 2012 1 / 28 What are we talking about? Crash course on anonymous

More information

Achieving Privacy in Mesh Networks

Achieving Privacy in Mesh Networks Achieving Privacy in Mesh Networks Xiaoxin Wu Intel China Research Center Ltd Beijing, China xiaoxin.wu@intel.com Ninghui Li Department of Computer Science Purdue University West Lafayette, IN 47907-2086,

More information

Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P

Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P Khalid Shahbar A. Nur Zincir-Heywood Faculty of Computer Science Dalhousie University Halifax, Canada {Shahbar,

More information

(S//REL) Open Source Multi-Hop Networks

(S//REL) Open Source Multi-Hop Networks TOP SECRET//SI/IRELTO USA,FVEY (C//REL) Types ofiat- Advanced Open Source Multi-Hop (S//REL) Open Source Multi-Hop Networks (S//REL) Tor (S//REL) Very widely used worldwide (S//REL) Open Source (S//REL)

More information

Analysis on End-to-End Node Selection Probability in Tor Network

Analysis on End-to-End Node Selection Probability in Tor Network Analysis on End-to-End Node Selection Probability in Tor Network Saurav Dahal 1, Junghee Lee 2, Jungmin Kang 2 and Seokjoo Shin 1 1 Department of Computer Engineering, Chosun University, Gwangju, South

More information

Introduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh

Introduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh Introduction to Tor Secure Web Browsing and Anonymity Tor Mumbai Meetup, 2018 Sukhbir Singh sukhbir@torproject.org January 20, 2018 Before We Begin... 2 / 18 Before We Begin... Understand your threat model

More information

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously

More information

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security and Cryptography. December Sample Exam Marking Scheme Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers

More information

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution

More information

Telex Anticensorship in the

Telex Anticensorship in the Telex Anticensorship in the Network Infrastructure Eric Wustrow Ian Goldberg * Scott Wolchok J. Alex Halderman University of Michigan University of Michigan * University of Waterloo Background Internet

More information

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec

More information

8. Network Layer Contents

8. Network Layer Contents Contents 1 / 43 * Earlier Work * IETF IP sec Working Group * IP Security Protocol * Security Associations * Authentication Header * Encapsulation Security Payload * Internet Key Management Protocol * Modular

More information

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security

More information

Cryptography opportunities in Tor. Nick Mathewson The Tor Project 21 January 2013

Cryptography opportunities in Tor. Nick Mathewson The Tor Project 21 January 2013 Cryptography opportunities in Tor Nick Mathewson The Tor Project 21 January 2013 Summary Very quick Tor overview Tor's cryptography, and how it's evolving Various opportunities for more Tor crypto work

More information

AIT 682: Network and Systems Security

AIT 682: Network and Systems Security AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same

More information

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Data Security and Privacy. Topic 14: Authentication and Key Establishment Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt

More information

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment. CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How

More information

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect

More information

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP

More information

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen. 20 June 2017 EPFL Summer Research Institute

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen. 20 June 2017 EPFL Summer Research Institute Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich Ian Goldberg 20 June 2017 EPFL Summer Research Institute Censorship Censors may monitor, alter or block traffic

More information

Radius, LDAP, Radius, Kerberos used in Authenticating Users

Radius, LDAP, Radius, Kerberos used in Authenticating Users CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization

More information

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice

More information

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The

More information

e-commerce Study Guide Test 2. Security Chapter 10

e-commerce Study Guide Test 2. Security Chapter 10 e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the

More information

Tor Experimentation Tools

Tor Experimentation Tools Tor Experimentation Tools Fatemeh Shirazi TU Darmstadt / KU Leuven Darmstadt, Germany fshirazi@cdc.informatik.tu-darmstadt.de Matthias Göhring TU Darmstadt Darmstadt, Germany de.m.goehring@ieee.org Claudia

More information

Extremely Sensitive Communication

Extremely Sensitive Communication MSc System and Network Engineering Research Project 2 Extremely Sensitive Communication secure, secret, and private e-mail Author: Loek Sangers loek.sangers@os3.nl Supervisor: Ruud Verbij verbij.ruud@kpmg.nl

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback