Tor: An Anonymizing Overlay Network for TCP

Similar documents
Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Protocols for Anonymous Communication

0x1A Great Papers in Computer Security

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

CS 134 Winter Privacy and Anonymity

A SIMPLE INTRODUCTION TO TOR

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Anonymity Analysis of TOR in Omnet++

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

2 ND GENERATION ONION ROUTER

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols (continued)

CS526: Information security

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Anonymity. Assumption: If we know IP address, we know identity

CE Advanced Network Security Anonymity II

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

Anonymous communications: Crowds and Tor

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Privacy defense on the Internet. Csaba Kiraly

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

CS Paul Krzyzanowski

Privacy Enhancing Technologies CSE 701 Fall 2017

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Onion services. Philipp Winter Nov 30, 2015

What's the buzz about HORNET?

anonymous routing and mix nets (Tor) Yongdae Kim

Host Website from Home Anonymously

CS6740: Network security

Tor: Online anonymity, privacy, and security.

How Alice and Bob meet if they don t like onions

Anonymous Connections and Onion Routing

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

Analysing Onion Routing Bachelor-Thesis

Practical Anonymity for the Masses with MorphMix

Anonymity Tor Overview

Vulnerabilities in Tor: (past,) present, future. Roger Dingledine The Tor Project

Anonymity. With material from: Dave Levin and Michelle Mazurek

BBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1

FBI Tor Overview. Andrew Lewman January 17, 2012

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Privacy SPRING 2018: GANG WANG

ANONYMOUS CONNECTIONS AND ONION ROUTING

CS Final Exam

Challenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London

Anonymous Communications

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

Tor and circumvention: Lessons learned. Roger Dingledine The Tor Project

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

A Peel of Onion. Paul Syverson U.S. Naval Research Laboratory.

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

Introducing SOR: SSH-based Onion Routing

Tor: The Second-Generation Onion Router

CS 494/594 Computer and Network Security

CS232. Lecture 21: Anonymous Communications

Online Anonymity & Privacy. Andrew Lewman The Tor Project

CNT Computer and Network Security: Privacy/Anonymity

Introduction to Computer Security

Outline. Traffic multipliers. DoS against network links. Smurf broadcast ping. Distributed DoS

Herbivore: An Anonymous Information Sharing System

Real-time protocol. Chapter 16: Real-Time Communication Security

Anonymous Communication with emphasis on Tor* *Tor's Onion Routing. Paul Syverson U.S. Naval Research Laboratory

Metrics for Security and Performance in Low-Latency Anonymity Systems

Achieving Privacy in Mesh Networks

Avoiding The Man on the Wire: Improving Tor s Security with Trust-Aware Path Selection

Anonymous Communication and Internet Freedom

Anonymous Communication and Internet Freedom

Peer-to-Peer Systems and Security

The Loopix Anonymity System

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Tor: a brief intro. Roger Dingledine The Tor Project

Closed book. Closed notes. No electronic device.

CSE484 Final Study Guide

P 5 : A Protocol for Scalable Anonymous Communications

Performance Evaluation of Tor Hidden Services

Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

Introduction to Cybersecurity Digital Signatures

The New Cell-Counting-Based Against Anonymous Proxy

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23

2 Application Support via Proxies Onion Routing can be used with applications that are proxy-aware, as well as several non-proxy-aware applications, w

Anonymity With material from: Dave Levin

Cryptography Functions

Core: A Peer-To-Peer Based Connectionless Onion Router

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Transcription:

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004

Talk Outline Motivation: Why anonymous communication? Personal privacy Corporate and governmental security Characterizing anonymity: Properties and Types Mixes and proxies: Anonymity building blocks Onion Routing: Lower latency, Higher Security Features of Tor: 2 nd Generation Onion Routing Hidden Servers and Rendezvous Points Summary and Future Work

Public Networks are Vulnerable to Traffic Analysis In a Public Network (Internet): Packet (message) headers identify recipients Packet routes can be tracked Public Network Initiator Responder Encryption does not hide routing information.

Who Needs Anonymity? Political Dissidents, Whistleblowers Censorship resistant publishers Socially sensitive communicants: Chat rooms and web forums for abuse survivors, people with illnesses Law Enforcement: Anonymous tips or crime reporting Surveillance and honeypots (sting operations) Corporations: Hiding collaborations of sensitive business units or partners Hide procurement suppliers or patterns Competitive analysis

Who Needs Anonymity? You: Where are you sending email (who is emailing you) What web sites are you browsing Where do you work, where are you from What do you buy, what kind of physicians do you visit, what books do you read,...

Who Needs Anonymity? Government

Government Needs Anonymity? Yes, for... Open source intelligence gathering Hiding individual analysts is not enough That a query was from a govt. source may be sensitive Defense in depth on open and classified networks Networks with only cleared users (but a million of them) Dynamic and semitrusted international coalitions Network can be shared without revealing existence or amount of communication between all parties

Anonymity Loves Company You can't be anonymous by yourself Can have confidentiality by yourself A network that protects only DoD network users won't hide that connections from that network are from Defense Dept. You must carry traffic for others to protect yourself But those others don't want to trust their traffic to just one entity either. Network needs distributed trust. Security depends on diversity and dispersal of network.

Who Needs Anonymity? And yes criminals

Who Needs Anonymity? And yes criminals But they already have it. We need to protect everyone else.

Anonymous From Whom? Adversary Model Recipient of your message Sender of your message => Need Channel and Data Anonymity Observer of network from outside Network Infrastructure (Insider) => Need Channel Anonymity Note: Anonymous authenticated communication makes perfect sense Communicant identification should be inside the basic channel, not a property of the channel

Focus of Tor is anonymity of the communication pipe, not what goes through it

Grab the code and try it out Published under the BSD license Not encumbered by Onion Routing patent Works on Linux, BSD, OS X, Solaris, Win32 Packages: Debian, Gentoo, *BSD, Win32 Runs in user space, no need for kernel mods or root http://tor.eff.org/

How Do You Get Communication Anonymity? Many technical approaches Overview of two extensively used approaches Mixes Proxies

What does a mix do? message 1 message 2 Mix message 3 message 4 Randomly permutes and decrypts inputs

What does a mix do?? message 2 Key property: Adversary can't tell which ciphertext corresponds to a given message

Basic Mix (Chaum 81) PK 1 PK 2 PK 3 Server 1 Server 2 Server 3

Encryption of Message PK 1 PK 2 PK 3 message Ciphertext = E PK1 [E PK2 [E PK3 [message]]]

Basic Chaum-type Mix Server 1 Server 2 Server 3 m1 decrypt and permute m2 decrypt and permute m2 decrypt and permute m2 m2 m3 m1 m3 m3 m1 m3 m1

One honest server preserves privacy Server 1 Server 2 Server 3? m3

What if you need quick interaction? Web browsing, Remote login, Chat, etc. Mixnets introduced for email and other high latency apps Each layer of message requires expensive public-key crypto

Basic Anonymizing Proxy anonymizing proxy Channels appear to come from proxy, not true originator Appropriate for Web connections, etc.: SSL, TLS, SSH (lower cost symmetric encryption) Examples: The Anonymizer Advantages: Simple, Focuses lots of traffic for more anonymity Main Disadvantage: Single point of failure, compromise, attack

Onion Routing Traffic Analysis Resistant Infrastructure Main Idea: Combine Advantages of mixes and proxies Use (expensive) public-key crypto to establish circuits Use (cheaper) symmetric-key crypto to move data Like SSL/TLS based proxies Distributed trust like mixes Related Work (some implemented, some just designs): ISDN Mixes Crowds, JAP Webmixes, Freedom Network Tarzan, Morphmix

Network Structure Onion routers form an overlay network Clique topology (for now) TLS encrypted connections Proxy interfaces between client machine and onion routing overlay network Client Initiator Responder Internet

Tor

Tor The Onion Routing

Tor Tor's Onion Routing

Tor Circuit Setup Client Proxy establishes session key + circuit w/ Onion Router 1 Client Initiator

Tor Circuit Setup Client Proxy establishes session key + circuit w/ Onion Router 1 Proxy tunnels through that circuit to extend to Onion Router 2 Client Initiator

Tor Circuit Setup Client Proxy establishes session key + circuit w/ Onion Router 1 Proxy tunnels through that circuit to extend to Onion Router 2 Etc Client Initiator

Tor Circuit Usage Client Proxy establishes session key + circuit w/ Onion Router 1 Proxy tunnels through that circuit to extend to Onion Router 2 Etc Client applications connect and communicate over Tor circuit Client Initiator

Tor Circuit Usage Client Proxy establishes session key + circuit w/ Onion Router 1 Proxy tunnels through that circuit to extend to Onion Router 2 Etc Client applications connect and communicate over Tor circuit Client Initiator

Tor Circuit Usage Client Proxy establishes session key + circuit w/ Onion Router 1 Proxy tunnels through that circuit to extend to Onion Router 2 Etc Client applications connect and communicate over Tor circuit Client Initiator

Where do I go to connect to the network? Directory Servers Maintain list of which onion routers are up, their locations, current keys, exit policies, etc. Directory server keys ship with the code Control which nodes can join network Important to guard against Sybil attack and related problems These directories are cached and served by other servers, to reduce bottlenecks

Some Tor Properties Simple modular design, Restricted ambitions 26K lines of C code Even servers run in user space, no need to be root Just anonymize the pipe Can use, e.g., privoxy as front end if desired to anonymize data SOCKS compliant TCP: includes Web, remote login, mail, chat, more No need to build proxies for every application Flexible exit policies, each node chooses what applications/destinations can emerge from it

Some Tor Properties Lots of supported platforms: Linux, BSD, MacOS X, Solaris, Windows Many TCP streams (application connections) share one anonymous circuit Less public-key encryption overhead than prior designs Reduced anonymity danger from opening many circuits (but we rotate away from used circuits after a while)

More Tor Properties Bandwidth rate limiting Limits how much one OR can send to a neighbor Token bucket approach limits average but permits bursts Circuit and stream level throttling Controls congestion Mitigates denial of service that a single circuit can do Stream integrity checks Onion Routing uses stream ciphers We must prevent, e.g., reasonable guess attack XOR out 'dir ' and XOR in 'rm *'

Generations 0 and 1 Circuit Setup B C F A D E E ach layer of the onion identifies the next hop in the route and contains the cryptographic keys to be used at that node.

More Tor Advantages No need to keep track of onions to prevent replay There are no onions anymore Even a replayed create cell will result in a new session key at an honest onion router Perfect Forward Secrecy Storing all traffic sent to a node and later breaking its public key will not reveal encrypted content

Numbers and Performance Running since October 2003 50 nodes scattered through US (30) and outside (20) Actually, more like 70-90 as of last week. (Tens of) thousands(?) of users Nodes process 1-20 GB / day application cells Network has never been down

Number of running routers

Total traffic through Tor network

Latency Tests 4 node test network on single heavily loaded 1 GHz Athlon Download 60MB file (108 times over 54 hours) Avg. 300 sec/download vs. 210 sec/download without Tor Beta network test Download cnn.com (55KB) Median of 2.7 sec through Tor vs. 0.3 sec direct Fastest through Tor was 0.6 sec

Location Hidden Servers Alice can connect to Bob's server without knowing where it is or possibly who he is Can provide servers that Are accessible from anywhere Resist censorship Require minimal redundancy for resilience in denial of service (DoS) attack Can survive to provide selected service even during full blown distributed DoS attack Resistant to physical attack (you can't find them) How is this possible?

Location Hidden Servers 1. Server Bob creates onion routes to Introduction Points (IP) Server Bob Introduction Points

Location Hidden Servers 1. Server Bob creates onion routes to Introduction Points (IP) 2. Bob gets Service Descriptor incl. Intro Pt. addresses to Alice - In this example gives them to Service Lookup Server Client Alice Server Bob Service Lookup Server Bob's Service Introduction Points

Location Hidden Servers 2'. Alice obtains Service Descriptor (including Intro Pt. address) at Lookup Server Client Alice Server Bob Service Lookup Server Bob's Service Introduction Points

Location Hidden Servers 3. Client Alice creates onion route to Rendezvous Point (RP) Rendezvous Point Client Alice Server Bob Introduction Points

Location Hidden Servers 3. Client Alice creates onion route to Rendezvous Point (RP) 4. Alice sends RP addr. and any authorization through IP to Bob Rendezvous Point Client Alice Server Bob Introduction Points

Location Hidden Servers 5. If Bob chooses to talk to Alice, connects to Rendezvous Point Rendezvous Point Client Alice Server Bob Introduction Points

Location Hidden Servers 5. If Bob chooses to talk to Alice, connects to Rendezvous Point 6. Rendezvous point mates the circuits from Alice and Bob Rendezvous Point Client Alice Server Bob Introduction Points

How do we compare Tor's security? Assume the adversary owns c of the n nodes. (he can choose which) What's the chance for a random Alice talking to a random Bob that the adversary learns they are linked? Freedom, Tor: c^2/n^2 (10 of 100 => 1%) Peekabooty, six-four, etc: c/n (10 of 100 => 10%) Jap (one cascade): 1 if c>1 Jap (many cascades): c^2/(n/2)^2 (10 of 100 => 4%) Anonymizer: 1 if c>0

Tradeoffs Low-latency (Tor) vs. high-latency (Mixminion) Packet-level vs stream-level capture Padding vs. no padding (mixing, traffic shaping) UI vs. no UI AS-level paths and proximity issues Incentives to run servers (volunteers, pay; security) Incentives to allow exits Enclave-level onion routers / proxies / helper nodes Path length? (3 hops, don't reuse nodes) P2P network vs. static network

Future Work Design and build distributed directory management? Restricted-route (non-clique) topology To scale beyond hundreds of nodes and 10Ks of users (We should have such problems) How to handle hetergeneous bandwidths? Win32 packager / installer / support Exit policies e.g. Squid Make it all work better More theoretical work Midlatency? Synchronous? Assuming fewer bad nodes?

Get the Code, Run a Node! (or just surf the web anonymously) Current code freely available (3-clause BSD license) Comes with a specification the JAP folks implemented a compatible Tor client in Java Design paper, system spec, code, see the list of current nodes, etc. http://tor.eff.org/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback