Network Security. Traffic analysis and anonymization. Radboud University Nijmegen, The Netherlands. Autumn 2014

Similar documents
0x1A Great Papers in Computer Security

A SIMPLE INTRODUCTION TO TOR

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

CS Paul Krzyzanowski

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Protocols for Anonymous Communication

ENEE 459-C Computer Security. Security protocols

Anonymity. Assumption: If we know IP address, we know identity

ENEE 459-C Computer Security. Security protocols (continued)

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Network Security. Thierry Sans

Tor: Online anonymity, privacy, and security.

Introduction to Computer Security

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Securing Internet Communication: TLS

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Cryptography and Network Security

Information Security CS 526

IP Security IK2218/EP2120

CS Computer Networks 1: Authentication

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

CS232. Lecture 21: Anonymous Communications

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Anonymous communications: Crowds and Tor

Anonymous Communication and Internet Freedom

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

anonymous routing and mix nets (Tor) Yongdae Kim

CS Final Exam

Privacy defense on the Internet. Csaba Kiraly

14. Internet Security (J. Kurose)

Introduction and Overview. Why CSCI 454/554?

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

CSE543 Computer and Network Security Module: Network Security

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Anonymous Communication and Internet Freedom

Most Common Security Threats (cont.)

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Network Encryption 3 4/20/17

CE Advanced Network Security Anonymity II

Tor: An Anonymizing Overlay Network for TCP

Configuring OpenVPN on pfsense

Anonymity and censorship circumvention with Tor

Telex Anticensorship in the Network Infrastructure

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

CS 494/594 Computer and Network Security

Crypto meets Web Security: Certificates and SSL/TLS

Chapter 4: Securing TCP connections

Defeating All Man-in-the-Middle Attacks

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

SSL/TLS. How to send your credit card number securely over the internet

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

CS 356 Internet Security Protocols. Fall 2013

Sample excerpt. Virtual Private Networks. Contents

Introduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Attacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016

Analysing Onion Routing Bachelor-Thesis

CSC 4900 Computer Networks: Security Protocols (2)

Sirindhorn International Institute of Technology Thammasat University

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Cryptographic Protocols 1

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

(S//REL) Open Source Multi-Hop Networks

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

Network Control, Con t

CSC 6575: Internet Security Fall 2017

Configuration of an IPSec VPN Server on RV130 and RV130W

Chapter 8 Network Security

Internet security and privacy

IPSec Transform Set Configuration Mode Commands

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Telex Anticensorship in the

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Anonymous Network Concepts & Implementation

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

CS 134 Winter Privacy and Anonymity

Lecture 10: Communications Security

Real-time protocol. Chapter 16: Real-Time Communication Security

Anonymity Analysis of TOR in Omnet++

Introduction. INF3510 Information Security. Lecture 10: Communications Security. Outline. Network Security Concepts. University of Oslo Spring 2018

Introduction to IPsec. Charlie Kaufman

Internet Protocol and Transmission Control Protocol

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Transcription:

Network Security Traffic analysis and anonymization Radboud University Nijmegen, The Netherlands Autumn 2014

The next weeks Today (Monday, Oct. 13): last lecture Friday Oct. 17: werkcollege Monday Oct. 20: extra werkcollege Friday Oct. 24: last homework solution + exam Q&A Monday Nov. 3, 12:30 15:30: Exam Network Security Traffic analysis and anonymization 2

TUN/TAP example tyrion # echo 1 > /proc/sys/net/ipv4/ip_forward tyrion # ip tuntap add dev tun3 mode tun tyrion # ip addr add dev tun3 10.0.5.1/24 tyrion # ip l set dev tun3 up arya # echo 1 > /proc/sys/net/ipv4/ip_forward arya # ip tuntap add dev tun5 mode tun arya # ip addr add dev tun5 10.0.5.2/24 arya # ip l set dev tun5 up tyrion # ssh -o Tunnel=point-to-point -w 3:5 arya tyrion # ping 10.0.5.2 Network Security Traffic analysis and anonymization 3

TUN/TAP example tyrion # echo 1 > /proc/sys/net/ipv4/ip_forward tyrion # ip tuntap add dev tap3 mode tap tyrion # ip addr add dev tap3 10.0.5.1/24 tyrion # ip l set dev tap3 up arya # echo 1 > /proc/sys/net/ipv4/ip_forward arya # ip tuntap add dev tap5 mode tap arya # ip addr add dev tap5 10.0.5.2/24 arya # ip l set dev tap5 up tyrion # ssh -o Tunnel=ethernet -w 3:5 arya tyrion # ping 10.0.5.2 Network Security Traffic analysis and anonymization 3

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Transport layer: encryption between client and server process (example: SSL/TLS) Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Transport layer: encryption between client and server process (example: SSL/TLS) Application layer: end-to-end encryption between applications (example: PGP) Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Transport layer: encryption between client and server process (example: SSL/TLS) Application layer: end-to-end encryption between applications (example: PGP) IPsec has two modes of operation: transport and tunneling Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Transport layer: encryption between client and server process (example: SSL/TLS) Application layer: end-to-end encryption between applications (example: PGP) IPsec has two modes of operation: transport and tunneling IPsec has two main protocols: authentication headers (AH) and encapsulating security payloads (ESP) Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Transport layer: encryption between client and server process (example: SSL/TLS) Application layer: end-to-end encryption between applications (example: PGP) IPsec has two modes of operation: transport and tunneling IPsec has two main protocols: authentication headers (AH) and encapsulating security payloads (ESP) IPsec s Security Associations (SA) establish unidirectional security relations Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Transport layer: encryption between client and server process (example: SSL/TLS) Application layer: end-to-end encryption between applications (example: PGP) IPsec has two modes of operation: transport and tunneling IPsec has two main protocols: authentication headers (AH) and encapsulating security payloads (ESP) IPsec s Security Associations (SA) establish unidirectional security relations TLS uses (long) handshake to agree on cipher suites, establish session keys Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Transport layer: encryption between client and server process (example: SSL/TLS) Application layer: end-to-end encryption between applications (example: PGP) IPsec has two modes of operation: transport and tunneling IPsec has two main protocols: authentication headers (AH) and encapsulating security payloads (ESP) IPsec s Security Associations (SA) establish unidirectional security relations TLS uses (long) handshake to agree on cipher suites, establish session keys All cipher suites in TLS have (or had) some problems Network Security Traffic analysis and anonymization 4

A short recap Best protection against active and passive attackers: encrypt and authenticate all traffic Different security for encryption on different layers: Link-layer: protection between two network neighbors (example: WPA2) Network layer: encryption between two nodes (example: IPsec) Transport layer: encryption between client and server process (example: SSL/TLS) Application layer: end-to-end encryption between applications (example: PGP) IPsec has two modes of operation: transport and tunneling IPsec has two main protocols: authentication headers (AH) and encapsulating security payloads (ESP) IPsec s Security Associations (SA) establish unidirectional security relations TLS uses (long) handshake to agree on cipher suites, establish session keys All cipher suites in TLS have (or had) some problems Best option: TLS_ECDHE_RSA_WITH_AES256_GCM_SHA384 Network Security Traffic analysis and anonymization 4

Who do you trust? HTTPS (HTTP over SSL/TLS) uses pre-installed root certificates in the browser Operating systems come with various pre-installed certificates Authenticating a communication partner means: follow chain of trust to root CA Network Security Traffic analysis and anonymization 5

Who do you trust? HTTPS (HTTP over SSL/TLS) uses pre-installed root certificates in the browser Operating systems come with various pre-installed certificates Authenticating a communication partner means: follow chain of trust to root CA Compromise one root CA and all browsers are compromised Forge a root CA s certificate and all browsers are compromised Network Security Traffic analysis and anonymization 5

Who do you trust? HTTPS (HTTP over SSL/TLS) uses pre-installed root certificates in the browser Operating systems come with various pre-installed certificates Authenticating a communication partner means: follow chain of trust to root CA Compromise one root CA and all browsers are compromised Forge a root CA s certificate and all browsers are compromised Rogue CA certificate from MD5 vulnerabilities, 2008: http://www.win.tue.nl/hashclash/rogue-ca/ Network Security Traffic analysis and anonymization 5

Who do you trust? HTTPS (HTTP over SSL/TLS) uses pre-installed root certificates in the browser Operating systems come with various pre-installed certificates Authenticating a communication partner means: follow chain of trust to root CA Compromise one root CA and all browsers are compromised Forge a root CA s certificate and all browsers are compromised Rogue CA certificate from MD5 vulnerabilities, 2008: http://www.win.tue.nl/hashclash/rogue-ca/ DigiNotar compromised in 2011: >300,000 Iranian Gmail users compromised Network Security Traffic analysis and anonymization 5

OpenSSL Heartbleed Bug Bug in the implementation of the Heartbeat Extension (RFC 6520): struct { HeartbeatMessageType type; uint16 payload_length; opaque payload[heartbeatmessage.payload_length]; opaque padding[padding_length]; } HeartbeatMessage; [...] When a HeartbeatRequest message is received [...], the receiver MUST send a corresponding HeartbeatResponse message carrying an exact copy of the payload of the received HeartbeatRequest. OpenSSL failed to check actual length of payload data. Network Security Traffic analysis and anonymization 6

OpenSSL Heartbleed Bug Network Security Traffic analysis and anonymization 7

OpenSSL Heartbleed Bug Network Security Traffic analysis and anonymization 7

SSLstrip I Consider SSL/TLS for HTTP (i.e., HTTPS): Attacker cannot read data (because they are encrypted) Attacker cannot modify data (because they are authenticated) Target of the attacker: avoid HTTPS Network Security Traffic analysis and anonymization 8

SSLstrip I Consider SSL/TLS for HTTP (i.e., HTTPS): Attacker cannot read data (because they are encrypted) Attacker cannot modify data (because they are authenticated) Target of the attacker: avoid HTTPS Most users visit websites by clicking on links (or HTTP 301/302) Consider a website http://www.target.com (note that it s HTTP!) Assume that this website has a link of the following form: <a href="https://www.target.com/login.html">login</a> User clicks on this link and uses HTTPS Network Security Traffic analysis and anonymization 8

SSLstrip I Consider SSL/TLS for HTTP (i.e., HTTPS): Attacker cannot read data (because they are encrypted) Attacker cannot modify data (because they are authenticated) Target of the attacker: avoid HTTPS Most users visit websites by clicking on links (or HTTP 301/302) Consider a website http://www.target.com (note that it s HTTP!) Assume that this website has a link of the following form: <a href="https://www.target.com/login.html">login</a> User clicks on this link and uses HTTPS Active MitM attacker can modify this link to <a href="http://www.target.com/login.html">login</a> User clicks on this link and uses HTTP! Network Security Traffic analysis and anonymization 8

SSLstrip II This attack was presented by Moxie Marlinspike in 2009 Automated tool to perform this attack: sslstrip More information: http://www.thoughtcrime.org/software/sslstrip/ Network Security Traffic analysis and anonymization 9

SSLstrip II This attack was presented by Moxie Marlinspike in 2009 Automated tool to perform this attack: sslstrip More information: http://www.thoughtcrime.org/software/sslstrip/ User can notice this attack (by looking at browser s address bar) Current browsers don t show huge differences for HTTP vs. HTTPS Reasonable assumption that most users won t notice all of the time Network Security Traffic analysis and anonymization 9

SSLstrip II This attack was presented by Moxie Marlinspike in 2009 Automated tool to perform this attack: sslstrip More information: http://www.thoughtcrime.org/software/sslstrip/ User can notice this attack (by looking at browser s address bar) Current browsers don t show huge differences for HTTP vs. HTTPS Reasonable assumption that most users won t notice all of the time HTTP Strict Transport Security (HSTS) attempts to solve the problem Web server declares that browsers have to use HTTPS Network Security Traffic analysis and anonymization 9

SSLstrip II This attack was presented by Moxie Marlinspike in 2009 Automated tool to perform this attack: sslstrip More information: http://www.thoughtcrime.org/software/sslstrip/ User can notice this attack (by looking at browser s address bar) Current browsers don t show huge differences for HTTP vs. HTTPS Reasonable assumption that most users won t notice all of the time HTTP Strict Transport Security (HSTS) attempts to solve the problem Web server declares that browsers have to use HTTPS Attacker can strip the HSTS header in the first request to the server Firefox and Chrome ship with a list of known HSTS sites Network Security Traffic analysis and anonymization 9

How much web traffic is encrypted? Network Security Traffic analysis and anonymization 10

How much web traffic is encrypted? Network Security Traffic analysis and anonymization 10

How much web traffic is encrypted? From the article: Early last year before the Snowden revelations encrypted traffic accounted for 2.29 percent of all peak hour traffic in North America, according to Sandvine s report. Now, it spans 3.8 percent. But that s a small jump compared to other parts of the world. In Europe, encrypted traffic went from 1.47 percent to 6.10 percent, and in Latin America, it increased from 1.8 percent to 10.37 percent. Klint Finley on wired.com, May 16, 2014. Network Security Traffic analysis and anonymization 10

The perfect world (crypto-wise) Imagine a world in which...... all Internet traffic is encrypted and authenticated, Network Security Traffic analysis and anonymization 11

The perfect world (crypto-wise) Imagine a world in which...... all Internet traffic is encrypted and authenticated,... e-mails are all PGP encrypted and signed, Network Security Traffic analysis and anonymization 11

The perfect world (crypto-wise) Imagine a world in which...... all Internet traffic is encrypted and authenticated,... e-mails are all PGP encrypted and signed,... everybody is using cipher suites that offer high security, Network Security Traffic analysis and anonymization 11

The perfect world (crypto-wise) Imagine a world in which...... all Internet traffic is encrypted and authenticated,... e-mails are all PGP encrypted and signed,... everybody is using cipher suites that offer high security,... all trusted parties are trustworthy, Network Security Traffic analysis and anonymization 11

The perfect world (crypto-wise) Imagine a world in which...... all Internet traffic is encrypted and authenticated,... e-mails are all PGP encrypted and signed,... everybody is using cipher suites that offer high security,... all trusted parties are trustworthy,... crypto implementations are correct and secure, Network Security Traffic analysis and anonymization 11

The perfect world (crypto-wise) Imagine a world in which...... all Internet traffic is encrypted and authenticated,... e-mails are all PGP encrypted and signed,... everybody is using cipher suites that offer high security,... all trusted parties are trustworthy,... crypto implementations are correct and secure,... applied cryptographers have trouble finding a job. Network Security Traffic analysis and anonymization 11

What does an attacker see? EU s Data Retention Directive Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. Network Security Traffic analysis and anonymization 12

What does an attacker see? EU s Data Retention Directive Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. From Article 5: data necessary to trace and identify the source of a communication data necessary to identify the destination of a communication Network Security Traffic analysis and anonymization 12

What does an attacker see? EU s Data Retention Directive Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. From Article 5: data necessary to trace and identify the source of a communication data necessary to identify the destination of a communication data necessary to identify the date, time and duration of a communication Network Security Traffic analysis and anonymization 12

What does an attacker see? EU s Data Retention Directive Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. From Article 5: data necessary to trace and identify the source of a communication data necessary to identify the destination of a communication data necessary to identify the date, time and duration of a communication data necessary to identify the type of communication Network Security Traffic analysis and anonymization 12

What does an attacker see? EU s Data Retention Directive Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. From Article 5: data necessary to trace and identify the source of a communication data necessary to identify the destination of a communication data necessary to identify the date, time and duration of a communication data necessary to identify the type of communication data necessary to identify users communication equipment or what purports to be their equipment Network Security Traffic analysis and anonymization 12

What does an attacker see? EU s Data Retention Directive Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. From Article 5: data necessary to trace and identify the source of a communication data necessary to identify the destination of a communication data necessary to identify the date, time and duration of a communication data necessary to identify the type of communication data necessary to identify users communication equipment or what purports to be their equipment data necessary to identify the location of mobile communication equipment Network Security Traffic analysis and anonymization 12

What does an attacker see? EU s Data Retention Directive Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. From Article 5: data necessary to trace and identify the source of a communication data necessary to identify the destination of a communication data necessary to identify the date, time and duration of a communication data necessary to identify the type of communication data necessary to identify users communication equipment or what purports to be their equipment data necessary to identify the location of mobile communication equipment Encrypting and authenticating content does not prevent any of this! Network Security Traffic analysis and anonymization 12

What can you do with meta data? Metadata absolutely tells you everything about somebody s life. If you have enough metadata you don t really need content... [It s] sort of embarrassing how predictable we are as human beings. Stewart Baker, former general counsel of the NSA Network Security Traffic analysis and anonymization 13

What can you do with meta data? Metadata absolutely tells you everything about somebody s life. If you have enough metadata you don t really need content... [It s] sort of embarrassing how predictable we are as human beings. Stewart Baker, former general counsel of the NSA We kill people based on metadata. Michael Hayden, former director of the NSA and the CIA Network Security Traffic analysis and anonymization 13

Is metadata all an attacker gets? Common assumption: an attacker sees only traffic data ( meta data ) Example, interview with Jimmy Wales (Wikipedia founder): You ve said that you re going to start encrypting communications on Wikipedia as a result... We have done. It s not completely finished yet but the only thing that GCHQ, hopefully, can see is that you re looking at Wikipedia. They can t see which article you re reading. It s not the government s business to know what everybody is reading. Network Security Traffic analysis and anonymization 14

Is metadata all an attacker gets? Common assumption: an attacker sees only traffic data ( meta data ) Example, interview with Jimmy Wales (Wikipedia founder): You ve said that you re going to start encrypting communications on Wikipedia as a result... We have done. It s not completely finished yet but the only thing that GCHQ, hopefully, can see is that you re looking at Wikipedia. They can t see which article you re reading. It s not the government s business to know what everybody is reading. Small experiment: 10 Wikipedia pages, load one at random through HTTPS Attacker sniffs the network, tries to figure out which one Network Security Traffic analysis and anonymization 14

Is metadata all an attacker gets? Common assumption: an attacker sees only traffic data ( meta data ) Example, interview with Jimmy Wales (Wikipedia founder): You ve said that you re going to start encrypting communications on Wikipedia as a result... We have done. It s not completely finished yet but the only thing that GCHQ, hopefully, can see is that you re looking at Wikipedia. They can t see which article you re reading. It s not the government s business to know what everybody is reading. Small experiment: 10 Wikipedia pages, load one at random through HTTPS Attacker sniffs the network, tries to figure out which one Network Security Traffic analysis and anonymization 14

Is metadata all an attacker gets? Common assumption: an attacker sees only traffic data ( meta data ) Example, interview with Jimmy Wales (Wikipedia founder): You ve said that you re going to start encrypting communications on Wikipedia as a result... We have done. It s not completely finished yet but the only thing that GCHQ, hopefully, can see is that you re looking at Wikipedia. They can t see which article you re reading. It s not the government s business to know what everybody is reading. Small experiment: 10 Wikipedia pages, load one at random through HTTPS Attacker sniffs the network, tries to figure out which one Network Security Traffic analysis and anonymization 14

Is metadata all an attacker gets? Common assumption: an attacker sees only traffic data ( meta data ) Example, interview with Jimmy Wales (Wikipedia founder): You ve said that you re going to start encrypting communications on Wikipedia as a result... We have done. It s not completely finished yet but the only thing that GCHQ, hopefully, can see is that you re looking at Wikipedia. They can t see which article you re reading. It s not the government s business to know what everybody is reading. Small experiment: 10 Wikipedia pages, load one at random through HTTPS Attacker sniffs the network, tries to figure out which one Not that hard: 10 webpages have different amount of pictures Browser sends one request per image Attacker counts requests, distinguishes websites Network Security Traffic analysis and anonymization 14

Is metadata all an attacker gets? Common assumption: an attacker sees only traffic data ( meta data ) Example, interview with Jimmy Wales (Wikipedia founder): You ve said that you re going to start encrypting communications on Wikipedia as a result... We have done. It s not completely finished yet but the only thing that GCHQ, hopefully, can see is that you re looking at Wikipedia. They can t see which article you re reading. It s not the government s business to know what everybody is reading. Small experiment: 10 Wikipedia pages, load one at random through HTTPS Attacker sniffs the network, tries to figure out which one Not that hard: 10 webpages have different amount of pictures Browser sends one request per image Attacker counts requests, distinguishes websites This is not the only thing an attacker sees; more in the homework Network Security Traffic analysis and anonymization 14

IPsec ESP in tunnel mode local network tunnel mode Internet local network gateway gateway Everything between the gateways has the gateways addresses Nodes behind the gateways are indistinguishable RFC 2406 calls this limited traffic flow confidentiality Network Security Traffic analysis and anonymization 15

IPsec ESP in tunnel mode local network tunnel mode Internet local network gateway gateway Everything between the gateways has the gateways addresses Nodes behind the gateways are indistinguishable RFC 2406 calls this limited traffic flow confidentiality Problem 1: Does not help against state-level attacker who can request gateway s logfiles Network Security Traffic analysis and anonymization 15

IPsec ESP in tunnel mode local network tunnel mode Internet local network gateway gateway Everything between the gateways has the gateways addresses Nodes behind the gateways are indistinguishable RFC 2406 calls this limited traffic flow confidentiality Problem 1: Does not help against state-level attacker who can request gateway s logfiles Problem 2: Potentially small anonymity set Network Security Traffic analysis and anonymization 15

Anonymizing proxies Somewhat similar idea (without crypto): use a proxy server Typically: application-specific proxies (e.g., HTTP proxies) Requests to websites come from proxy All users behind the proxy are indistinguishable Various problems: 1. Single point of failure against state-level attackers Network Security Traffic analysis and anonymization 16

Anonymizing proxies Somewhat similar idea (without crypto): use a proxy server Typically: application-specific proxies (e.g., HTTP proxies) Requests to websites come from proxy All users behind the proxy are indistinguishable Various problems: 1. Single point of failure against state-level attackers 2. Proxy somewhere in the Internet: easy to correlate ingoing/outgoing traffic Network Security Traffic analysis and anonymization 16

Anonymizing proxies Somewhat similar idea (without crypto): use a proxy server Typically: application-specific proxies (e.g., HTTP proxies) Requests to websites come from proxy All users behind the proxy are indistinguishable Various problems: 1. Single point of failure against state-level attackers 2. Proxy somewhere in the Internet: easy to correlate ingoing/outgoing traffic 3. No crypto protection to the proxy Network Security Traffic analysis and anonymization 16

Anonymizing proxies Somewhat similar idea (without crypto): use a proxy server Typically: application-specific proxies (e.g., HTTP proxies) Requests to websites come from proxy All users behind the proxy are indistinguishable Various problems: 1. Single point of failure against state-level attackers 2. Proxy somewhere in the Internet: easy to correlate ingoing/outgoing traffic 3. No crypto protection to the proxy Can add crypto to the proxy (e.g., OpenVPN Service) That still does not solve problems 1 and 2 Network Security Traffic analysis and anonymization 16

Mix Networks Idea for anonymous electronic mail by Chaum, 1981: mixing networks Assume that Alice want to anonymously send message M to Bob Network Security Traffic analysis and anonymization 17

Mix Networks Idea for anonymous electronic mail by Chaum, 1981: mixing networks Assume that Alice want to anonymously send message M to Bob Uses intermediate computer called mix and public keys KB of Bob, and KM of the mix Network Security Traffic analysis and anonymization 17

Mix Networks Idea for anonymous electronic mail by Chaum, 1981: mixing networks Assume that Alice want to anonymously send message M to Bob Uses intermediate computer called mix and public keys KB of Bob, and KM of the mix Sends to mix: K M (R 1, K B (R 0, M)) for random R 0, R 1 Network Security Traffic analysis and anonymization 17

Mix Networks Idea for anonymous electronic mail by Chaum, 1981: mixing networks Assume that Alice want to anonymously send message M to Bob Uses intermediate computer called mix and public keys KB of Bob, and KM of the mix Sends to mix: K M (R 1, K B (R 0, M)) for random R 0, R 1 Mix collects many such mails, decrypts to K B (R 0, M) Network Security Traffic analysis and anonymization 17

Mix Networks Idea for anonymous electronic mail by Chaum, 1981: mixing networks Assume that Alice want to anonymously send message M to Bob Uses intermediate computer called mix and public keys KB of Bob, and KM of the mix Sends to mix: K M (R 1, K B (R 0, M)) for random R 0, R 1 Mix collects many such mails, decrypts to K B (R 0, M) Sends mails in lexicographic order to receivers Receiver Bob decrypts and obtains M Network Security Traffic analysis and anonymization 17

Mix Networks Idea for anonymous electronic mail by Chaum, 1981: mixing networks Assume that Alice want to anonymously send message M to Bob Uses intermediate computer called mix and public keys KB of Bob, and KM of the mix Sends to mix: K M (R 1, K B (R 0, M)) for random R 0, R 1 Mix collects many such mails, decrypts to K B (R 0, M) Sends mails in lexicographic order to receivers Receiver Bob decrypts and obtains M Achieves anonymity if encrypted messages are indistinguishable Very important: never repeat input and output! Has high communication latency (wait for enough messages) Network Security Traffic analysis and anonymization 17

Return Addresses Now Alice can send mail to Bob, how about replies? Need a way for Bob to reply without revealing Alice s address/identity Network Security Traffic analysis and anonymization 18

Return Addresses Now Alice can send mail to Bob, how about replies? Need a way for Bob to reply without revealing Alice s address/identity Alice includes a return address her message encrypted to Bob: K M (R 1, A X ), K X R 1, K X are random one-time symmetric keys A X is Alice s real address Network Security Traffic analysis and anonymization 18

Return Addresses Now Alice can send mail to Bob, how about replies? Need a way for Bob to reply without revealing Alice s address/identity Alice includes a return address her message encrypted to Bob: K M (R 1, A X ), K X R 1, K X are random one-time symmetric keys A X is Alice s real address Bob can send response M as K M (R 1, A X ), K X (R 0, M) Network Security Traffic analysis and anonymization 18

Return Addresses Now Alice can send mail to Bob, how about replies? Need a way for Bob to reply without revealing Alice s address/identity Alice includes a return address her message encrypted to Bob: K M (R 1, A X ), K X R 1, K X are random one-time symmetric keys A X is Alice s real address Bob can send response M as K M (R 1, A X ), K X (R 0, M) Mix receives and recovers R 1, A X, sends to Alice R 1 (K X (R 0, M)) Network Security Traffic analysis and anonymization 18

Return Addresses Now Alice can send mail to Bob, how about replies? Need a way for Bob to reply without revealing Alice s address/identity Alice includes a return address her message encrypted to Bob: K M (R 1, A X ), K X R 1, K X are random one-time symmetric keys A X is Alice s real address Bob can send response M as K M (R 1, A X ), K X (R 0, M) Mix receives and recovers R 1, A X, sends to Alice R 1 (K X (R 0, M)) Only Alice can decrypt, because only she knows both K X and R 1 Network Security Traffic analysis and anonymization 18

Cascading Mixes Network Security Traffic analysis and anonymization 19

Mix Nets vs. Anonymizing proxies Mix Nets + No single point of failure (with cascading) + Inbound/output-traffic analysis does not de-anonymize + Generally good anonymity Network Security Traffic analysis and anonymization 20

Mix Nets vs. Anonymizing proxies Mix Nets + No single point of failure (with cascading) + Inbound/output-traffic analysis does not de-anonymize + Generally good anonymity Slow public-key cryptography (at least in vanilla mix nets) Long latency Network Security Traffic analysis and anonymization 20

Mix Nets vs. Anonymizing proxies Mix Nets + No single point of failure (with cascading) + Inbound/output-traffic analysis does not de-anonymize + Generally good anonymity Slow public-key cryptography (at least in vanilla mix nets) Long latency Anon. Proxies + Low latency + No overhead from slow crypto Network Security Traffic analysis and anonymization 20

Mix Nets vs. Anonymizing proxies Mix Nets + No single point of failure (with cascading) + Inbound/output-traffic analysis does not de-anonymize + Generally good anonymity Slow public-key cryptography (at least in vanilla mix nets) Long latency Anon. Proxies + Low latency + No overhead from slow crypto Single point of failure Inbound/output-traffic analysis de-anonymizes Fairly weak anonymity Network Security Traffic analysis and anonymization 20

Mix Nets vs. Anonymizing proxies Mix Nets + No single point of failure (with cascading) + Inbound/output-traffic analysis does not de-anonymize + Generally good anonymity Slow public-key cryptography (at least in vanilla mix nets) Long latency Anon. Proxies + Low latency + No overhead from slow crypto Single point of failure Inbound/output-traffic analysis de-anonymizes Fairly weak anonymity Idea of Tor (The Onion Router): Combine advantages: Use cascade of proxies, called Tor relays or Tor nodes Use fast symmetric crypto instead of asymmetric crypto Network Security Traffic analysis and anonymization 20

Onion Routing and Tor Assume that user shares symmetric keys with three relays: Entry relay R1 (key K R1 ) Guard relay R2 (key K R2 ) Exit relay R3 (key K R3 ) Wants to anonymously send request to www.wikileaks.org Request Network Security Traffic analysis and anonymization 21

Onion Routing and Tor Assume that user shares symmetric keys with three relays: Entry relay R1 (key K R1 ) Guard relay R2 (key K R2 ) Exit relay R3 (key K R3 ) Encrypted with K R3 to www.wikileaks.org Wants to anonymously send request to www.wikileaks.org Prepares packet as follows: Write dest. www.wikileaks.org, encrypt with K R3 Request Network Security Traffic analysis and anonymization 21

Onion Routing and Tor Encrypted with K R2 to R 3 Encrypted with K R3 to www.wikileaks.org Assume that user shares symmetric keys with three relays: Entry relay R1 (key K R1 ) Guard relay R2 (key K R2 ) Exit relay R3 (key K R3 ) Wants to anonymously send request to www.wikileaks.org Prepares packet as follows: Write dest. www.wikileaks.org, encrypt with K R3 Write dest. R3 encrypt with K R2 Request Network Security Traffic analysis and anonymization 21

Onion Routing and Tor Encrypted with K R1 to R 2 Encrypted with K R2 to R 3 Encrypted with K R3 to www.wikileaks.org Request Assume that user shares symmetric keys with three relays: Entry relay R1 (key K R1 ) Guard relay R2 (key K R2 ) Exit relay R3 (key K R3 ) Wants to anonymously send request to www.wikileaks.org Prepares packet as follows: Write dest. www.wikileaks.org, encrypt with K R3 Write dest. R3 encrypt with K R2 Write dest. R2 encrypt with K R1 Network Security Traffic analysis and anonymization 21

Onion Routing and Tor Encrypted with K R1 to R 2 Encrypted with K R2 to R 3 Encrypted with K R3 to www.wikileaks.org Request Assume that user shares symmetric keys with three relays: Entry relay R1 (key K R1 ) Guard relay R2 (key K R2 ) Exit relay R3 (key K R3 ) Wants to anonymously send request to www.wikileaks.org Prepares packet as follows: Write dest. www.wikileaks.org, encrypt with K R3 Write dest. R3 encrypt with K R2 Write dest. R2 encrypt with K R1 Send this packet to R 1 Network Security Traffic analysis and anonymization 21

Onion Routing and Tor Encrypted with K R1 to R 2 R 1 receives packet, removes encryption with K R1 Encrypted with K R2 to R 3 Encrypted with K R3 to www.wikileaks.org Request Network Security Traffic analysis and anonymization 21

Onion Routing and Tor to R 2 Encrypted with K R2 R 1 receives packet, removes encryption with K R1 Sees next destination: R 2, forwards to R 3 Encrypted with K R3 to www.wikileaks.org Request Network Security Traffic analysis and anonymization 21

Onion Routing and Tor Encrypted with K R2 to R 3 R 1 receives packet, removes encryption with K R1 Sees next destination: R 2, forwards R 2 receives packet, removes encryption with K R2 Encrypted with K R3 to www.wikileaks.org Request Network Security Traffic analysis and anonymization 21

Onion Routing and Tor to R 3 Encrypted with K R3 R 1 receives packet, removes encryption with K R1 Sees next destination: R 2, forwards R 2 receives packet, removes encryption with K R2 Sees next destination: R 3, forwards to www.wikileaks.org Request Network Security Traffic analysis and anonymization 21

Onion Routing and Tor Encrypted with K R3 to www.wikileaks.org R 1 receives packet, removes encryption with K R1 Sees next destination: R 2, forwards R 2 receives packet, removes encryption with K R2 Sees next destination: R 3, forwards R 3 receives packet, removes encryption with K R3 Request Network Security Traffic analysis and anonymization 21

Onion Routing and Tor to www.wikileaks.org Request R 1 receives packet, removes encryption with K R1 Sees next destination: R 2, forwards R 2 receives packet, removes encryption with K R2 Sees next destination: R 3, forwards R 3 receives packet, removes encryption with K R3 Sees next destination: www.wikileaks.org, sends request Network Security Traffic analysis and anonymization 21

Reply from www.wikileaks.org R 3 receives reply from www.wikileaks.org Reply Network Security Traffic analysis and anonymization 22

Reply from www.wikileaks.org Encrypted with K R3 R 3 receives reply from www.wikileaks.org R 3 encrypts with K R3, sends to R 2 Reply Network Security Traffic analysis and anonymization 22

Reply from www.wikileaks.org Encrypted with K R2 R 3 receives reply from www.wikileaks.org R 3 encrypts with K R3, sends to R 2 Encrypted with K R3 R 2 encrypts with K R2, sends to R 1 Reply Network Security Traffic analysis and anonymization 22

Reply from www.wikileaks.org Encrypted with K R1 Encrypted with K R2 R 3 receives reply from www.wikileaks.org R 3 encrypts with K R3, sends to R 2 Encrypted with K R3 R 2 encrypts with K R2, sends to R 1 R 1 encrypts with K R1, sends to Tor client Reply Network Security Traffic analysis and anonymization 22

Establishing a Circuit Request listing of Tor nodes from directory server (DS) Network Security Traffic analysis and anonymization 23

Establishing a Circuit Pick entry, guard, and exit node; obtain their public keys from DS Network Security Traffic analysis and anonymization 23

Establishing a Circuit Exchange symmetric key with entry node (Diffie-Hellman) Network Security Traffic analysis and anonymization 23

Establishing a Circuit Exchange key with guard node (proxied by entry node!) Network Security Traffic analysis and anonymization 23

Establishing a Circuit Exchange key with exit node (proxied by entry and guard node!) Network Security Traffic analysis and anonymization 23

Establishing a Circuit Communicate with Bob (www.wikileaks.org) Network Security Traffic analysis and anonymization 23

Attacks against Tor, part I Tor offers anonymity up to the transport layer Tor cannot offer application-level anonymity Example: I connect through Tor to a website and enter on that website: My name is Peter Schwabe, I live in the Netherlands, my IP address is 83.163.166.232. Network Security Traffic analysis and anonymization 24

Attacks against Tor, part I Tor offers anonymity up to the transport layer Tor cannot offer application-level anonymity Example: I connect through Tor to a website and enter on that website: My name is Peter Schwabe, I live in the Netherlands, my IP address is 83.163.166.232. Various Bittorrent clients do precisely this: send the IP address as part of application data Conclusion: Bittorrent over Tor isn t a good idea Network Security Traffic analysis and anonymization 24

Attacks against Tor, part I Tor offers anonymity up to the transport layer Tor cannot offer application-level anonymity Example: I connect through Tor to a website and enter on that website: My name is Peter Schwabe, I live in the Netherlands, my IP address is 83.163.166.232. Various Bittorrent clients do precisely this: send the IP address as part of application data Conclusion: Bittorrent over Tor isn t a good idea Browsers are easily identifiable, see Panopticlick by EFF Conclusion: Use the Tor browser (modified Firefox) Network Security Traffic analysis and anonymization 24

Attacks against Tor, part I Tor offers anonymity up to the transport layer Tor cannot offer application-level anonymity Example: I connect through Tor to a website and enter on that website: My name is Peter Schwabe, I live in the Netherlands, my IP address is 83.163.166.232. Various Bittorrent clients do precisely this: send the IP address as part of application data Conclusion: Bittorrent over Tor isn t a good idea Browsers are easily identifiable, see Panopticlick by EFF Conclusion: Use the Tor browser (modified Firefox) Tor re-uses an existing circuit for new TCP connections for 10 minutes Leaking your IP address to Bittorrent may also de-anonymize your browser session (bad apple attack)! Network Security Traffic analysis and anonymization 24

Attacks against Tor, part II Tor provides anonymity as long as not all three relays attack together Possible attack: control all three relays on a path Anybody can run Tor relays, so can, for example, the NSA Network Security Traffic analysis and anonymization 25

Attacks against Tor, part II Tor provides anonymity as long as not all three relays attack together Possible attack: control all three relays on a path Anybody can run Tor relays, so can, for example, the NSA Let s assume that NSA runs 1% of the Tor relays Each circuit has a 1/1, 000, 000 chance to be fully controlled by NSA Network Security Traffic analysis and anonymization 25

Attacks against Tor, part II Tor provides anonymity as long as not all three relays attack together Possible attack: control all three relays on a path Anybody can run Tor relays, so can, for example, the NSA Let s assume that NSA runs 1% of the Tor relays Each circuit has a 1/1, 000, 000 chance to be fully controlled by NSA Possible solution: longer circuits (problem: slower, less reliable) Network Security Traffic analysis and anonymization 25

Attacks against Tor, part II Tor provides anonymity as long as not all three relays attack together Possible attack: control all three relays on a path Anybody can run Tor relays, so can, for example, the NSA Let s assume that NSA runs 1% of the Tor relays Each circuit has a 1/1, 000, 000 chance to be fully controlled by NSA Possible solution: longer circuits (problem: slower, less reliable) Better solution: more non-nsa relays Network Security Traffic analysis and anonymization 25

Correlation attacks Tor is aiming at low latency (for web browsing etc.) Tor does not wait for traffic to do mixing Network Security Traffic analysis and anonymization 26

Correlation attacks Tor is aiming at low latency (for web browsing etc.) Tor does not wait for traffic to do mixing (Timing) correlation attack is still possible: Think of the whole Tor network as one big proxy Correlate traffic going into and out of this proxy Network Security Traffic analysis and anonymization 26

Correlation attacks Tor is aiming at low latency (for web browsing etc.) Tor does not wait for traffic to do mixing (Timing) correlation attack is still possible: Think of the whole Tor network as one big proxy Correlate traffic going into and out of this proxy Conclusion by Felix von Leitner (Fefe) on Aug 5, 2013: Tor ist tot. Tor basiert auf der Annahme, dass der Gegner nicht in der Lage ist, das gesamte Internet zu überwachen. Network Security Traffic analysis and anonymization 26

Correlation attacks Tor is aiming at low latency (for web browsing etc.) Tor does not wait for traffic to do mixing (Timing) correlation attack is still possible: Think of the whole Tor network as one big proxy Correlate traffic going into and out of this proxy Conclusion by Felix von Leitner (Fefe) on Aug 5, 2013: Tor is dead. Tor is based on the assumption, that the opponent does not have the whole Internet under surveillance Network Security Traffic analysis and anonymization 26

Correlation attacks Tor is aiming at low latency (for web browsing etc.) Tor does not wait for traffic to do mixing (Timing) correlation attack is still possible: Think of the whole Tor network as one big proxy Correlate traffic going into and out of this proxy Conclusion by Felix von Leitner (Fefe) on Aug 5, 2013: Tor is dead. Tor is based on the assumption, that the opponent does not have the whole Internet under surveillance Very controversial discussion ensued... see http://blog.fefe.de/?ts=af0134f5 Network Security Traffic analysis and anonymization 26

Tor stinks Snowden leaked NSA slides Tor stinks from 2007 Quotes from these slides: We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however no success de-anonymizing a user in response to a TOPI request/on demand. Network Security Traffic analysis and anonymization 27

Tor as censorship circumvention Various countries filter Internet traffic by destination address Most prominent example: Golden Shield Project ( Great Firewall of China ) Network Security Traffic analysis and anonymization 28

Tor as censorship circumvention Various countries filter Internet traffic by destination address Most prominent example: Golden Shield Project ( Great Firewall of China ) Firewalls and gateways cannot see the true destination of Tor traffic Tor is a powerful tool to circumvent censorship (e.g., in China) Network Security Traffic analysis and anonymization 28

Tor as censorship circumvention Various countries filter Internet traffic by destination address Most prominent example: Golden Shield Project ( Great Firewall of China ) Firewalls and gateways cannot see the true destination of Tor traffic Tor is a powerful tool to circumvent censorship (e.g., in China) Can also use Tor to circumvent country filters: Need an IP address in the US: use Tor with US exit node Network Security Traffic analysis and anonymization 28

Tor as censorship circumvention Various countries filter Internet traffic by destination address Most prominent example: Golden Shield Project ( Great Firewall of China ) Firewalls and gateways cannot see the true destination of Tor traffic Tor is a powerful tool to circumvent censorship (e.g., in China) Can also use Tor to circumvent country filters: Need an IP address in the US: use Tor with US exit node Need access to a specific paper: use Tor with exit node in some university Network Security Traffic analysis and anonymization 28

Bridges and pluggable transports Easy solution for censors: Obtain list of Tor nodes from directory server Block access to the Tor network (all relays) Network Security Traffic analysis and anonymization 29

Bridges and pluggable transports Easy solution for censors: Obtain list of Tor nodes from directory server Block access to the Tor network (all relays) Solution: Tor bridges (entry notes that are not in the public list) Obtain IP address of a bridge by visiting https://bridges.torproject.org/ writing e-mail to bridges@torproject.org Network Security Traffic analysis and anonymization 29

Bridges and pluggable transports Easy solution for censors: Obtain list of Tor nodes from directory server Block access to the Tor network (all relays) Solution: Tor bridges (entry notes that are not in the public list) Obtain IP address of a bridge by visiting https://bridges.torproject.org/ writing e-mail to bridges@torproject.org Censors can also block Tor by identifying Tor traffic Tor traffic is relatively easy to identify: Disguised as HTTPS traffic, but uses random domain names has a characteristic packet-size distribution Network Security Traffic analysis and anonymization 29

Bridges and pluggable transports Easy solution for censors: Obtain list of Tor nodes from directory server Block access to the Tor network (all relays) Solution: Tor bridges (entry notes that are not in the public list) Obtain IP address of a bridge by visiting https://bridges.torproject.org/ writing e-mail to bridges@torproject.org Censors can also block Tor by identifying Tor traffic Tor traffic is relatively easy to identify: Disguised as HTTPS traffic, but uses random domain names has a characteristic packet-size distribution Solution: fully disguise Tor traffic as other traffic Pluggable Transport API allows communication between ofuscator and Tor client Network Security Traffic analysis and anonymization 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback