Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Similar documents
Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

CS Paul Krzyzanowski

A SIMPLE INTRODUCTION TO TOR

0x1A Great Papers in Computer Security

Invisible Internet Project a.k.a. I2P

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Anonymity. Assumption: If we know IP address, we know identity

How Alice and Bob meet if they don t like onions

CS526: Information security

ENEE 459-C Computer Security. Security protocols

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

ENEE 459-C Computer Security. Security protocols (continued)

Anonymous Communications

Anonymous communications: Crowds and Tor

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

Protocols for Anonymous Communication

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

CS 134 Winter Privacy and Anonymity

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Privacy defense on the Internet. Csaba Kiraly

anonymous routing and mix nets (Tor) Yongdae Kim

FBI Tor Overview. Andrew Lewman January 17, 2012

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

Metrics for Security and Performance in Low-Latency Anonymity Systems

Anonymity Analysis of TOR in Omnet++

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Online Anonymity & Privacy. Andrew Lewman The Tor Project

Anonymity Tor Overview

2 ND GENERATION ONION ROUTER

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

Internet Crimes Against Children:

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Tor: Online anonymity, privacy, and security.

ANONYMOUS CONNECTIONS AND ONION ROUTING

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Tor: An Anonymizing Overlay Network for TCP

BBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1

CS November 2018

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Anonymous Communication and Internet Freedom

Internet Technology. 06. Exam 1 Review Paul Krzyzanowski. Rutgers University. Spring 2016

Anonymity. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Internet Technology 3/2/2016

CE Advanced Network Security Anonymity II

Network Security. Thierry Sans

Avoiding The Man on the Wire: Improving Tor s Security with Trust-Aware Path Selection

Anonymous Communication and Internet Freedom

Computer Security Exam 3 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

2 Application Support via Proxies Onion Routing can be used with applications that are proxy-aware, as well as several non-proxy-aware applications, w

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

CSE 565 Computer Security Fall 2018

A Peel of Onion. Paul Syverson U.S. Naval Research Laboratory.

Vulnerabilities in Tor: (past,) present, future. Roger Dingledine The Tor Project

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Anonymous Connections and Onion Routing

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Anonymity. With material from: Dave Levin and Michelle Mazurek

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Security and Anonymity

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

CS6740: Network security

CS 161 Computer Security

On the Internet, nobody knows you re a dog.

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Anonymity With material from: Dave Levin

Analysing Onion Routing Bachelor-Thesis

The New Cell-Counting-Based Against Anonymous Proxy

Cryptanalysis of a fair anonymity for the tor network

Network Control, Con t

Anonymity and censorship circumvention with Tor

L13. Reviews. Rocky K. C. Chang, April 10, 2015

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

Unit 4: Firewalls (I)

Onion services. Philipp Winter Nov 30, 2015

DFRI, Swedish Internet Forum 2012

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Transport Layer Security

Defining Anonymity in Networked Communication, version 1

«On the Internet, nobody knows you are a dog» Twenty years later

CPSC 467b: Cryptography and Computer Security

Tungsten Security Whitepaper

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

Best Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

Information Systems Security

You are the internet

CSC 6575: Internet Security Fall 2017

Transcription:

Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1

Private Browsing Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing, Google Chrome Incognito Mode, Microsoft InPrivate browsing What does it do Do not send stored cookies Do not allow servers to set cookies Do not use or save auto-fill information List of downloaded content At the end of a session Discard cached pages Discard browsing & search history Does not protect the user from viruses, phishing, or security attacks April 24, 2017 CS 419 2017 Paul Krzyzanowski 2

Is private browsing private? It doesn't leave too many breadcrumbs on your device It limits the ability of an attacker to use cookies But Your system may be logging outbound IP addresses Proxies know what you did so do firewalls & routers Your ISP knows who you are and where you went Web servers get your IP address Answer: not really April 24, 2017 CS 419 2017 Paul Krzyzanowski 3

Goal Communicate while preserving privacy Why? Avoid consequences (social, political, legal) E.g., political dissidents Avoid geolocation-based services Hide corporate activity (who's talking to whom) Perform private investigations Hide personal info, like searching about diseases you have April 24, 2017 CS 419 2017 Paul Krzyzanowski 4

Tor & The Tor Browser Tor = The Onion Router Tor Browser = preconfigured web browser that uses Tor Provide anonymous browsing Hosted on a collection of relays around the world Run by non-profits, universities, individuals 100K to millions of users Exact data unknown it's anonymous Terabytes of data routed each second April 24, 2017 CS 419 2017 Paul Krzyzanowski 5

History Onion routing developed in the mid 1990s at the U.S. Naval Research Laboratory to protect U.S. intelligence communications Additional work by the Defense Advanced Research Projects Agency (DARPA) Patented by the U.S. Navy in 1998 Naval Research Laboratory released to code for Tor under a free license The Tor Project Founded in 2006 as a non-profit organization with support of the EFF April 24, 2017 CS 419 2017 Paul Krzyzanowski 6

What is anonymity? Unobservability Inability of an observer to leak participants to actions Unlinkability Inability to associate an observer with a profile of actions E.g., Alice posts a blog under an assumed name Unlinkability = inability to link Alice to a specific profile April 24, 2017 CS 419 2017 Paul Krzyzanowski 7

Relay Alice Relay store.com Encrypt traffic between Alice & relay April 24, 2017 CS 419 2017 Paul Krzyzanowski 8

Relay Alice Relay store.com Eve, the eavesdropper Alice sends something here and something comes out here April 24, 2017 CS 419 2017 Paul Krzyzanowski 9

Relay with multiple parties A1 A2 A3 A4 A5 Relay store-1.com store-2.com store-3.com store-4.com store-5.com We can use encrypted connections (TLS) to hide network traffic What if someone eavesdrops on the relay? April 24, 2017 CS 419 2017 Paul Krzyzanowski 10

Multiple relays A1 Encrypted store-1.com A2 store-2.com A3 Relay 1 Relay 2 Relay 3 store-3.com A4 store-4.com A5 store-5.com Alice is doing something Someone is going to store-3.com You cannot see all activity at one relay April 24, 2017 CS 419 2017 Paul Krzyzanowski 11

Correlation Attack If an eavesdropper watches entry & exit of data She can correlate timing & size of data at the 1 st relay with outputs of the last relays If Alice sends a 2 KB request to Relay 1 at 19:12:15 and Relay 3 sends a 2 KB request to store-3.com at 19:12:16 and store-3.com sends a 150 KB response to Relay 3 at 19:12:17 and Alice receives a 150 KB response at 19:12:18 we're pretty sure Alice is talking to store-3.com April 24, 2017 CS 419 2017 Paul Krzyzanowski 12

Correlation Attack You can make a correlation attack attack difficult Pad or fragment messages to be the same size Queue up multiple messages, shuffle them, and transmit them at once This works in theory but is a pain in practice Extra latency, traffic You still need A LOT of users to ensure anonymity Relays should be hosted by third parties to get many different groups as input E.g., a relay within fbi.gov tells you all input comes from fbi.gov April 24, 2017 CS 419 2017 Paul Krzyzanowski 13

Circuits A1 Encrypted store-1.com A2 store-2.com A3 Relay 1 Relay 2 Relay 3 store-3.com A4 store-4.com A5 store-5.com Alice selects a list of relays through which her message will flow This path is called a circuit No node knows if the previous node is the originator or relay Only the final node (exit node) knows it is the last node April 24, 2017 CS 419 2017 Paul Krzyzanowski 14

Setting up a circuit (1) A1 Encrypted store-1.com A2 store-2.com A3 Relay 1 Relay 2 Relay 3 store-3.com A4 store-4.com A5 store-5.com Alice connects to Relay1 Sets up a TLS link to Relay 1 Does a one-way authenticated key exchange with Relay 1 agree on a symmetric key, S 1 Alice picks a circuit ID (e.g., 123) and asks Relay1 to create the circuit April 24, 2017 CS 419 2017 Paul Krzyzanowski 15

Setting up a circuit (2) A1 A2 Encrypted S 1 S 2 [circuit 456] store-1.com store-2.com A3 Relay 1 Relay 2 Relay 3 store-3.com A4 [circuit 123] store-4.com A5 store-5.com Alice extends the relay to Relay 2 Alice sends a message to Relay 1 : First part = "on circuit 1234, send Relay Extend to Relay 2 the message is encrypted with S 1 Relay 1 establishes a TLS link to Relay 2 (if it didn't have one) Second part of the message from Alice: initial handshake with Relay 2, encrypted with Relay 2 's public key Relay 2 picks a random circuit for identifying this data stream to Relay 2, e.g., 456 Circuit 123 on Relay 1 connects to Circuit 456 on Relay 2 Does a one-way authenticated key exchange with Relay 2 agree on a symmetric key, S 2 All traffic flows through Relay 1 and is encrypted with S 1 April 24, 2017 CS 419 2017 Paul Krzyzanowski 16

Setting up a circuit (3) A1 A2 Encrypted S 1 S 2 [circuit 456] S 3 store-1.com store-2.com A3 Relay 1 Relay 2 Relay 3 store-3.com A4 [circuit 123] store-4.com A5 store-5.com Alice extends the relay to Relay 3 Same process Alice sends a Relay Extend message to Relay 2 Messages to Relay 2 are encrypted with S 2 and then with S 1 E S1 ( E S2 (M) ) Relay 1 decrypts the message to identify its circuit (123) Routes message to Relay 2 on circuit 456 Circuit 123 is connected to circuit 456 April 24, 2017 CS 419 2017 Paul Krzyzanowski 17

Sending a message (5) A1 A2 Encrypted S 1 S 2 [circuit 456] S 3 store-1.com store-2.com A3 Relay 1 Relay 2 Relay 3 store-3.com A4 [circuit 123] store-4.com A5 store-5.com Alice sends a message to store-3.com Each router strips off a layer of encryption At the end: Directive to S 3 to open a TCP connection to store-3.com Send messages Get responses Store-3.com message Encrypted with S 3 Encrypted with S 2 Encrypted with S 1 April 24, 2017 CS 419 2017 Paul Krzyzanowski 18

Not a VPN Neither IP nor TCP packets are transmitted just data streams Too easy to identify the type of system by looking at TCP formats and responses Just take contents of TCP streams and relay the data End-to-end TLS works fine TLS sits on top of TCP it's just data going back and forth April 24, 2017 CS 419 2017 Paul Krzyzanowski 19

Finding nodes Ideally, everyone would use some of the same nodes Otherwise traffic would be distinguishable Multiple trusted parties supply node lists Merge lists together Union: if popularity-based, danger of someone flooding a list of nodes to capture traffic Intersection: someone can block out nodes Multiple parties vote on which nodes are running and behaving well Distributed consensus Clients get List of nodes and their public keys April 24, 2017 CS 419 2017 Paul Krzyzanowski 20

Is it anonymous? Not really You can do a correlation attack ISPs know who's talking to whom May need to access traces from multiple ISPs Can be really difficult if nodes have a lot of traffic (and it's similarly dense) Compromised exit node Exit node decrypts the final layer and contacts the service April 24, 2017 CS 419 2017 Paul Krzyzanowski 21

I2P and Garlic Routing I2P = Invisible Internet Project Tor uses "onion routing" Each message from the source is encrypted with one layer for each relay Garlic routing Combines multiple messages at a relay All messages, each with its own delivery instructions going to one relay are bundled together Makes traffic analysis more difficult Tor circuits are bidirectional: responses take the same path I2P "tunnels" are unidirectional One for outbound and one for inbound: the client builds both Sender gets acknowledgement of successful message delivery April 24, 2017 CS 419 2017 Paul Krzyzanowski 22

Services on top of I2P I2PTunnel: TCP connectivity Chat via IRC (Internet Relay Chat) File sharing BitTorrent imule (anonymous file sharing) I2Phex: Gnutella over I2P I2P-Bote: decentralized, anonymized email Messages signed by the sender's private key Anonymity via I2P and variable-rate delays Destinations are I2P-Bote addresses I2P-Messenger, I2P-Talk Syndie: Content publishing (blogs, forums) April 24, 2017 CS 419 2017 Paul Krzyzanowski 23

Tor: far more users more anonymity Focused on anonymous access to services I2P: focuses on anonymous hosting of services Uses a distributed hash table (DHT) for locating information on servers and routing Server addressing Uses cryptographic ID to identify routers and end services April 24, 2017 CS 419 2017 Paul Krzyzanowski 24

The end April 24, 2017 CS 419 2017 Paul Krzyzanowski 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback