A SIMPLE INTRODUCTION TO TOR

Similar documents
0x1A Great Papers in Computer Security

Protocols for Anonymous Communication

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

ENEE 459-C Computer Security. Security protocols

CS 134 Winter Privacy and Anonymity

ENEE 459-C Computer Security. Security protocols (continued)

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

CS526: Information security

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

CE Advanced Network Security Anonymity II

Anonymous communications: Crowds and Tor

Privacy defense on the Internet. Csaba Kiraly

2 ND GENERATION ONION ROUTER

Anonymity. Assumption: If we know IP address, we know identity

Tor: An Anonymizing Overlay Network for TCP

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Anonymity Analysis of TOR in Omnet++

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Tor: Online anonymity, privacy, and security.

CS Paul Krzyzanowski

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Onion services. Philipp Winter Nov 30, 2015

anonymous routing and mix nets (Tor) Yongdae Kim

Anonymity. With material from: Dave Levin and Michelle Mazurek

How Alice and Bob meet if they don t like onions

Analysing Onion Routing Bachelor-Thesis

What's the buzz about HORNET?

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

The New Cell-Counting-Based Against Anonymous Proxy

CS6740: Network security

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Anonymous Communications

PrivCount: A Distributed System for Safely Measuring Tor

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Challenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London

Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

Tor: The Second-Generation Onion Router

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Metrics for Security and Performance in Low-Latency Anonymity Systems

Analysis on End-to-End Node Selection Probability in Tor Network

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems

The Loopix Anonymity System

Lecture 13 Page 1. Lecture 13 Page 3

Anonymous Communication and Internet Freedom

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

Anonymous Communication and Internet Freedom

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

CSC Network Security

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems

CSC 4900 Computer Networks: Security Protocols (2)

Achieving Privacy in Mesh Networks

Internet Networking recitation #

Please ensure answers are neat and legible. Illegible answers may be given no points.

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

A New Replay Attack Against Anonymous Communication Networks

Onion Routing. 1) Introduction. 2) Operations. by Harikrishnan S (M.Tech CSE) Ramji Nagariya (M.S CSE), Sai Sambhu J (M.Tech CSE).

Introducing SOR: SSH-based Onion Routing

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

Personalized Pseudonyms for Servers in the Cloud. Qiuyu Xiao (UNC-Chapel Hill) Michael K. Reiter (UNC-Chapel Hill) Yinqian Zhang (Ohio State Univ.

Host Website from Home Anonymously

Privacy SPRING 2018: GANG WANG

Share Count Analysis HEADERS

Tungsten Security Whitepaper

Anonymity and censorship circumvention with Tor

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

Computer Security and Privacy

Privacy Enhancing Technologies CSE 701 Fall 2017

EEC-682/782 Computer Networks I

WAVE: A decentralised authorization system for IoT via blockchain smart contracts

Lecture 12 Page 1. Lecture 12 Page 3

Anonymity in P2P Systems

Network Security. Thierry Sans

IPsec NAT Transparency

On the Internet, nobody knows you re a dog.

Network Security Chapter 8

Analyzing the Effectiveness of Passive Correlation Attacks on the Tor Anonymity Network

Core: A Peer-To-Peer Based Connectionless Onion Router

Deanonymizing Tor. Colorado Research Institute for Security and Privacy. University of Denver

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Anonymity and Privacy

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

VPN Overview. VPN Types

Real-time protocol. Chapter 16: Real-Time Communication Security

CS 494/594 Computer and Network Security


Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Transcription:

A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore

May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that passes through them Routing information is public IP packet headers identify source and destination Even a passive observer can easily figure out who is talking to whom Encryption does not hide identities Encryption hides payload, but not routing information Even IP-level encryption (tunnel-mode IPsec/ESP) reveals IP addresses of IPsec gateways

May 2015 Tor 3 Anonymity Anonymity = the person is not identifiable within a set of subjects You cannot be anonymous by yourself! Big difference between anonymity and confidentiality Hide your activities among others similar activities Unlinkability of action and identity For example, sender and his email are no more related after adversary s observations than they were before Unobservability (hard to achieve) Adversary can t even tell whether someone is using a particular system and/or protocol

May 2015 Tor 4 Attacks on Anonymity Passive traffic analysis Infer from network traffic who is talking to whom Active traffic analysis Inject packets or put a timing signature on packet flow Compromise of network nodes Attacker may compromise some routers It is not obvious which nodes have been compromised Attacker may be passively logging traffic Better not to trust any individual router Can assume that some fraction of routers is good, but don t know which

May 2015 Tor 5 Tor Deployed onion routing network http://torproject.org Specifically designed for low-latency anonymous Internet communications Running since October 2003 Thousands of relay nodes, 100K-500K? of users Easy-to-use client proxy, integrated Web browser Tor is a distributed anonymous communication service using an overlay network that allows people and groups to improve their privacy and security on the Internet. Individuals use Tor to keep websites from tracking them, or to connect to those internet services blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site.

May 2015 Tor 6

May 2015 Tor 7

May 2015 Tor 8

May 2015 Tor 9

May 2015 Tor 10 Components of Tor Client: the user of the Tor network Server: the target TCP applications such as web servers Tor (onion) router: the special proxy relays the application data Directory server: servers holding Tor router information

May 2015 Tor 11 Tor operations 1

May 2015 Tor 12 Tor operations 2

May 2015 Tor 13 Tor operations 3

May 2015 Tor 14 How Tor Works? --- Onion Routing Alice Bob M M OR2 C2 C3 M M OR1 C1 C2 C3 OR3 Port A circuit is built incrementally one hop by one hop Onion-like encryption Alice negotiates an AES key with each router Messages are divided into equal sized cells Each router knows only its predecessor and successor Only the Exit router (OR3) can see the message, however it does not know where the message is from

May 2015 Tor 15 How Onion Routing Works u User u running client 1 2 5 4 Routers running servers d 3 Internet destination d 9

May 2015 Tor 16 How Onion Routing Works 1 2 u 5 3 4 d 1. u creates l-hop circuit through routers 9

May 2015 Tor 17 How Onion Routing Works 1 2 u 5 3 4 d 1. u creates l-hop circuit through routers 9

May 2015 Tor 18 How Onion Routing Works 1 2 u 5 3 4 d 1. u creates l-hop circuit through routers 9

May 2015 Tor 19 How Onion Routing Works 1 2 u 5 3 4 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 9

May 2015 Tor 20 How Onion Routing Works {{{m} 3 } 4 } 1 1 2 u 5 4 3 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged 9

May 2015 Tor 21 How Onion Routing Works u 5 1 2 {{m} 3 } 4 3 4 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged 9

May 2015 Tor 22 How Onion Routing Works 1 2 u 5 4 3 {m} 3 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged 9

May 2015 Tor 23 How Onion Routing Works 1 2 u 5 3 4 m d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged 9

May 2015 Tor 24 How Onion Routing Works 1 2 u 5 3 4 m d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged 9

May 2015 Tor 25 How Onion Routing Works 1 2 u 5 4 3 {m } 3 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged 9

May 2015 Tor 26 How Onion Routing Works u 1 2 {{m } 3 } 4 5 3 4 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged 9

May 2015 Tor 27 How Onion Routing Works {{{m } 3 } 4 } 1 1 2 u 5 3 4 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged 9

May 2015 Tor 28 How Onion Routing Works 1 2 u 5 3 4 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged. 4. Stream is closed.

May 2015 Tor 29 How Onion Routing Works 1 2 u 5 3 4 d 1. u creates l-hop circuit through routers 2. u opens a stream in the circuit to d 3. Data are exchanged. 4. Stream is closed. 5. Circuit is changed every few minutes. 9

May 2015 Tor 30 Tor Circuit Setup (1) Client proxy establish a symmetric session key and circuit with relay node #1

May 2015 Tor 31 Tor Circuit Setup (2) Client proxy extends the circuit by establishing a symmetric session key with relay node #2 Tunnel through relay node #1 - don t need!

May 2015 Tor 32 Tor Circuit Setup (3) Client proxy extends the circuit by establishing a symmetric session key with relay node #3 Tunnel through relay nodes #1 and #2

May 2015 Tor 33 Using a Tor Circuit Client applications connect and communicate over the established Tor circuit Datagrams decrypted and re-encrypted at each link

May 2015 Tor 34 Commands in Use

May 2015 Tor 35 Additional functionality Integrity checking Only done at the edges of a stream SHA-1 digest of data sent and received First 4 bytes of digest are sent with each message for verification OR-to-OR congestion might happen if too many users choose the same OR-to-OR connection. Circuit Level throttling 2 windows keep track of relay data to be transmitted to other ORs (packaging window) and data transmitted out of the network (delivery window) Windows are decremented after forwarding packets and increments on a relay sendme message towards OP with streamid zero. When a window reaches 0, no messages are forwarded

May 2015 Tor 36 Design Overlay network on the user level Onion Routers (OR) route traffic Onion Proxy (OP) fetches directories and creates virtual circuits on the network on behalf of users. Uses TCP with TLS All data is sent in fixed size (bytes) cells

May 2015 Tor 37 Using Tor Many applications can share one circuit Multiple TCP streams over one anonymous connection Tor router doesn t need root privileges Encourages people to set up their own routers More participants = better anonymity for everyone Directory servers Maintain lists of active relay nodes, their locations, current public keys, etc. Control how new nodes join the network Sybil attack : attacker creates a large number of relays Directory servers keys ship with Tor code

May 2015 Tor 38 Hidden Services Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it Accessible from anywhere Resistant to censorship, denial of service, physical attack Network address of the server is hidden, thus can t find the physical server

May 2015 Tor 39 Hidden Service and Rendezvous Points Location-hidden services allow Bob to offer a TCP service without revealing his IP address. Tor accommodates receiver anonymity by allowing location hidden services Design goals for location hidden services Access Control: filtering incoming requests Robustness: maintain a long-term pseudonymous identity Smear-resistance: against socially disapproved acts Application transparency Location hidden service leverage rendezvous points

May 2015 Tor 40 Setting up a hidden service 1

May 2015 Tor 41 Setting up a hidden service 2

May 2015 Tor 42 Setting up a hidden service 3

May 2015 Tor 43 Setting up a hidden service 4

May 2015 Tor 44 Setting up a hidden service 5

May 2015 Tor 45 Setting up a hidden service 6

May 2015 Tor 46 hidden services examples

May 2015 Tor 47 how Google treats Tor

May 2015 Tor 48 crypto market

May 2015 Tor 49 more insight https://svn.torproject.org/svn/projects/design-paper/tordesign.pdf http://freehaven.net/anonbib/ https://www.torproject.org/docs/hidden-services.html.en https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback