Anonymity and censorship circumvention with Tor

Similar documents
Tor: Online anonymity, privacy, and security.

2012 in review: Tor and the censorship arms race. / Runa A. Sandvik /

Tor and circumvention: Lessons learned. Roger Dingledine The Tor Project

Anonymous Communications

Anonymous Network Concepts & Implementation

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

Anonymity, Usability, and Humans. Pick Two.

FBI Tor Overview. Andrew Lewman January 17, 2012

Anonymity Tor Overview

BBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1

Vulnerabilities in Tor: (past,) present, future. Roger Dingledine The Tor Project

A SIMPLE INTRODUCTION TO TOR

Tor: a brief intro. Roger Dingledine The Tor Project

Tor, a quick overview

Online Anonymity & Privacy. Andrew Lewman The Tor Project


DFRI, Swedish Internet Forum 2012

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

CS Paul Krzyzanowski

Understanding, Growing, & Extending Online Anonymity

(S//REL) Open Source Multi-Hop Networks

Tor update Roger Dingledine The Tor Project

0x1A Great Papers in Computer Security

Privacy Enhancing Technologies

Peeling Onions Understanding and using

Introduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh

Anonymous Communication and Internet Freedom

Anonymous Communication and Internet Freedom

Onion services. Philipp Winter Nov 30, 2015

How Alice and Bob meet if they don t like onions

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

Telex Anticensorship in the

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

Privacy SPRING 2018: GANG WANG

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Privacy defense on the Internet. Csaba Kiraly

Tor: a quick overview. Roger Dingledine The Tor Project

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

Tor and circumvention: Lessons learned. Roger Dingledine The Tor Project

Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P

ANONYMOUS CONNECTIONS AND ONION ROUTING

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Telex Anticensorship in the Network Infrastructure

Pluggable Transports Roadmap

Online Anonymity. Andrew Lewman June 8, 2010

Anonymity. With material from: Dave Levin and Michelle Mazurek

Anonymity. Assumption: If we know IP address, we know identity

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

anonymous routing and mix nets (Tor) Yongdae Kim

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols (continued)

Hiding Amongst the Clouds

CE Advanced Network Security Anonymity II

Metrics for Security and Performance in Low-Latency Anonymity Systems

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

SECURECOMM. JumpBox A Seamless Browser Proxy for Tor Pluggable Transports. Jeroen Massar, Farsight Security, Inc. IPv6 Golden Networks

Challenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London

Outline. Traffic multipliers. DoS against network links. Smurf broadcast ping. Distributed DoS

A Peel of Onion. Paul Syverson U.S. Naval Research Laboratory.

Network Security. Traffic analysis and anonymization. Radboud University Nijmegen, The Netherlands. Autumn 2014

The Parrot is Dead: Observing Unobservable Network Communications. Amir Houmansadr Chad Brubaker Vitaly Shmatikov

Anonymity With material from: Dave Levin

Anonymity. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

IP address. When you connect to another computer you send it your IP address.

Protocols for Anonymous Communication

Anonymous Browsing with Raspberry pi VPN/TOR Router

Tor: An Anonymizing Overlay Network for TCP

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

The Onion Routing Performance using Shadowplugin-TOR

Personalized Pseudonyms for Servers in the Cloud. Qiuyu Xiao (UNC-Chapel Hill) Michael K. Reiter (UNC-Chapel Hill) Yinqian Zhang (Ohio State Univ.

CS232. Lecture 21: Anonymous Communications

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Circumvention technology and its applications

CS526: Information security

Facade: High-Throughput, Deniable Censorship Circumvention Using Web Search

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

CS6740: Network security

Anonymous Communication with emphasis on Tor* *Tor's Onion Routing. Paul Syverson U.S. Naval Research Laboratory

CS 134 Winter Privacy and Anonymity

CS Final Exam

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Anon17: Network Traffic Dataset of Anonymity Services

CLIENT SERVER SYNERGY USING VPN

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

ANET: An Anonymous Networking Protocol

surveillance & anonymity cs642 computer security adam everspaugh

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

The Activist Guide to Secure Communication on the Internet. Introduction

Invisible Internet Project a.k.a. I2P

Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems

Transcription:

Anonymity and censorship circumvention with Tor Lunar <lunar@torproject.org> July 8th, 2013 LSM2013, Brussels

What is this Tor thing?

Tor helps people Estimated 500,000 daily Tor users cf. https://metrics.torproject.org/users.html

Different sorts of people Anonymity serves different interests for different user groups It s traffic-analysis resistance! Governments It s privacy! Human rights activists Anonymity Private citizens It s reachability! Businesses It s network security! Anonymity loves company...

What s Tor? tor is free software Running the Tor anonymity network Supported by The Tor Project, Inc., a 501(c)(3) non-profit US organization

Onion routing

Ideas behind onion routing The simplest design use a single relay to hide connections Alice1 X to Bob3 Y Bob1 Alice2 Alice3 Y to Bob1 Z to Bob2 Relay Z X Bob2 Bob3 (example: some commercial proxy providers)

Ideas behind onion routing But a single relay (or eavesdropper!) is a single point of failure Alice1 Alice2 Alice3 X to Bob3 Y to Bob1 Z to Bob2 Evil relay Y Z X Bob1 Bob2 Bob3

Ideas behind onion routing... or a single point of bypass (timing analysis allows to match sources and destinations) Alice1 X to Bob3 Y Bob1 Alice2 Alice3 Y to Bob1 Z to Bob2 Relay Z X Bob2 Bob3

Ideas behind onion routing So, add multiple relays so that no single one can betray Alice Alice Bob R1 R3 R4 R2 R5

Ideas behind onion routing A corrupt first hop can tell that Alice is talking, but not to whom Alice Bob R1 R3 R4 R2 R5

Ideas behind onion routing A corrupt final hop can tell that somebody is talking to Bob, but not who Alice Bob R1 R3 R4 R2 R5

Ideas behind onion routing Alice makes a session key with R1... and then tunnels to R2... and to R3 Alice Bob1 R1 R3 Bob2 R4 R2 R5

The Tor network

The Tor network nearly 4000 relays around 3600 volunteer operators current total measured bandwidth 35 Gb/s diversity issue: a mere 40 relays see 80% of the total traffic

The Tor network relays with at least 100 Mbit/s of capacity 4001 relays (500 visible) 2013-07-07 14:00:00 smaller relays

Using Tor

Using Tor: the Tor Browser Bundle

Using Tor: the Tails live system

Using Tor: Orbot and Orweb

Circumventing censorship

Tor helps circumventing censorship Alice Bob R1 R3 R4 R2 R5 Tor routes around censorship

Censors do not want Tor The list of Tor relays is public Upside: server administrators can block exit nodes if they really need to Downside: allow blocking access to the Tor network Direct Tor connections are currently blocked in China, Iran, Kazakhstan, Syria, the Philippines,

Bridges Limited kind of Tor relay Private entry point in the Tor network Different pool of bridge addresses Some bridges are completely private But the arm race goes on...

Censors really do not want Tor Tor traffic is recognizable Deep Packet Inspection became pervasive

Obfuscated bridges obfsproxy makes traffic to a bridge looks like random noise Pluggable transport framework to enable research But the arm race goes on...

Further developments Shared secret against active probing New obfuscation protocols: Flashproxy Scramblesuit Format Transforming Encryption More?

Tor is not magic

Tor does not solve all problems Threat model: what can the attacker do? Ali ce watch Alice! Anonymity network Control part of the network! Bob watch (or be!) Bob!

Case study I present you Wendy.

Case study I present you Wendy. Wendy works at ACME, Corp.

Case study I present you Wendy. Wendy works at ACME, Corp. She discovers that ACME is releasing toxic waste in the environment.

Case study I present you Wendy. Wendy works at ACME, Corp. She discovers that ACME is releasing toxic waste in the environment. She wants the word out.

Case study

Case study How to hide who s blowing the whistle?

Case study In order to publish pictures and other documents about the issue: Create a blog on a free service. Always connected using Tor. Pros: provider is unable to tell Wendy s location Cons: provider might shut down the blog in case of troubles

Case study Should Wendy work on her blog at work? Tor traffic might stand out obfsproxyssh could do the trick, but not integrated yet

Case study Should Wendy work on her blog at home? Watch out for traffic confirmation attacks!

Case study Few people can possibly know about this Tor is a low-latency network Monitoring Wi-Fi requires nothing more than being at range Packet flow can match the pattern of publishing a blog post

Case study Make traffic confirmation attacks harder: Blur the local traffic by participating in torrents Blur the remote traffic by uploading unrelated files to the blog provider Set a publication date so the blog post does not appear immediately after

Case study Another option would be to get a journalist to write about the story. But we need to train journalists in secure communications!

Case study What if her computer gets searched or attacked by a malware planted by the company? Use Tails: No traces on her computers Live systems are a lot harder to compromise

Case study Yet another pitfall: metadata. Digital cameras embed date, time, serial numbers and other information in picture file. Tails ships with the Metadata Anonymization Toolkit which can easily remove them.

Case study Summary of a possible solution: Always use Tails Strip metadata using MAT Publish on a blog on a free platform Articles can be prepared at home The blog takes care of publishing the article at a later time Wendy should try to imitate someone else writing style to resist stylometry analysis.

Want to help?

The Tor ecosystem tor

torservers.net The Tor ecosystem Torperf torflow Onionoo brdgrd bulkexitlist torsocks Tor Weekly News Stem Orbot HTTPS Everywhere Scramblesuit Gibberbot Puppetor libevent hidden services Flashproxy Gettor weather BridgeDB anonbib TorBEL tor-ramdisk network history Torouter relay bridge OONI TorBirdy check obfsproxy metrics Tor Weather tor-fw-helper txtorcon tor2web Whonix Tor Browser tor DocTor Compass directory authorities Nymble torperf censorship-timeline arm Atlas stem User support Tails client Chutney qubes torspec translations MAT NoScript Stegotorus Orweb openssl Noisetor Nos Oignons Shadow Skypemorph ExperimenTor tlsdate onioncat exitauth ttdnsd bwauth ttdnsd Torflow ExoneraTor Tor cloud

Help is more than welcome! Support Translations Development (C, Python, C++, JavaScript, Java, ) Research Testing Documentation Outreach Financial support

Questions? English support: help@rt.torproject.org French support: help-fr@rt.torproject.org Press requests: execdir@toproject.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback