current events in tor development
play

Current events in Tor development. Roger Dingledine The Tor - PowerPoint PPT Presentation

Feb 04, 2024 •248 likes •680 views

Current events in Tor development. Roger Dingledine The Tor Project https://torproject.org/ 1 Outline Crash course on Tor Technical (recent past) Policy / law / censorship Technical (future) Things we need help with 2

  1. Current events in Tor development. Roger Dingledine The Tor Project https://torproject.org/ 1

  2. Outline ● Crash course on Tor ● Technical (recent past) ● Policy / law / censorship ● Technical (future) ● Things we need help with 2

  3. Tor: Big Picture ● Freely available (Open Source), unencumbered. ● Comes with a spec and full documentation: Dresden, Aachen, and Yale groups implemented compatible Java Tor clients; researchers use it to study anonymity. ● 2000 active relays, 200000+ active users, >1Gbit/s. ● Official US 501(c)(3) nonprofit. Three full-time developers, dozens more dedicated volunteers. ● Funding from US DoD, Electronic Frontier Foundation, Voice of America, ...you? 3

  4. Anonymity serves different interests for different user groups. Governments Businesses Anonymity “It's privacy!” Private citizens 4

  5. Anonymity serves different interests for different user groups. Governments Businesses “It's network security!” Anonymity “It's privacy!” Private citizens 5

  6. Anonymity serves different interests for different user groups. Governments Businesses “It's traffic-analysis resistance!” “It's network security!” Anonymity “It's privacy!” Private citizens 6

  7. The simplest designs use a single relay to hide connections. Bob1 Alice1 E(Bob3,“X”) “Y” Relay Alice2 “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 (example: some commercial proxy providers) 7

  8. But a single relay is a single point of failure. Bob1 Alice1 E(Bob3,“X”) “Y” Evil Alice2 Relay “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 Eavesdropping the relay works too. 8

  9. So, add multiple relays so that no single one can betray Alice. Bob Alice R1 R3 R5 R4 R2 9

  10. A corrupt first hop can tell that Alice is talking, but not to whom. Bob Alice R1 R3 R5 R4 R2 10

  11. A corrupt final hop can tell that somebody is talking to Bob, but not who. Bob Alice R1 R3 R5 R4 R2 11

  12. Alice makes a session key with R1 ...And then tunnels to R2...and to R3 Bob Alice R1 R3 Bob2 R5 R4 R2 12

  13. Outline ● Crash course in Tor ● Technical (recent past) ● Policy / law / censorship ● Technical (future) ● Things we need help with 13

  14. New v3 directory protocol ● There are two phases of directory information: fetching the network status, and fetching all the descriptors. ● We've changed phase one from fetching 5 network statuses (and computing the majority locally) to fetching just one consensus. ● Still room for optimizing phase two 14

  15. Governments and other firewalls can just block the whole Tor network. S Alice S S X Alice X S 15

  16. Alice Alice Alice Blocked Alice Alice User R3 Alice Blocked R4 Bob User Alice Alice R2 Blocked User Alice R1 Alice Blocked Alice User Alice Blocked Alice User Alice Alice 16

  17. “Bridge” relays ● Encrypted directory requ ests (over the same port as other Tor traffic) ● Make Tor's TLS handshake look more like Firefox+Apache ● Integration into Vidalia ● https://bridges.torproject.org/ or request by unique gmail address 17

  18. Improved Torbutton ● Torbutton used to just toggle your proxy settings on and off. ● The new version turns off cache, cookies, plugins, doesn't leak your time zone, and blocks many other attacks 18

  19. Easier for users to be relays ● Rate limit relayed traff ic separately from your own traffic ● Automatic IP address detection, bandwidth estimates ● Write limiting as well as read limiting; traffic priorities to make the best use of available bandwidth 19

  20. Many good research papers in 2007 ● Nick Hopper's CCS paper on client latency attacks ● Steven Murdoch's PET paper on sampled traffic analysis at Internet exchanges ● Bauer et al's WPES paper on low-resource Sybil attacks: lying about your bandwidth, uptime, etc ● (Tor's guard nodes are lookingly increasingly good) ● http://freehaven.net/anonbib/ for many more! 20

  21. Outline ● Crash course in Tor ● Technical (recent past) ● Policy / law / censorship ● Technical (future) ● Things we need help with 21

  22. Data retention ● Remember our threat model: even one hop in Germany may be too many ● How many layers o f logging are there? If your ISP logs, and its ISP logs, ... ● How safe are these logs? Who can access them? ● If nothing is really enforced until 2009, no need to change technical designs immediately. But that means you need to act! 22

  23. Law enforcement ● Some Tor-induced raids in Germany over the past year(s) ● We really need to teach law enforcement officers more about Tor -- and about Internet security in general. ● Please introduce me to German law enforcement! 23

  24. Lawyers in Germany ● The US's notion of “legal precedent” makes groups like EFF worth while. In Germany, it feels like each case is on its own. ● We need to get more European lawyers involved. Meet them, teac h them about Tor. Introduce them to each other. ● Can we make a “German Tor Legal FAQ”? 24

  25. Snooping on Exit Relays ● Lots of press lately about people watching traffic coming out of Tor. (Ask your lawyer first...) ● Tor hides your location; it doesn't magically encrypt all traffic on the Internet. ● Though Tor does protect from your local network. ● Torflow and setting plaintext pop/imap “traps” ● Need to educate users? 25

  26. File-sharing traffic ● Theory: Tor is slow because a handful of people are running file-sharing apps on it ● We could traffic shape high-volume flows. But: BitTorrent is designed to resist this. ● We could run protocol analysis tools on the exit relays, and snipe bad protocols ● But: liability, neutrality 26

  27. Who runs the relays? ● At the beginning, you needed to know me to have your relay considered“verified”. ● We've automated much of the “is it broken?” checking. ● Still a tension between having lots of relays and knowing all the relay operators 27

  28. GeoIP reporting? ● We'd really like to get a sense of how many people are using the Tor network, and from where, so we can know what to focus on. ● But it's an anonymity network! ● Directory mirrors can see wh o asks for info, but we'd like to fix that (“directory guards”) ● Perhaps relays report aggregated dail y stats? 28

  29. Problem: Abusive users get the whole network blocked. Nice /. X Alice Tor network Jerk X wikipedia Alice X Some IRC networks 29

  30. Internet services: blocking (1) ● Many admins think Tor has 6 users. If they see 1 jerk, they conclude that Tor is stupid. ● Right now Wikipedia blocks many many thousands of IP addresses. And they still have problems: AOL, open proxies, Tor, ... 30

  31. Internet services: blocking (2) ● Wikipedia doesn't want to introduce barriers to contributors. But they could add speedbumps only for IPs they currently block! ● Accounts need to prove that they're worthwhile: manually verify the first few edits, and whitelist after that. ● Should send the abusers back to their open proxies, AOL, neighbor's wireless, etc 31

  32. Internet services: blocking (3) ● Other options that don't require as many changes to Wikipedia ● Nym (Jason Holt) and Nymble (Dartmouth) make users demonstrate a scarce resource (e.g. an IP address). Then they let websites block further edits from that user without needing to learn his IP address. 32

  33. Internet services: blocking (4) ● Tor's “DNS exit list” gives an RBL-style interface for looking up whether a given connection is from a Tor exit relay. We want to make it as easy as possible for websites to block accurately; then help them handle Tor. ● Note that blocking connections from the Tor network and blocking connections to the Tor network are different. 33

  34. Outline ● Crash course in Tor ● Technical (recent past) ● Policy / law / censorship ● Technical (future) ● Things we need help with 34

  35. Relay by default ● Vidalia should learn how to talk UPNP to routers ● Should auto rate limit so we don't overfill the user's pipe? ● How to scale the network? (Dir info size grows with # of relays; so does # of sockets) ● Windows networking is ... uniq ue. 35

  36. Incentives to relay ● Give people better performance if they re lay? ● Need to be careful – many ways to screw up anonymity ● Let directory authorities do audits and assign gold stars to well-behaving relays in the directory consensus. Circuits from those relays get priority. ● If it adds enough relays, everybody benefits. 36

  37. UDP Transport ● Tor's use of TCP means relays use many many sockets. It also means hop-by-hop congestion recovery. And we can only transport TCP. ● DTLS now exists. ● More research / hacking remains. 37

  38. Packaging ● Tor browser bundle: Tor, Vidalia, Firefox, Torbutton, Polipo for USB stick ● JanusVM, Xerobank virtual machine ● Incognito LiveCD ● Wireless router images? ● Firefox plugin? 38

  39. Better load balancing ● Upcoming NDSS paper by Nikita Borisov and Robin Snader on more accurate (and less gameable) bandwidth estimations. ● Mike Perry's measurements from TorFlow ● 3 hops vs 2 hops 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reading and rereading the Bible Who is your favourite king? Solomon Current events

Reading and rereading the Bible Who is your favourite king? Solomon Current events

Reading and rereading the Bible Who is your favourite king? Solomon Current events Current events Church and Politics The Daily Show and other shows like it Exodus (Moses) Monarchy (Solomon) Prophetic (Jeremiah,

362 views • 25 slides
Events Team CONTENTS 1) Event Categories 2) Major Events 3) Event timeline 4) Events

Events Team CONTENTS 1) Event Categories 2) Major Events 3) Event timeline 4) Events

CURRENT EVENTS IN THE CITY OF RYDE FESTIVALS AND EVENTS ADVISORY COMMITTEE 2018 Events Team CONTENTS 1) Event Categories 2) Major Events 3) Event timeline 4) Events Strategy Update Events Team Signature Event (Council) EVENT CATEGORIES

813 views • 16 slides
Class 4 @rwdkent Overview Current Events (10 min) Break (5 min) Explore RWD (25 min) CSS

Class 4 @rwdkent Overview Current Events (10 min) Break (5 min) Explore RWD (25 min) CSS

Class 4 @rwdkent Overview Current Events (10 min) Break (5 min) Explore RWD (25 min) CSS Hands-On (45 min) HTML Basics 2 Review (10 min) CodePen Challenge (45 min) CSS Lesson (30 min) Current Events in Web Design Explore RWD #3 HTML

949 views • 55 slides
MEDICAID & MANAGED CARE A Discussion of Current Events & Likely Changes Impacting HCH

MEDICAID & MANAGED CARE A Discussion of Current Events & Likely Changes Impacting HCH

MEDICAID & MANAGED CARE A Discussion of Current Events & Likely Changes Impacting HCH Providers & Consumers June 23, 2017 GOALS FOR TODAY To understand the current status of Medicaid and the changes being proposed at the

393 views • 25 slides
EventScotland Funding opportunities Bob MacFarlane // ABOUT US // EVENTS DIRECTORATE Business

EventScotland Funding opportunities Bob MacFarlane // ABOUT US // EVENTS DIRECTORATE Business

EventScotland Funding opportunities Bob MacFarlane // ABOUT US // EVENTS DIRECTORATE Business Development EventScotland Events (Industry) Team Scotland Portfolio of Events Sport and culture Corporate events Themed Years /

354 views • 24 slides
Creating Exhibitions in Response to Current Events Welcome! The webinar will begin at 2:00 p.m.

Creating Exhibitions in Response to Current Events Welcome! The webinar will begin at 2:00 p.m.

Creating Exhibitions in Response to Current Events Welcome! The webinar will begin at 2:00 p.m. CT. While you wait: 1. Download PDFs of the slides and handout under the Handouts tab of your control bar. 2. Confirm that your speakers

338 views • 30 slides
Steven Menking The Amateur Society Current Economic Events & Practical Philosophy 1

Steven Menking The Amateur Society Current Economic Events & Practical Philosophy 1

Steven Menking The Amateur Society Current Economic Events & Practical Philosophy 1 Educational and Professional Background Education Internships Professional Current 2 Disclaimers I am not a licensed financial

132 views • 11 slides
Whether You Like It Or Not: Being Prepared for the UAW Current Events in Bob Kings World Lewis

Whether You Like It Or Not: Being Prepared for the UAW Current Events in Bob Kings World Lewis

Whether You Like It Or Not: Being Prepared for the UAW Current Events in Bob Kings World Lewis T. Smoak Terry A. Clark OGLETREE, DEAKINS, NASH, SMOAK & CONSTANGY, BROOKS & SMITH, LLP STEWART, P.C. tclark@constangy.com

741 views • 32 slides
Outdoor Events & Parades Ordinance Presented by Jonathan Cook Events & Promotions

Outdoor Events & Parades Ordinance Presented by Jonathan Cook Events & Promotions

Outdoor Events & Parades Ordinance Presented by Jonathan Cook Events & Promotions Coordinator City of Waco Parks and Recreation Outdoor Events & Parades Ordinance Topics of Discussion Need for a New Ordinance Current

472 views • 19 slides
Class 3 @rwdkent Overview Current Events in Web Whiteboard Activity 2 Case Study Group 2 Spot

Class 3 @rwdkent Overview Current Events in Web Whiteboard Activity 2 Case Study Group 2 Spot

Class 3 @rwdkent Overview Current Events in Web Whiteboard Activity 2 Case Study Group 2 Spot the Error HTML Basics 1 Review HTML Basics 2 Hands On HTML Basics Part 2 Current Events in Web Apple Announcements HTML Basics 1 Review

725 views • 51 slides
Updated 3/30/2020 Agenda & Panelists Introductions Current State of Events Q

Updated 3/30/2020 Agenda & Panelists Introductions Current State of Events Q

Coronavirus Clinical Practice Recommendations for Virtua Health Affiliated Practices Updated 3/30/2020 Agenda & Panelists Introductions Current State of Events Q & A Dr. Tarun Kapoor Dr. Andy Cohen SVP Clinical

427 views • 15 slides
Web Services and Student Events Web Services and Student Events Vernon (Vern) Huber Asst.

Web Services and Student Events Web Services and Student Events Vernon (Vern) Huber Asst.

Web Services and Student Events Web Services and Student Events Vernon (Vern) Huber Asst. Dir. Application Development and DB Support (ADDS) University of Illinois at Springfield Student Events - CollegiateLinks UIS Connection licensed

498 views • 22 slides
http://www.sunybroomefa.org Calendar of SBFA Events Negotiations Updates Current

http://www.sunybroomefa.org Calendar of SBFA Events Negotiations Updates Current

http://www.sunybroomefa.org Calendar of SBFA Events Negotiations Updates Current Contract Other Critical & Timely Information Thank you to Dr. Amanda Hollister & Dr. Bill Hollister for their continued support of the

640 views • 34 slides
Mainstreaming biodiversity, development and development cooperation: An overview of current

Mainstreaming biodiversity, development and development cooperation: An overview of current

Mainstreaming biodiversity, development and development cooperation: An overview of current issues, opportunities and challenges Katia Karousakis and Naeeda Crishna Morgado, OECD 28 October 2015 CBD Roundtable, Brussels Biodiversity and

327 views • 11 slides
How Events Are Reshaping Modern Systems Jonas Bonr @jboner Why Should you care about Events?

How Events Are Reshaping Modern Systems Jonas Bonr @jboner Why Should you care about Events?

How Events Are Reshaping Modern Systems Jonas Bonr @jboner Why Should you care about Events? 1. Events drive autonomy 2. Events help reduce risk 3. Events help you move faster 4. Events Increase Loose coupling 5. Events increase stability 6.

1.03k views • 57 slides
CONTRACTORS, INC. & Current Events Capezio Contractors, Inc. Wins the Chrysalis Award

CONTRACTORS, INC. & Current Events Capezio Contractors, Inc. Wins the Chrysalis Award

CAPEZIO CONTRACTORS, INC. & Current Events Capezio Contractors, Inc. Wins the Chrysalis Award This was the first year that Capezio Contractors entered the awards, and to take home top honors on the first attempt is impressive and to

63 views • 3 slides
JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET

JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET

JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET JENKINS MODERNE ET LIVRAISON CONTINUE LIVRAISON CONTINUE LIVRAISON CONTINUE LIVRAISON CONTINUE LIVRAISON CONTINUE LIVRAISON CONTINUE JENKINS

1.25k views • 88 slides
Greetings from SlackBuilds.org David Spencer pkgsrcCon 2017 About SBo 11 years old

Greetings from SlackBuilds.org David Spencer pkgsrcCon 2017 About SBo 11 years old

Greetings from SlackBuilds.org David Spencer pkgsrcCon 2017 About SBo 11 years old conventional ports-inspired setup from source ftw shell script + metadata ~6500 packages disjoint from core Slackware (~1400 packages) lightweight

379 views • 12 slides
Reducing Power Density through Activity Migration Seongmoo Heo, Kenneth Barr, and Krste Asanovi

Reducing Power Density through Activity Migration Seongmoo Heo, Kenneth Barr, and Krste Asanovi

ISLPED 2003 8/26/2003 Reducing Power Density through Activity Migration Seongmoo Heo, Kenneth Barr, and Krste Asanovi Computer Architecture Group, MIT CSAIL Background Hot Spots Rapid rise of processor power density Uneven

511 views • 27 slides
Using Debian for Enterprise Infrastructure Stanford University: A Case Study Russ Allbery August

Using Debian for Enterprise Infrastructure Stanford University: A Case Study Russ Allbery August

Stanford University July 26, 2014 1 Using Debian for Enterprise Infrastructure Stanford University: A Case Study Russ Allbery August 3, 2010 Russ Allbery (rra@stanford.edu) Stanford University July 26, 2014 2 Introduction Stanford

650 views • 17 slides
Transitions & Thresholds Data Transfer & Bridging Infrastructure in Data Curation Ingrid

Transitions & Thresholds Data Transfer & Bridging Infrastructure in Data Curation Ingrid

Transitions & Thresholds Data Transfer & Bridging Infrastructure in Data Curation Ingrid Mason, Deployment Strategist Dr Frankie Stevens, Research Engagement Strategist What happens in between the stages of this [curation]

532 views • 24 slides
Lamps V2.0 Draft 2 Webinar April 20, 2015 9 am-12 pm EST Taylor Jantz-Sell LC, U.S.

Lamps V2.0 Draft 2 Webinar April 20, 2015 9 am-12 pm EST Taylor Jantz-Sell LC, U.S.

Lamps V2.0 Draft 2 Webinar April 20, 2015 9 am-12 pm EST Taylor Jantz-Sell LC, U.S. Environmental Protection Agency Austin Gelder, ICF International Emily Phan-Gruber, D+R International Todays Agenda Lumen Maintenance Introduction

782 views • 50 slides
GREEN LABS LUNCH & LEARN Sustainable Purchasing N O V 0 7 , 2 0 1 7 AGENDA Tim e Topic

GREEN LABS LUNCH & LEARN Sustainable Purchasing N O V 0 7 , 2 0 1 7 AGENDA Tim e Topic

GREEN LABS LUNCH & LEARN Sustainable Purchasing N O V 0 7 , 2 0 1 7 AGENDA Tim e Topic Speaker 11: 45 LUNCH 12: 00 Welcome, Introduction & Updates Ligia Gheorghita Risk Management Services 12: 05 UBC Financial Operations

444 views • 21 slides
Keeping it Green: Integrated QA with the Yocto Project Paul Eggleton Intel Open Source

Keeping it Green: Integrated QA with the Yocto Project Paul Eggleton Intel Open Source

Keeping it Green: Integrated QA with the Yocto Project Paul Eggleton Intel Open Source Technology Centre ELCE 2013 Edinburgh 24 Oct 2013 2/27 Yocto Project | The Linux Foundation 3/27 Yocto Project | The Linux Foundation 4/27 Yocto

683 views • 27 slides

More recommend