ilab
play

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr - PowerPoint PPT Presentation

Dec 01, 2022 •401 likes •879 views

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 16ss 1 / 38 Outline Introduction Trust architecture Protocols Attacks

  1. iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München Lab 9 – 16ss 1 / 38

  2. Outline Introduction Trust architecture Protocols Attacks Further topics Announcements 2 / 38

  3. Outline Introduction Trust architecture Protocols Attacks Further topics Announcements 3 / 38

  4. Anonymity Anonymity set: set of people indistinguishable to the adversary ◮ size ◮ diversity This is not enough! 4 / 38

  5. Separation of network identity and routing is the service provided by onion routing. 5 / 38

  6. Overlay network 6 / 38

  7. Overlay network 6 / 38

  8. Onion skins server guard middle exit Circuits: nested encrypted connections via three relays 7 / 38

  9. Design goals ◮ anonymous routing non-goals are, e.g. ◮ anonymity ◮ global passive adversary ◮ end to end correlation attacker power ◮ limited active and passive network attacks ◮ compromised relays 8 / 38

  10. Attacker model 9 / 38

  11. Attacker model 9 / 38

  12. Attacker model 9 / 38

  13. ◮ you are anonymous to the service you visit ◮ your network does not see which services you visit 10 / 38

  14. Tor Tor is an implementation of onion routing. ◮ censorship circumvention ◮ open design process ◮ low latency anonymity system Software ◮ tor ◮ obfsproxy ◮ Tor Browser ◮ . . . lots of ecosystem around it 11 / 38

  15. Outline Introduction Trust architecture Protocols Attacks Further topics Announcements 12 / 38

  16. Components onion router ◮ identity key ◮ relays traffic directory authority ◮ authority identity key ◮ manage list of onion routers ◮ agree on unified network view with other DAs onion proxy ◮ build circuit consisting of onion routers ◮ ingest application traffic 13 / 38

  17. Relationships DA DA DA OR OP OR OP OR OR 14 / 38

  18. Relationships DA DA DA OR OP OR OP OR OR 14 / 38

  19. Directory authority directory authority 0 addr, port, pub key hourly vote addr, port, pub key other directory authorities . . . ◮ authority identity key ◮ authority signing key 15 / 38

  20. Descriptor ◮ nickname ◮ IP, port ◮ identity key (long-term KSK) ◮ signing key (medium-term) ◮ onion key ◮ published date ◮ version ◮ lots of other info, e.g. bandwidth ◮ signature Right now there is a transition from RSA 1024 to ED25519 with cross signatures. 16 / 38

  21. Joining the network onion router ◮ upload descriptor ◮ retrieve consensus DA functionality check DA voting onion proxy ◮ retrieve consensus ◮ build circuits 17 / 38

  22. Outline Introduction Trust architecture Protocols Attacks Further topics Announcements 18 / 38

  23. Overview stream relay circuit extend OR1 OR2 OR3 TLS + link protocol 19 / 38

  24. Overview ◮ OR connections protected with combined TLS and cell protocol handshake ◮ all Tor communication in cells inside TLS ◮ authenticated ECDH handshakes (ntor) to build circuits ◮ “onion skin” layered encryption on the relay subprotocol cells 20 / 38

  25. Cells circuit id command length payload 4 octets 1 octet 2 octets may be padded ◮ VERSIONS: version negotiation ◮ CERTS: certificates ◮ CREATE2: ntor handshake DH ◮ CREATED2: ntor handshake DH, authenticator ◮ RELAY: subprotocol (data) ◮ DESTROY: reason for tearing down circuit ◮ and many more This is the version 4 link protocol. Most cells have fixed size 514 octets. 21 / 38

  26. Relay subprotocol relay cmd recognized stream id digest length payload 1 octet 2 octets 2 octets 4 octets 2 octets padded ◮ RELAY_EXTEND2 (control): CREATE2 ◮ RELAY_EXTENDED2 (control): CREATED2 ◮ RELAY_RESOLVE: very simple DNS query ◮ RELAY_RESOLVED: DNS response ◮ RELAY_BEGIN: address, port ◮ RELAY_CONNECTED: address, port ◮ RELAY_DATA: original TCP SDU ◮ RELAY_END: termination reason ◮ and many more This is where the encryption happens. 22 / 38

  27. Link handshake OR1 OR2 TLS VERSION T I N F O R T S , N E O N , C E V E R S I authenticate using TLS info N E T I N F O ◮ version 3 handshake flow ◮ TLS connection reused for all circuits between OR1 and OR2 23 / 38

  28. Circuit setup ◮ extend circuits by one hop at at time ◮ connect a stream to a TCP/IP destination ◮ then: relay cells with application content Spare circuits are created ahead of time. 24 / 38

  29. Relay protocol: circuit extension OP guard middle CREATE2 CREATED2 EXTEND2(CREATE2) C R E A T E 2 2 A T E D C R E EXTENDED2(CREATED2) 25 / 38

  30. ntor handshake ◮ one-way authenticated DH key agreement ◮ no signatures or RSA involved ◮ two DH operations ◮ forward security ◮ responder authenticated ◮ initiator anonymous ◮ security proofs for: key agreement, authentication, anonymity 26 / 38

  31. ntor (simplified) 1. Bob: ( b , B ) ← GenDH () 2. Alice learns authentic ID B , B . 3. ( x , X ) ← GenDH () ID B , X ( y , Y ) ← GenDH () dh := yX || bX ( sk ′ , sk ) := H ( dh || ID B || X || Y ) t B := Mac sk ′ ( ID B || X || Y ) t B Y , dh := xY || xB ( sk ′ , sk ) := H ( dh || ID B || X || Y ) Vrfy sk ′ ( t B , ( ID B || X || Y )) 27 / 38

  32. Processing of a relay cell cid cmd [encrypted] OR2: Dec k 2 ( · ) recog ? → pass along circuit = 0 OR3: Dec k 3 ( · ) recog ? = 0 Vrfy k ( MAC , cell ) cid cmd cmd recog sid digest len payload 28 / 38

  33. Outline Introduction Trust architecture Protocols Attacks Further topics Announcements 29 / 38

  34. sslstrip exit server 30 / 38

  35. Correlation server 31 / 38

  36. Correlation server → guard nodes 31 / 38

  37. Outline Introduction Trust architecture Protocols Attacks Further topics Announcements 32 / 38

  38. Censorship circumvention Bridges ◮ “secret” relays ◮ “pluggable transports” as obfuscation layer 33 / 38

  39. Onion services ◮ location hidden services / responder anonymity ◮ service offering without disclosing network identity ◮ name/URL: hash of public key ◮ authenticating URL: tunnel TCP connections to an OR currently not all properties secure 34 / 38

  40. Circuit setup (conceptual) DHT OP RP IP OS IP IP 35 / 38

  41. Circuit setup (conceptual) DHT descriptor: IPs, k pub OP RP IP OS IP IP 35 / 38

  42. Circuit setup (conceptual) DHT OP RP IP OS IP IP 35 / 38

  43. Circuit setup (conceptual) DHT OP RP IP OS RP IP IP 35 / 38

  44. Circuit setup (conceptual) DHT OP RP IP OS IP IP 35 / 38

  45. Use cases ◮ responder authentication ◮ break out of NAT ◮ hide server location Example ◮ Facebook social network: https://facebookcorewwwi.onion ◮ DuckDuckGo search engine: http://3g2upl4pq6kufc4m.onion ◮ Debian GNU/Linux operating system mirror: http://vwakviie2ienjx6t.onion ◮ Ricochet messenger Always offer additionally to TLS. 36 / 38

  46. Outline Introduction Trust architecture Protocols Attacks Further topics Announcements 37 / 38

  47. Announcements ◮ tentative dates for oral attestations: July 15-22 ◮ lecture recordings with two audio tracks ◮ additional radio NICs 38 / 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

your exercise iLab 1+2 info event online Tell your friends!

your exercise iLab 1+2 info event online Tell your friends!

The iLab Experience a blended learning hands-on course concept you set the focus Final Lecture Marc-Oliver Pahl, Jul 25, 2017 your exercise iLab 1+2 info event online Tell your friends!

1.81k views • 96 slides
ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network

ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network

ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen June 4, 2014 Lukas Grillmayer and Linus Lotz: ilab 2 -

1.39k views • 51 slides
iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Surveillance and operational security 14ws 1 lecture evaluation oral

916 views • 30 slides
ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP addresses. Human beings do not memorize IP

779 views • 23 slides
ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to

ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to applications application application 4

647 views • 26 slides
iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 7 17ws 1 / 41 Outline Trust Transport Layer Security Packet filter

1.19k views • 43 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 18ss 1 / 36 Outline Introduction Trust architecture Protocols Attacks

663 views • 45 slides
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 6 16ss 1 / 34 Motivation: IPv4 Address Scarcity source:

784 views • 54 slides
course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance,

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance,

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt

986 views • 47 slides
iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 4 14ws 1 Outline Transport Layer UDP TCP MTCP / SCTP 2 Outline

720 views • 32 slides
ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL (Secure Socket Layer) /

812 views • 25 slides
iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen October 18, 2017 Based on slides of Lukas Schwaighofer 1

678 views • 46 slides
iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen April 25, 2017 Based on slides of Lukas Schwaighofer 1

471 views • 10 slides
iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de

iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de

iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 2 17ws 1 / 21 Outline Meta

540 views • 27 slides
The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself

The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself

The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself - Hardware YE - Topic Outline May 29, 2018 10.4. Kick Off, IPv6 1 IPv6 BGP 17.4. 2 Minilab 1 2 mini labs Advanced Wireless Playground BGP

1.64k views • 125 slides
iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 10 16ss 1 / 32 Oral attestations available dates Friday,

521 views • 33 slides
Onion Routing Meant to handle issue of people knowing who youre talking to Basic idea

Onion Routing Meant to handle issue of people knowing who youre talking to Basic idea

Onion Routing Meant to handle issue of people knowing who youre talking to Basic idea is to conceal sources and destinations By sending lots of crypo-protected packets between lots of places Each packet goes through multiple

366 views • 20 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security

Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security

Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security Tor and usability combined lecture Usability and security Stephen McCamant University of Minnesota, Computer Science & Engineering Usable

964 views • 9 slides
A Comprehensive Structure and Privacy Analysis of Tor Hidden Services Iskander Sanchez-Rola,

A Comprehensive Structure and Privacy Analysis of Tor Hidden Services Iskander Sanchez-Rola,

The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services Iskander Sanchez-Rola, Davide Balzarotti, Igor Santos Tor Hidden Services Provides anonymity through the onion routing protocol Tor

958 views • 23 slides
How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson , Laura Roberts,

How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson , Laura Roberts,

How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson , Laura Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster USENIX Security Symposium 15 August 2018 1 Tor is a Decentralized Anonymity Network The

1.43k views • 61 slides
CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit:

CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit:

CS573 Data Privacy and Security CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit: Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL Problem Confidential

576 views • 31 slides
Annou ouncem emen ents This Wednesday: No office hour from me I am travelling to DC for

Annou ouncem emen ents This Wednesday: No office hour from me I am travelling to DC for

Annou ouncem emen ents This Wednesday: No office hour from me I am travelling to DC for CPS PI meeting This Thursday: Guest Lecture on Machine Learning Security One of the hottest security research topics today Some of you

979 views • 30 slides
Package management over Tor PkgsrcCon 2017 alnsn@NetBSD.org What is Tor? Introducing

Package management over Tor PkgsrcCon 2017 alnsn@NetBSD.org What is Tor? Introducing

Package management over Tor PkgsrcCon 2017 alnsn@NetBSD.org What is Tor? Introducing http://pkgsrcbadj4vrrrr.onion Hidden pkgsrc mirror: NetBSD packages for amd64, arm, earm, earmv6hf, earmv7hf, earmv7hfeb, sparc64, mipsel distfiles No

405 views • 13 slides

More recommend