The Tor Project Our mission is to be the global resource for - - PowerPoint PPT Presentation

the tor project
SMART_READER_LITE
LIVE PREVIEW

The Tor Project Our mission is to be the global resource for - - PowerPoint PPT Presentation

Oct 06, 2022 227 likes •594 views

The Tor Project Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention. 1 What is Tor? Online anonymity 1)

slide-1
SLIDE 1

1

The Tor Project

Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom

  • f speech, privacy rights online, and

censorship circumvention.

slide-2
SLIDE 2

2

What is Tor?

Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, Knight Foundation, ...

slide-3
SLIDE 3

3

501(c)(3) non-profit

  • rganization dedicated to

the research and development of tools for

  • nline anonymity and

privacy

The Tor Project, Inc.

slide-4
SLIDE 4

4

Estimated 2,000,000+ daily Tor users

slide-5
SLIDE 5

5

Threat model: what can the attacker do?

Alice Anonymity network Bob watch (or be!) Bob! watch Alice! Control part of the network!

slide-6
SLIDE 6

6

Anonymity isn't encryption: Encryption just protects contents.

Alice Bob “Hi, Bob!” “Hi, Bob!” <gibberish> attacker

slide-7
SLIDE 7

7

Anonymity isn't just wishful thinking...

“You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?”

slide-8
SLIDE 8

8

Anonymity serves different interests for different user groups.

Anonymity

Private citizens “It's privacy!”

slide-9
SLIDE 9

9

Anonymity serves different interests for different user groups.

Anonymity

Private citizens Businesses “It's network security!” “It's privacy!”

slide-10
SLIDE 10

10

Anonymity serves different interests for different user groups.

Anonymity

Private citizens Governments Businesses “It's traffic-analysis resistance!” “It's network security!” “It's privacy!”

slide-11
SLIDE 11

11

Anonymity serves different interests for different user groups.

Anonymity

Private citizens Governments Businesses “It's traffic-analysis resistance!” “It's network security!” “It's privacy!” Human rights activists “It's reachability!”

slide-12
SLIDE 12

12

Current situation: Bad people on the Internet are doing fine

Trojans Viruses Exploits Phishing Spam Botnets Zombies Espionage DDoS Extortion

slide-13
SLIDE 13

13

The simplest designs use a single relay to hide connections.

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Relay E(Bob3,“X”) E(Bob1, “Y”) E ( B

  • b

2 , “ Z ” ) “Y” “Z” “X”

(example: some commercial proxy providers)

slide-14
SLIDE 14

14

But a single relay (or eavesdropper!) is a single point of failure.

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Evil Relay E(Bob3,“X”) E(Bob1, “Y”) E ( B

  • b

2 , “ Z ” ) “Y” “Z” “X”

slide-15
SLIDE 15

15

... or a single point of bypass.

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Irrelevant Relay E(Bob3,“X”) E(Bob1, “Y”) E ( B

  • b

2 , “ Z ” ) “Y” “Z” “X”

Timing analysis bridges all connections through relay ⇒ An attractive fat target

slide-16
SLIDE 16

16

So, add multiple relays so that no single one can betray Alice.

Bob Alice R1 R2 R3 R4 R5

slide-17
SLIDE 17

17

Alice makes a session key with R1 ...And then tunnels to R2...and to R3

Bob Alice R1 R2 R3 R4 R5 Bob2

slide-18
SLIDE 18

18

slide-19
SLIDE 19

19

Tor's safety comes from diversity

  • #1: Diversity of relays. The more relays

we have and the more diverse they are, the fewer attackers are in a position to do traffic confirmation. (Research problem: measuring diversity over time)

  • #2: Diversity of users and reasons to use
  • it. 50000 users in Iran means almost all of

them are normal citizens.

slide-20
SLIDE 20

20

slide-21
SLIDE 21

21

Orbot

slide-22
SLIDE 22

22

Tails LiveCD

slide-23
SLIDE 23

23

slide-24
SLIDE 24

24

slide-25
SLIDE 25

25

Pluggable transports

slide-26
SLIDE 26

26

slide-27
SLIDE 27

27

“Still the King of high secure, low latency Internet Anonymity” Contenders for the throne:

  • None
slide-28
SLIDE 28

28

slide-29
SLIDE 29

29

Only a piece of the puzzle

We hope the users aren't attacked by their hardware and software No spyware installed, no cameras watching their screens, etc Users can fetch a genuine copy of Tor?

slide-30
SLIDE 30

30

slide-31
SLIDE 31

31

slide-32
SLIDE 32

32

slide-33
SLIDE 33

33

Three ways to destroy Tor

  • 1) Legal / policy / media attacks
  • 2) Make ISPs hate hosting exit relays
  • 3) Make services hate Tor connections

– Yelp, Wikipedia, Google, Skype, …

  • #3 is getting worse due to centralization

(Akamai, Cloudflare) and to outsourcing blacklists

slide-34
SLIDE 34

34

slide-35
SLIDE 35

35

“Threat landscape”

  • Application-level threats (Firefox)
  • Traffic analysis (observers)
  • Possibility of bad relays
  • Research is critical (responsibly!)
  • Funding diversity