[PPT] - The Tor Project Our mission is to be the global resource for PowerPoint Presentation

SLIDE 1

1

The Tor Project

Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom

f speech, privacy rights online, and

censorship circumvention.

SLIDE 2

2

O

n l i n e A n

n

y mi t y

– O

p e n S

u

r c e

– O

p e n N e t w

r

k

C
mmu

n i t y

f

r e s e a r c h e r s , d e v e l

p

e r s , u s e r s a n d r e l a y

p

e r a t

r

s .

U

. S . 5 1 ( c ) ( 3 ) n

n
p

r

fj

t

r

g a n i z a t i

n

SLIDE 3

3

Estimated 2,000,000 to 8,000,000 daily Tor users

SLIDE 4

4

Threat model: what can the attacker do?

Alice Anonymity network Bob watch (or be!) Bob! watch Alice! Control part of the network!

SLIDE 5

5

Anonymity isn't encryption: Encryption just protects contents.

Alice Bob “Hi, Bob!” “Hi, Bob!” <gibberish> attacker

SLIDE 6

6

SLIDE 7

7

Anonymity serves different interests for different user groups.

Anonymity

Private citizens “It's privacy!”

SLIDE 8

8

Anonymity serves different interests for different user groups.

Anonymity

Private citizens Businesses “It's network security!” “It's privacy!”

SLIDE 9

9

Anonymity serves different interests for different user groups.

Anonymity

Private citizens Governments Businesses “It's traffic-analysis resistance!” “It's network security!” “It's privacy!”

SLIDE 10

10

Anonymity serves different interests for different user groups.

Anonymity

Private citizens Governments Businesses “It's traffic-analysis resistance!” “It's network security!” “It's privacy!” Human rights activists “It's reachability!”

SLIDE 11

11

The simplest designs use a single relay to hide connections.

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Relay E(Bob3,“X”) E(Bob1, “Y”) E ( B

b

2 , “ Z ” ) “Y” “Z” “X”

(example: some commercial proxy providers)

SLIDE 12

12

But a central relay is a single point of failure.

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Evil Relay E(Bob3,“X”) E(Bob1, “Y”) E ( B

b

2 , “ Z ” ) “Y” “Z” “X”

SLIDE 13

13

... or a single point of bypass.

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Irrelevant Relay E(Bob3,“X”) E(Bob1, “Y”) E ( B

b

2 , “ Z ” ) “Y” “Z” “X”

Timing analysis bridges all connections through relay ⇒ An attractive fat target

SLIDE 14

14

So, add multiple relays so that no single one can betray Alice.

Bob Alice R1 R2 R3 R4 R5

SLIDE 15

15

Alice makes a session key with R1 ...And then tunnels to R2...and to R3

Bob Alice R1 R2 R3 R4 R5 Bob2

SLIDE 16

16

SLIDE 17

17

SLIDE 18

18

SLIDE 19

19

SLIDE 20

20

Tor's safety comes from diversity

#1: Diversity of relays. The more relays

we have and the more diverse they are, the fewer attackers are in a position to do traffic confirmation. (Research problem: measuring diversity over time)

#2: Diversity of users and reasons to use
it. 50000 users in Iran means almost all of

them are normal citizens.

SLIDE 21

21

Transparency for Tor is key

Open source / free software
Public design documents and

specifications

Publicly identified developers
Not a contradiction:

privacy is about choice!

SLIDE 22

22

But what about bad people?

Remember the millions of daily users.
Still a two-edged sword?
Good people need Tor much more

than bad guys need it.

SLIDE 23

23

SLIDE 24

24

SLIDE 25

25

SLIDE 26

26

SLIDE 27

SLIDE 28

28 R4 R2 R1 R3 Bob Alice Alice Alice Alice Alice Blocked User Blocked User Blocked User Blocked User Blocked User Alice Alice Alice Alice Alice Alice Alice Alice Alice Alice

SLIDE 29

SLIDE 30

30

Pluggable transports

SLIDE 31

31

Pluggable transports

Flashproxy (Stanford), websocket
FTEProxy (Portland St), http via regex
Stegotorus (SRI/CMU), http
Skypemorph (Waterloo), Skype video
uProxy (Google), webrtc
ScrambleSuit (Karlstad), obfs-based
Telex (Michigan/Waterloo), traffic divert

SLIDE 32

32

SLIDE 33

33

SLIDE 34

35

SLIDE 35

36

SLIDE 36

37

SLIDE 37

38

SLIDE 38

39

SLIDE 39

40

“Still the King of high secure, low latency Internet Anonymity” Contenders for the throne:

None

SLIDE 40

41 R4 R2 R1 R3 Bob Alice Alice Alice Alice Alice Blocked User Blocked User Blocked User Blocked User Blocked User Alice Alice Alice Alice Alice Alice Alice Alice Alice Alice

SLIDE 41

42

SLIDE 42

44

SLIDE 43

45

Arms races

Censorship arms race is bad
Surveillance arms race is worse

– And centralization of the Internet

makes it worse still

SLIDE 44

46

SLIDE 45

47

O n i

n

S e r v i c e

SLIDE 46

48

Onion service properties

Self authenticated
End-to-end encrypted
Built-in NAT punching
Limit surface area
No need to “exit” from Tor

SLIDE 47

49

SLIDE 48

50

SLIDE 49

51 q

SLIDE 50

52

SLIDE 51

53

SLIDE 52

54

S e c u r e D r

p

https://securedrop.org/directory

Today, 30+ organizations use SecureDrop

SLIDE 53

55

R i c

c

h e t

SLIDE 54

56

O n i

n

S h a r e

SLIDE 55

57

Tor isn't foolproof

Opsec mistakes
Browser metadata fingerprints
Browser exploits
Traffic analysis

SLIDE 56

58

How can you help?

Run a relay (or a bridge)
Teach your friends about Tor, and privacy

in general

Help find -- and fix – bugs
Work on open research problems

(petsymposium.org)

donate.torproject.org

SLIDE 57

59

R e l a y

p

e r a t

r

m e e t u p , t

d

a y

1 5 : t

d

a y i n r

m

H . 3 2 4 4

SLIDE 58

60

n

i . t

r

p r

j

e c t .

r

g

SLIDE 59

61

e x p l

r

e r .

n

i . t

r

p r

j

e c t .

r

g

I