Tor, a quick overview Linus Nordberg <linus@torproject.org> - - PowerPoint PPT Presentation

tor a quick overview
SMART_READER_LITE
LIVE PREVIEW

Tor, a quick overview Linus Nordberg <linus@torproject.org> - - PowerPoint PPT Presentation

Jul 02, 2023 159 likes •544 views

Tor, a quick overview Linus Nordberg <linus@torproject.org> The Tor Project https://torproject.org/ 1 What is Tor Online anonymity: 1. software, 2. network, 3. protocol Open source, freely available Community of researchers,

slide-1
SLIDE 1

1

Tor, a quick overview

Linus Nordberg <linus@torproject.org> The Tor Project https://torproject.org/

slide-2
SLIDE 2

2

What is Tor

  • Online anonymity: 1. software, 2. network, 3.

protocol

  • Open source, freely available
  • Community of researchers, developers, users

and relay operators

  • Funding from US DoD, Electronic Frontier

Foundation, Voice of America, Google, NLnet, Human Rights Watch and more

slide-3
SLIDE 3

3

  • 501(c)(3) non-profit
  • rganization dedicated

to the research and development of tools for online anonymity and privacy

The Tor Project, Inc.

slide-4
SLIDE 4

4

Estimated 400,000 daily tor users

slide-5
SLIDE 5

5

Anonymity serves different interests for different user groups

Anonymity?

Private citizens “It's privacy”

slide-6
SLIDE 6

6

Anonymity serves different interests for different user groups

Anonymity?

Private citizens Businesses “It's network security” “It's privacy”

slide-7
SLIDE 7

7

Anonymity serves different interests for different user groups

Anonymity?

Private citizens Businesses “It's network security” “It's privacy” Governments “It's traffic-analysis resistance!”

slide-8
SLIDE 8

8

Anonymity serves different interests for different user groups

Anonymity?

Private citizens Governments Businesses “It's traffic-analysis resistance!” “It's network security” “It's privacy” Blocked users “It's reachability!”

slide-9
SLIDE 9

9

Encryption alone doesn't protect against traffic-analysis

Alice Bob

slide-10
SLIDE 10

10 Sick Alice Web serarch Vårdguiden.se Netdoktor.se

Regular citizens don't want to be watched and tracked

slide-11
SLIDE 11

11 8-year-old Alice Web services

Regular citizens don't want to be watched and tracked

slide-12
SLIDE 12

12 Blogger Alice Blog site

Regular citizens don't want to be watched and tracked

slide-13
SLIDE 13

13 Employed Alice Web search Vårdguiden.se Netdoktor.se

Regular citizens don't want to be watched and tracked

slide-14
SLIDE 14

14 Consumer Alice Amazon.com Cdon.se Bokus.com Prisjakt.nu Pricerunner.se

Regular citizens don't want to be watched and tracked

slide-15
SLIDE 15

15 Alice Corp Competitor

Business need to keep trade secrets

slide-16
SLIDE 16

16 Alice Corp Web search Suppliers Customers Media

Business need to keep trade secrets

slide-17
SLIDE 17

17 Police Alice Suspected Bob

Law enforcement needs anonymity to get the job done

slide-18
SLIDE 18

18 Police Alice Bob, selling illegal drugs

Law enforcement needs anonymity to get the job done

slide-19
SLIDE 19

19 Police Alice Bob Corleone

Law enforcement needs anonymity to get the job done

slide-20
SLIDE 20

20 Witness Alice Police tip line

Law enforcement needs anonymity to get the job done

slide-21
SLIDE 21

21 Alice with protected identity Online news Internet shops Web forums

Law enforcement needs anonymity to get the job done

slide-22
SLIDE 22

22 Ambassador Alice abroad Foreign ministry at home

Governments need anonymity for their security

slide-23
SLIDE 23

23 Agent Alice Defence agency

Governments need anonymity for their security

slide-24
SLIDE 24

24 Alice the source Bob the journalist

Journalists and their sources need Tor for their personal safety

slide-25
SLIDE 25

25 Alice the journalisten Suspicious company

Journalists and their sources need Tor for their personal safety

slide-26
SLIDE 26

26 Censored Alice Filtered web site

Journalists and their sources need Tor for their personal safety

slide-27
SLIDE 27

27 Alice the dissident Surveiled web site

Journalists and their sources need Tor for their personal safety

slide-28
SLIDE 28

28

The simpler systems use only one relay

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Relay E(Bob3,“X”) E(Bob1, “Y”) E ( B

  • b

2 , “ Z ” ) “Y” “Z” “X”

(For example relax.se, dold.se and ipredator.se)

slide-29
SLIDE 29

29

The simpler systems put all the eggs in the same basket

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 E(Bob3,“X”) E(Bob1, “Y”) E ( B

  • b

2 , “ Z ” ) “Y” “Z” “X”

slide-30
SLIDE 30

30

A single relay is also an attractive target

Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Relay E(Bob3,“X”) E(Bob1, “Y”) E ( B

  • b

2 , “ Z ” ) “Y” “Z” “X” Trafic and timing analysis will reveal which Alice is talking to which Bob.

slide-31
SLIDE 31

31

So, add multiple relays so that no single one can betray Alice

Bob Alice R1 R2 R3 R4 R5

slide-32
SLIDE 32

32

A corrupt first hop can tell that Alice is talking, but not to whom

Bob Alice R2 R3 R1 R4 R5

slide-33
SLIDE 33

33

A corrupt final hop can tell that somebody is talking to Bob, but not who

Bob Alice R1 R2 R3 R4 R5

slide-34
SLIDE 34

34

The first hop is protected by three layers of encryption, then each hop peels off one layer, onion routing

R1 R2 R3 R4 R5 Alice Bob1 Bob2

slide-35
SLIDE 35

35

slide-36
SLIDE 36

36

slide-37
SLIDE 37

37