tor a quick overview
play

Tor: a quick overview Roger Dingledine The Tor Project - PowerPoint PPT Presentation

Oct 26, 2022 •154 likes •660 views

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity software and network Open source, freely available Community of researchers, developers, users, and relay operators 2

  1. Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1

  2. What is Tor? ● Online anonymity software and network ● Open source, freely available ● Community of researchers, developers, users, and relay operators 2

  3. The Tor Project, Inc. ● 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy 3

  4. Estimated 300,000 daily Tor users 4

  5. Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 5

  6. Anonymity isn't cryptography: Cryptography just protects contents. “Hi, Bob!” “Hi, Bob!” <gibberish> Alice attacker Bob 6

  7. Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 7

  8. Anonymity serves different interests for different user groups. Anonymity Private citizens “It's privacy!” 8

  9. Anonymity serves different interests for different user groups. Businesses Anonymity “It's network security!” Private citizens “It's privacy!” 9

  10. Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Businesses Governments Anonymity “It's network security!” Private citizens “It's privacy!” 10

  11. Anonymity serves different interests for different user groups. “It's reachability!” Human rights “It's traffic-analysis activists resistance!” Businesses Governments Anonymity “It's network security!” Private citizens “It's privacy!” 11

  12. Regular citizens don't want to be watched and tracked. “I sell the logs.” Blogger Hostile Bob Alice “Oops, I lost the logs.” 8-year-old Incompetent Bob The AOL fiasco Alice “Hey, they aren't Indifferent Bob Sick my secrets.” Alice Name, address, age, friends, (the network can track too) Consumer interests Alice (medical, financial, etc), Union unpopular opinions, member illegal opinions.... 12

  13. Law enforcement needs anonymity to get the job done. “Why is alice.localpolice.gov reading Investigated my website?” suspect “Why no, alice.localpolice.gov! Officer Sting I would never sell counterfeits on ebay!” Alice target “Is my family safe if I Organized go after these guys?” Crime Witness/informer “Are they really going to ensure Anonymous Alice my anonymity?” tips 13

  14. Businesses need to protect trade secrets ... and their customers “Oh, your employees are reading Competitor our patents/jobs page/product sheets?” “Hey, it's Alice! Give her the 'Alice' version!” Competitor AliceCorp “Wanna buy a list of Alice's suppliers? Compromised What about her customers? network What about her engineering department's favorite search terms?” 14

  15. Governments need anonymity for their security “What will you bid for a list of Baghdad IP addresses that get email from .gov?” Untrusted ISP Agent “ Somebody in that hotel room just Alice checked his Navy.mil mail! ” Compromised “ What does FBI Google for? ” service “Do I really want to reveal my internal network topology?” Shared Coalition “Do I want all my partners to know network member extent/pattern of my comms with other Alice partners? Defense in “What about insiders?” Depth 15

  16. Governments need anonymity for their security “How can I securely and quickly Homeland exchange vital info with every security sheriff's dept and Hazmat transporter network without bringing them into my secure Govt. network? web server “Do I want every SIPRNET node to Bob Defense in know where all the traffic on it is headed?” Depth “Can I hide where my MLS chat server/my automated regrader is?” Hidden Services Can my servers resist DDoS and physical attack even by authorized users?” 16

  17. Journalists and activists need Tor for their personal safety Monitoring “Did you just post to that website?” ISP Activist/ Whistleblower “Where are the bloggers connecting from?” Alice Monitored “I run livejournal and track my users” website “Of course I tell China about my users” “What does the Global Voices website Filtered say today?” Blocked website “I want to tell people what's going on Alice in my country” Monitored “I think they're watching. I'm not even network going to try.” 17

  18. 18

  19. You can't get anonymity on your own: private solutions are ineffective... Alice's small Citizen “One of the 25 users ... anonymity net Alice on AliceNet.” Officer Municipal Investigated Alice “Looks like a cop.” anonymity net suspect AliceCorp AliceCorp “It's somebody at Competitor anonymity net AliceCorp!” 19

  20. ... so, anonymity loves company! Citizen “???” ... Alice Officer Investigated Alice Shared “???” suspect anonymity net AliceCorp Competitor “???” 20

  21. Yes, bad people need anonymity too. But they are already doing well. Compromised botnet Stolen mobile phones Evil Criminal Alice Open wireless nets ..... 21

  22. Current situation: Bad people on the Internet are doing fine Trojans Viruses Exploits Botnets Zombies Espionage Phishing DDoS Spam Extortion 22

  23. The simplest designs use a single relay to hide connections. Bob1 Alice1 E(Bob3,“X”) “Y” Relay Alice2 “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 (example: some commercial proxy providers) 23

  24. One relay is a single point of failure. Bob1 Alice1 E(Bob3,“X”) “Y” Evil Alice2 Relay “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 24

  25. ... or a single point of bypass. Bob1 Alice1 E(Bob3,“X”) “Y” Irrelevant Alice2 Relay “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 Timing analysis bridges all connections ⇒ An attractive fat target through relay 25

  26. So, add multiple relays so that no single one can betray Alice. Bob Alice R1 R3 R5 R4 R2 26

  27. A corrupt first hop can tell that Alice is talking, but not to whom. Bob Alice R1 R3 R5 R4 R2 27

  28. A corrupt final hop can tell that somebody is talking to Bob, but not who. Bob Alice R1 R3 R5 R4 R2 28

  29. Alice makes a session key with R1 ...And then tunnels to R2...and to R3 Bob Alice R1 R3 Bob2 R5 R4 R2 29

  30. Snooping on Exit Relays ● Lots of press in 2007 about people watching traffic coming out of Tor. ● If you want end-to-end encryption (like https), then you need to get it separately. ● Tor hides your location; it doesn't magically encrypt all traffic on the Internet. ● Though Tor does protect from your local network. 30

  31. Javascript, cookies, history, etc ● Javascript refresh attack ● Cookies, History, browser window size, user-agent, language, http auth, ... ● Mike Perry's Torbutton extension for Firefox fixes many of these, but not all 31

  32. Flash is dangerous too ● Some apps are bad at obeying their proxy settings. ● Adobe PDF plugin. Flash. Other plugins. Extensions. Especially Windows stuff: did you know that Microsoft Word is a network app? 32

  33. Choose how to install it ● Tor Browser Bundle: standalone Windows exe with Tor, Vidalia, Firefox, Torbutton, Polipo, e.g. for USB stick ● Vidalia bundle: Windows/OSX installer ● Tor VM: Transparent proxy for Windows ● “Net installer” via our secure updater ● Incognito Linux LiveCD 33

  34. Usability for relay operators is key. ● Rate limiting: shouldn't eat too much bandwidth ● Exit policies: not everyone is willing to emit arbitrary traffic. allow 18.0.0.0/8:* allow *:22 allow *:80 reject *:* 34

  35. 35

  36. 36

  37. The basic Tor design uses a simple centralized directory protocol. cache S1 Trusted directory Alice S2 Alice downloads consensus and Trusted directory cache descriptors from anywhere Authorities S3 publish a consensus Servers publish list of all descriptors self-signed descriptors. 37

  38. Governments and other firewalls can just block the whole Tor network. S Alice S S X Alice X S 38

  39. Alice Alice Alice Blocked Alice Alice User R3 Alice Blocked R4 Bob User Alice Alice R2 Blocked User Alice R1 Alice Blocked Alice User Alice Blocked Alice User Alice Alice 39

  40. 40

  41. Problem: Abusive users get the whole network blocked. Nice /. X Alice Tor network Jerk X wikipedia Alice X Some IRC networks Minimize scope of blocking? 41

  42. Some abuses we've seen ● Ransom note via Hotmail ● Spam via Google Groups ● IRC jerks → DDoS on Tor relay ● Somebody downloads a Vin Diesel movie ● Wikipedia, Slashdot block posts 42

  43. Tor is only a piece of the puzzle ● Assume the users aren't attacked by their hardware and software – No spyware installed, no cameras watching their screens, etc ● Assume the users can fetch a genuine copy of Tor: from a friend, via PGP signatures, etc. 43

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quick overview of various Quick overview of various logfjles, loglevels logfjles, loglevels

Quick overview of various Quick overview of various logfjles, loglevels logfjles, loglevels

Quick overview of various Quick overview of various logfjles, loglevels logfjles, loglevels Florido Paganelli, Lund University 7-9 Nov 2018, ARC Retreat Ume Consistent log confjguration Consistent log confjguration Every subsystem log

230 views • 11 slides
www.quickmountpv.com 10/13/11 1 Overview Who is Quick Mount PV? Past Mounting Systems,

www.quickmountpv.com 10/13/11 1 Overview Who is Quick Mount PV? Past Mounting Systems,

www.quickmountpv.com 10/13/11 1 Overview Who is Quick Mount PV? Past Mounting Systems, Revisited Problems in the industry Solar Roofing Best Practices The Quick Mount Goals: Code Compliance Fastest Installation &amp;

863 views • 55 slides
GraphChi(huahua) Overview The Punchline Quick Overview Novel Method Parallel

GraphChi(huahua) Overview The Punchline Quick Overview Novel Method Parallel

G RAPH C HI Patrick Short Thursday, November 13th GraphChi(huahua) Overview The Punchline Quick Overview Novel Method Parallel sliding windows Use Cases and Caveats GraphChi is in the ballpark with massive distributed systems

1.16k views • 16 slides
JAX-WS Basics JAX-WS Basics Agenda Quick overview of JAX-WS &gt; Differences from JAX-RPC

JAX-WS Basics JAX-WS Basics Agenda Quick overview of JAX-WS &gt; Differences from JAX-RPC

JAX-WS Basics JAX-WS Basics Agenda Quick overview of JAX-WS &gt; Differences from JAX-RPC JAX-WS programming Model &gt; Layered programming model &gt; Server side &gt; Client side 2 Quick Overview of JAX-WS 2.0 Simpler way to

602 views • 34 slides
CSE 291E / EE260C Spring 2002 Overview Quick review of basic architectures What is

CSE 291E / EE260C Spring 2002 Overview Quick review of basic architectures What is

Program In Chip Out CSE 291E / EE260C Spring 2002 Overview Quick review of basic architectures What is Single Issue, Super Scalar, VLIW, Overview of Systolic Arrays Overview of PICO Project DataWidth Reduction

298 views • 19 slides
Drones + Artificial Intelligence: The O&amp;G Quick Reaction Force Overview SkySkopes UAS

Drones + Artificial Intelligence: The O&amp;G Quick Reaction Force Overview SkySkopes UAS

Drones + Artificial Intelligence: The O&amp;G Quick Reaction Force Overview SkySkopes UAS Oil &amp; Gas Quick Reaction Artificial Intelligence and Machine Learning Providing Innovative Solutions to the Energy Industry with Unmanned

385 views • 20 slides
AGENDA Just a quick overview of what DRAM is, how it works, and what you should know about it

AGENDA Just a quick overview of what DRAM is, how it works, and what you should know about it

WHAT GRAPHICS PROGRAMERS NEED TO KNOW ABOUT DRAM ERIK BRUNVAND, NILADRISH CHATTERJEE, DANIEL KOPTA AGENDA Just a quick overview of what DRAM is, how it works, and what you should know about it as a programmer. A look at the circuits so

602 views • 38 slides
Tor: a quick overview (How Twitter can help) Jacob Appelbaum The Tor Project

Tor: a quick overview (How Twitter can help) Jacob Appelbaum The Tor Project

Tor: a quick overview (How Twitter can help) Jacob Appelbaum The Tor Project https://www.torproject.org/ 1 About me: Free software hacker (libmsr, blockfinder, etc) General human and other animal rights activist Founder of

679 views • 40 slides
1 First, a quick overview of the presentation: Ill describe the multimode survey that

1 First, a quick overview of the presentation: Ill describe the multimode survey that

1 First, a quick overview of the presentation: Ill describe the multimode survey that formed the base of this analysis. Ill talk about the yield that came from different types of extra effort. Ill show the effect that

209 views • 17 slides
McKinley PTA APS General Overview &amp; Quick Facts Hot Topics Meeting McK PTA

McKinley PTA APS General Overview &amp; Quick Facts Hot Topics Meeting McK PTA

9/13/17 Topics The Role of the PTA McKinley PTA APS General Overview &amp; Quick Facts Hot Topics Meeting McK PTA What is Planned for this Year/Introductions of SEPTEMBER 12 TH , 2017 Leads PTA Budget Overview and

383 views • 3 slides
Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor?

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor?

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from

910 views • 64 slides
Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor?

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor?

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) software, 2) network, 3) protocol Open source, freely available Community of researchers, developers, users, and

609 views • 43 slides
Sorting Chapter 7 1 Quick Sort One of the most popular fast sorting algorithms Quick sort

Sorting Chapter 7 1 Quick Sort One of the most popular fast sorting algorithms Quick sort

Sorting Chapter 7 1 Quick Sort One of the most popular fast sorting algorithms Quick sort overcomes the drawback of merge sort of creating an additional array Generally, quick sort is the most efficient algorithm for large arrays 2 Quick

548 views • 35 slides
Virtually Persistent Data Andrew Warfield XenSource Quick Overview Blktap driver

Virtually Persistent Data Andrew Warfield XenSource Quick Overview Blktap driver

Virtually Persistent Data Andrew Warfield XenSource Quick Overview Blktap driver overview/update Performance vs. Safety Architecture Tapdisks Block consistency and live migration Problem, current solution, future

165 views • 14 slides
BCP2 A LPHA , LLC A. COMPANY OVERVIEW (ALPHAGRAPHICS) $12.2 MM franchisor of B2B quick

BCP2 A LPHA , LLC A. COMPANY OVERVIEW (ALPHAGRAPHICS) $12.2 MM franchisor of B2B quick

BCP2 A LPHA , LLC A. COMPANY OVERVIEW (ALPHAGRAPHICS) $12.2 MM franchisor of B2B quick printing locations specializing in the planning, production and management of document and marketing solutions for businesses of all sizes Company

288 views • 5 slides
Tor, a quick overview Linus Nordberg &lt;linus@torproject.org&gt; The Tor Project

Tor, a quick overview Linus Nordberg &lt;linus@torproject.org&gt; The Tor Project

Tor, a quick overview Linus Nordberg &lt;linus@torproject.org&gt; The Tor Project https://torproject.org/ 1 What is Tor Online anonymity: 1. software, 2. network, 3. protocol Open source, freely available Community of researchers,

540 views • 37 slides
Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds

Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds

Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds An entity has to change its target An entity has to change its target Partition the world into regions Partition the world into regions

72 views • 4 slides
Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices flowing, and help give a broad overview of Drupal jargon, Drupal Architecture &amp; the Drupal Community... May 21st, 2010 - SNHU, Manchester, NH

1.12k views • 52 slides
Overview of UA Ongoing Cybersecurity Projects The image cannot be displayed. Your computer may

Overview of UA Ongoing Cybersecurity Projects The image cannot be displayed. Your computer may

Overview of UA Ongoing Cybersecurity Projects The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x

886 views • 65 slides
Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ April 12, CFP 2005 Talk Outline Motivation: Why anonymous communication? Myth 1: This is only for privacy

488 views • 33 slides
Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM

Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM

Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM Name-Oriented Mobility (NOM) Workshop April 28, 2014 I. Psaras, L. Saino, M.

186 views • 14 slides
Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are

Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are

Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are they? An application that deals with one of more of the following data types: Text Images Audio Video Most common scenario

742 views • 62 slides
Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

1.56k views • 104 slides
IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF

IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF

IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF 99)! Crypto Forum (CFRG) Proposed PANRG Global Access to the Internet for All Network Coding Research Group (GAIA) (NWCRG) Human

506 views • 29 slides

More recommend