tor finding the hidden shallots
play

Tor: Finding the Hidden Shallots Jo ao Marques University of - PowerPoint PPT Presentation

Nov 02, 2022 •166 likes •665 views

Tor: Finding the Hidden Shallots Jo ao Marques University of Amsterdam joao.marques@os3.nl July 5, 2018 Jo ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 1 / 24 Overview Introduction 1 Project Idea and Motivation

  1. Tor: Finding the Hidden Shallots Jo˜ ao Marques University of Amsterdam joao.marques@os3.nl July 5, 2018 Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 1 / 24

  2. Overview Introduction 1 Project Idea and Motivation Previous Research Research Question Theoretical Background 2 The Onion Routing Network Hidden Services Project 3 Method Findings Conclusion 4 Discussion Future work Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 2 / 24

  3. Why this project? Hidden Services importance (for the service provider ): Anonymity Freedom Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 3 / 24

  4. Why this project? Hidden Services importance (for the service provider ): Anonymity Freedom Consequences of above values: legitimate - Uncensored news website/blog - important to secure illegitimate - C&C Servers / Uncontrolled markets - Extract intel / monitor Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 3 / 24

  5. Previous Research In 2013 a paper by Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann was published, titled: Trawling for tor hidden services: Detection, measurement, deanonymization They were very successful and gave recommendations to stop the acquisition of Hidden services, and targeted attacks Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 4 / 24

  6. Previous Research In 2013 a paper by Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann was published, titled: Trawling for tor hidden services: Detection, measurement, deanonymization They were very successful and gave recommendations to stop the acquisition of Hidden services, and targeted attacks Despite the work done: No extraction method No tools Requires verification for changes Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 4 / 24

  7. Research Question How feasible is the acquisition of hidden service links (onion links)? Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 5 / 24

  8. Research Question How feasible is the acquisition of hidden service links (onion links)? What is the state of the current specification? How are protection mechanisms used/applied? What protocols are still used in the wild? Are these protocols safe? How can we extract from unsafe ones? Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 5 / 24

  9. Tor Network What is the The Onion Rounting (Tor) Network? Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 6 / 24

  10. Tor Network The tor network is an Overlay Network that aims to provide the user with: Privacy Anonymity Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 6 / 24

  11. Tor Network The tor network is an Overlay Network that aims to provide the user with: Privacy Anonymity Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 6 / 24

  12. Tor: How does it work? For the Tor network to work it makes use of 3 types of relays/nodes: Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 7 / 24

  13. Tor: How does it work? For the Tor network to work it makes use of 3 types of relays/nodes: Guard Node - First node of the circuit created by the client and where traffic enters the Tor Network Middle Node Exit Node Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 7 / 24

  14. Tor: How does it work? For the Tor network to work it makes use of 3 types of relays/nodes: Guard Node Middle Node - Second node of the circuit, it relays the traffic between the guard node and the exit node Exit Node Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 7 / 24

  15. Tor: How does it work? For the Tor network to work it makes use of 3 types of relays/nodes: Guard Node Middle Node Exit Node - Third and last Node of the circuit, where the traffic gets unencrypted and sent to the destination Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 7 / 24

  16. Tor: How does it work? Figure: Tor browser requests page to proxy Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 8 / 24

  17. Tor: How does it work? Figure: Tor proxy negotiates encryption layer with each node Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 8 / 24

  18. Tor: How does it work? Figure: Exit node communicates on the user’s behalf Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 8 / 24

  19. Tor: How does it work? Figure: Data gets relayed back to the client Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 8 / 24

  20. How does it work? This provides anonymity to the client... but what about the server ? Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 9 / 24

  21. HS: How does it work? Distributed Hash Table (DHT): Group of servers Each server holds a list of descriptors Descriptors contain information on how to contact the service Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 10 / 24

  22. HS: How does it work? The publishing of the Hidden Service Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 11 / 24

  23. HS: How does it work? Figure: Server selection of Introduction Points Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 12 / 24

  24. HS: How does it work? Figure: Server publishing descriptor to DHT Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 12 / 24

  25. Client connection to hidden service Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 13 / 24

  26. Figure: From browser request to receiving the descriptor from the DHT Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 14 / 24

  27. Figure: Rendezvous Point selection and contacting the Hidden Service Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 14 / 24

  28. Figure: Server connection to RP and bridging of both circuits Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 14 / 24

  29. HS: The protocol specified Protocol received several changes through out the project lifetime. The protocol versions are: V0 V2 (0.2.0.10-alpha+) V3 (0.3.0.8) Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 15 / 24

  30. HS: The protocol specified Protocol received several changes through out the project lifetime. The protocol versions are: V0 First version No encryption Requests made to HSDir directly with onion link (Supposed to be Hidden!! ) Deprecated in 0.2.2.1-alpha...no more V0 legacy ;-) V2 (0.2.0.10-alpha+) V3 (0.3.0.8) Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 15 / 24

  31. HS: The protocol specified Protocol received several changes through out the project lifetime. The protocol versions are: V0 V2 (0.2.0.10-alpha+) Second version Encrypted Introduction points, but link still encoded in the clear text part 16 characters link - yyhws9optuwiwsns.onion V3 (0.3.0.8) Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 15 / 24

  32. HS: The protocol specified Protocol received several changes through out the project lifetime. The protocol versions are: V0 V2 (0.2.0.10-alpha+) V3 (0.3.0.8) Current version Clear text metadata for identification of descriptor Rest encrypted using a derivation of the onion link 56 characters link - l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 15 / 24

  33. HS: The protocol specified Figure: Differences between V2 and V3 descriptor Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 16 / 24

  34. Method Several routes to acquire the onion links: Scrapping Bruteforcing Sniffing Dumping Memory from the HSDir Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 17 / 24

  35. Method Several routes to acquire the onion links: Scrapping Time consuming Only links that have been shared in public domain Bruteforcing Sniffing Dumping Memory from the HSDir Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 17 / 24

  36. Method Several routes to acquire the onion links: Scrapping Bruteforcing Infeasible - V3 Time - V2 Sniffing Dumping Memory from the HSDir Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 17 / 24

  37. Method Several routes to acquire the onion links: Scrapping Bruteforcing Sniffing Impossible Dumping Memory from the HSDir Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 17 / 24

  38. Method Several routes to acquire the onion links: Scrapping Bruteforcing Sniffing Dumping Memory from the HSDir Requires HSDir (flag acquired 4 days from last down (Requires Stable flag which takes 5 days)) Impossible - V3 Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 17 / 24

  39. Memory Dumps Dumping Memory - Very fruitful, V2 descriptors successfully extracted and decoded to acquire the onion link Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 18 / 24

  40. Memory Dumps Dumping Memory - Very fruitful, V2 descriptors successfully extracted and decoded to acquire the onion link Created a proof of concept program for automating hourly memory dumps of multiple Tor proxys Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 18 / 24

  41. Memory Dumps Figure: Process flow diagram of the link extraction PoC Jo˜ ao Marques (UvA) Finding the Hidden Shallots July 5, 2018 18 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Finding Hidden Assets for Re0rement PANELISTS MODERATOR Jon

Finding Hidden Assets for Re0rement PANELISTS MODERATOR Jon

Finding Hidden Assets for Re0rement PANELISTS MODERATOR Jon Sabes Jason Plucinak CEO Director of Na2onal Sales GWG Life GWG Holdings,

289 views • 10 slides
The Zen Shakuhachi Truth Research Project, Denmark Finding and unveiling the hidden, ignored,

The Zen Shakuhachi Truth Research Project, Denmark Finding and unveiling the hidden, ignored,

The Zen Shakuhachi Truth Research Project, Denmark Finding and unveiling the hidden, ignored, secret, fabricated or falsified texts and pictures ... What to do with them - How to present and share them? A presentation by Torsten Olafsson,

58 views • 3 slides
Finding Hidden Supernovae with Finding Hidden Supernovae with Finding Hidden Supernovae with

Finding Hidden Supernovae with Finding Hidden Supernovae with Finding Hidden Supernovae with

Finding Hidden Supernovae with Finding Hidden Supernovae with Finding Hidden Supernovae with Finding Hidden Supernovae with Laser Guide Star Adaptive Optics Laser Guide Star Adaptive Optics Laser Guide Star Adaptive Optics Laser Guide Star

521 views • 17 slides
Finding the Hidden Bequests in Your Database presented by Jonathan Wright, Wright Approach

Finding the Hidden Bequests in Your Database presented by Jonathan Wright, Wright Approach

Finding the Hidden Bequests in Your Database presented by Jonathan Wright, Wright Approach Marketing Paul Evans, Gifts in Wills Manager, World Vision Australia November 2018 96-Year-Old Secretary Quietly Amasses Fortune, Then Donates $8.2

377 views • 27 slides
Perspectives on Book Value: Finding Hidden Value on the Balance Sheet October 2012 Disclosures

Perspectives on Book Value: Finding Hidden Value on the Balance Sheet October 2012 Disclosures

Perspectives on Book Value: Finding Hidden Value on the Balance Sheet October 2012 Disclosures This document is confidential and intended solely for the addressee and may not be published or distributed without the express written consent of

804 views • 69 slides
Hidden Markov Models and Applications Fall 2019 Oct 1,3, 2019 Gene finding in prokaryotes

Hidden Markov Models and Applications Fall 2019 Oct 1,3, 2019 Gene finding in prokaryotes

Hidden Markov Models and Applications Fall 2019 Oct 1,3, 2019 Gene finding in prokaryotes Reading frames A protein is coded by groups of three nucleotides (codons): ACGTACGTACGTACGT ACG-TAC-GTA-CGT-ACG-T TYVRT

1.02k views • 87 slides
A C Standard model has 1-1 correspondence between symbols and states, P(A | T) thus P ( x i

A C Standard model has 1-1 correspondence between symbols and states, P(A | T) thus P ( x i

Outline Markov chains CSCE 471/871 Lecture 3: Markov Chains and Hidden Markov Models Hidden Markov models (HMMs) Formal definition Finding most probable state path (Viterbi algorithm) Stephen D. Scott Forward and backward

640 views • 5 slides
Hidden Markov Models Selecting the initial model parameters Using HMMs for (simpel) gene finding

Hidden Markov Models Selecting the initial model parameters Using HMMs for (simpel) gene finding

Hidden Markov Models Selecting the initial model parameters Using HMMs for (simpel) gene finding HMMs as a generative model A HMM generates a sequence of observables by moving from latent state to latent state according to the transition

450 views • 32 slides
Finding your way in a graph Finding your way in a graph Finding your way in a graph Finding your

Finding your way in a graph Finding your way in a graph Finding your way in a graph Finding your

Finding your way in a graph Finding your way in a graph Finding your way in a graph Finding your way in a graph = station One loop = junction A system of interconnected loops L L What is the best way to go from L to ? L L L 1 ? L

2.13k views • 166 slides
Applications Integrated circuit design: Computer graphics (hidden line removal):

Applications Integrated circuit design: Computer graphics (hidden line removal):

G EOMETRIC I NTERSECTION Determining if there are intersections between graphical objects Finding all intersecting pairs Geometric Intersection 1 Applications Integrated circuit design: Computer graphics (hidden line

194 views • 15 slides
Natural Language Processing Lecture 9: Hidden Markov Models Finding POS Tags Bill directed

Natural Language Processing Lecture 9: Hidden Markov Models Finding POS Tags Bill directed

Natural Language Processing Lecture 9: Hidden Markov Models Finding POS Tags Bill directed plays about English kings Running Example Bill directed plays about English kings PropN Verb PlN Prep Adj Adj Verb PlN Verb Adv

682 views • 26 slides
Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$ Cant$hear$each$other$(to$coordinate)$yet$collide$at$B$ We$want$to$avoid$the$inefficiency$of$collisions $ CSE$461$University$of$Washington$ 53$

463 views • 31 slides
Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a statistical Markov model in which the system being modeled is assumed to be a Markov process with unobserved (hidden) states. We call the observed event

741 views • 13 slides
STATUS COUNT FINDING APPROVED 5 FINDING CONDITIONAL 16 FINDING DENIED 11

STATUS COUNT FINDING APPROVED 5 FINDING CONDITIONAL 16 FINDING DENIED 11

STATUS COUNT FINDING APPROVED 5 FINDING CONDITIONAL 16 FINDING DENIED 11 LICENSED 148 PENDING 27 WITHDRAWN 32 TOTAL 239 ADUs reviewed as Special Exceptions Pre 2013 ZTA 12-11 Allows ADUs as

741 views • 14 slides
Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients

Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients

Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients Input f But, it is not always on Hidden s f Introducing gates: Input f Allow or disallow input Hidden Allow or

641 views • 28 slides
LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY

LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY

LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY RNNs/LSTMs? Can we operate over sequences of inputs? Limitations of vanilla Neural Networks z t Output Outputs a fixed size vector. B Hidden

737 views • 32 slides
http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion

http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion

http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion 3wcwjjnuvjyazeza.onion 3wcwjjnu vjyazeza 3wcwjjnuvjyazeza.onion 3wcwjjnu vjyazeza 3wcwjjnuvjyazeza.onion 3wcwjjnu

457 views • 34 slides
Censors Delay in Blocking Circumvention Proxies David Fifield & Lynn Tsai University of

Censors Delay in Blocking Circumvention Proxies David Fifield & Lynn Tsai University of

Censors Delay in Blocking Circumvention Proxies David Fifield & Lynn Tsai University of California, Berkeley Tor (The Onion Router) Anonymous network Poorly suited for censorship circumvention Including bridges + pluggable transports

577 views • 21 slides
Zope server & Python Zope Quick Start Zope Management Interface document management to

Zope server & Python Zope Quick Start Zope Management Interface document management to

Zope server & Python Zope Quick Start Zope Management Interface document management to insert resources (images, files, etc.) action history for the manager role printing (document structure, versions, teacher's to check spelling, and

286 views • 26 slides
Presentation of SoCloz The local product search engine specialized on stores 1 Agenda

Presentation of SoCloz The local product search engine specialized on stores 1 Agenda

- Strictly confidential / Code 1131 - Presentation of SoCloz The local product search engine specialized on stores 1 Agenda Introduction to the ROPO market - Strictly confidential / Code 1131 SoCloz mission - SoCloz so far

1.2k views • 49 slides
The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in

The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in

The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in Finse, May 2019 2 Tor: The Second-Generation Onion Router Dingledine, Mathewson, Syverson (Usenix04) What is Tor Tor is a tool to advance

1.01k views • 88 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Tor: The Onion Router 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router

Tor: The Onion Router 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router

Tor: The Onion Router 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13

376 views • 15 slides
AWS OVERVIEW JACQUELINE CLEMENTS PERSONNEL RECOVERY UNIT SOCIAL WORKER O F F I C I A L O F F I

AWS OVERVIEW JACQUELINE CLEMENTS PERSONNEL RECOVERY UNIT SOCIAL WORKER O F F I C I A L O F F I

O F F I C I A L AWS OVERVIEW JACQUELINE CLEMENTS PERSONNEL RECOVERY UNIT SOCIAL WORKER O F F I C I A L O F F I C I A L ESSEX ADULT SAFEGUARDING BOARD AWS MISSION To provide a comprehensive , professional and confidential welfare support

372 views • 15 slides

More recommend