tor hidden services
play

Tor Hidden Services Privacy Enhancing Technologies Philipp Winter - PowerPoint PPT Presentation

Dec 28, 2023 •12 likes •412 views

Tor Hidden Services Privacy Enhancing Technologies Philipp Winter 4096R/2D081E16 June 8, 2012 Introduction to Tor What is it? Tor is a low-latency anonymity network (as opposed to high-latency networks, such as mix networks) consisting of

  1. Tor Hidden Services Privacy Enhancing Technologies Philipp Winter 4096R/2D081E16 June 8, 2012

  2. Introduction to Tor

  3. What is it? ◮ Tor is a low-latency anonymity network (as opposed to high-latency networks, such as mix networks) consisting of thousands of relays ◮ The most widely used and deployed anonymity network ◮ Client bundles available for Linux, Windows, Mac and Android

  4. How Does it Work? ◮ Tor implements 3rd (sometimes called 2nd) generation onion routing ◮ Clients build circuits consisting of relays and route TCP streams through them ◮ Relays are listed in consensus which is published by directory authorities ◮ Directory authorities and their keys are hard-coded into the Tor binaries

  5. What Does an Attacker See? https://www.eff.org/pages/tor-and-https

  6. Facts As of June 2012, approximately... ◮ 450.000 daily users ◮ 3000 relays contributed by volunteers ◮ 1000 bridges also contributed by volunteers ◮ Rough statistics available at: https://metrics.torproject.org

  7. Try it! ◮ All that is needed: Tor Browser Bundle ◮ Zero-install, zero-configuration Tor bundle ◮ Contains Firefox without all the privacy assaults ◮ Vidalia, the GUI, allows the configuration of hidden services and a bridge

  8. Hidden Services

  9. In a Nutshell ◮ Tor’s purpose is to provide sender anonymity ◮ Hidden services add responder anonymity ◮ That way, we can run a TCP service without revealing our IP address! ◮ Therefore: Anonymous clients can communicate with anonymous servers! ◮ In addition: DoS and censorship protection

  10. How it is Used in Practice ◮ Whistleblowing websites need censorship resistance against mad governments ◮ Activist sites need to stay anonymous to resist against data center raids ◮ Resistance against social graph analysis (possible with data retention)

  11. Hidden Services by Example: Bob ◮ Bob is a journalist who wants to publish sensitive information ◮ He wants to publish his articles anonymously and without getting censored ◮ So Bob decides to set up a hidden service (HS) in the Tor network ◮ There are 6 steps ranging from announcing the HS to using it

  12. Step 0: Installation and Configuration ◮ Before Bob starts using Tor, he has to install the service ◮ So Bob sets up his own lighttpd web server which is not accessible over the Internet ◮ Also, Bob downloads the Tor binary and configures the hidden service

  13. Step 1: Announcing Existance ◮ Bob’s HS needs to advertise its existance in the Tor network ◮ The HS randomly picks relays , so called introduction points , in the network and establishes circuits to them ◮ Then, the HS asks these relays to act as introduction points by giving them its public key

  14. Step 1: Announcing Existance

  15. Step 2: Upload of Hidden Service Descriptor ◮ Now, a hidden service descriptor must be built ◮ The descriptor maps the name of a HS to its reachability information ◮ It is uploaded to the directory servers ◮ Clients reach the HS by accessing KEY.onion where KEY (i.e. the name) is derived from the HSes public key ◮ Now, the HS is set up and ready to receive connections! descriptor �→ ( PK hs , IP 1 , IP 2 , ..., IP n ) Sig PKhs

  16. Sample Onion Addresses ◮ http://idnxcnkne4qt76tg.onion/ — The Tor Project web site ◮ http://xqz3u5drneuzhaeo.onion/ — InspecTor ◮ http://eqt5g4fuenphqinx.onion/ — core.onion ◮ http://ci3hn2uzjw2wby3z.onion/ — Anonymous posting board

  17. Step 2: Upload of Hidden Service Descriptor

  18. Step 3: Alice Prepares a Connection ◮ Alice now wants to connect to Bob’s HS to read his articles ◮ Alice somehow learns about the onion address ynjeqmhe5j5tnzph.onion ◮ Alice’s client downloads the descriptor from the directory authorities ◮ That way she obtained the public key and the introductory points ! ◮ Finally, Alice randomly picks a rendezvous point and sends a one-time secret to it

  19. Step 3: Alice Prepares a Connection

  20. Step 4: Alice Informs the Hidden Service ◮ Now Alice’s client prepares an introduce message encrypted with the HSes public key ◮ The message contains the address of the rendezvous point and a one-time secret ◮ Alice sends this message to one of the HSes introductory points and they forward it to the HS ◮ Alice does all this over a Tor circuit so she remains anonymous

  21. Step 4: Alice Informs the Hidden Service

  22. Step 5: The Hidden Service Prepares a Connection ◮ The HS decrypts Alice’s introduce message and obtains the rendezvous point’s address as well as the one-time secret ◮ The HS creates a circuit to the rendezvous point and sends the secret to it

  23. Step 5: The Hidden Service Prepares a Connection

  24. Step 6: The Connection is Established ◮ Finally, the rendezvous point notifies Alice of the successful connection ◮ The rendezvous point now simply forwards data between Alice and the HS

  25. Step 6: The Connection is Established

  26. Why Rendezvous Points? ◮ Rendezvous points only forward connection information and no actual traffic ◮ So they don’t seem to be “responsible” for a hidden service ◮ Also, the traffic load could become too high if they would also forward traffic

  27. What the Involved Parties Know The Client... ◮ Does not know the location of the HS ◮ Knows the location of the rendezvous point The rendezvous point... ◮ Does not know the location of both, the HS and the client ◮ Knows nothing about the nature of the HS or the data being transfered The hidden service... ◮ Does not know the location of the client ◮ Knows the location of the rendezvous point

  28. Accessing Hidden Services Without Tor ◮ The Tor2Web project provides access over the plain web ◮ To access Bob’s articles, Alice can invoke ynjeqmhe5j5tnzph.tor2web.org ◮ Note that the sender anonymity is not the same as when accessed over Tor! ◮ Tor2Web trades off security for convenience

  29. A More Practical Point of View How Bob operates his HS... ◮ Bob runs lighttpd which is listening to localhost:80 and is hence unreachable to the wide Internet ◮ lighttpd is not aware of the fact that it is used as hidden service! ◮ The Tor process running on the same machine is accepting connections to the HS and forwards them to localhost:80 ◮ The client application can also be unaware of Tor if it is used together with torsocks (e.g. torsocks ssh u73zzkakuscok7zq.onion ) ◮ So client and server could be communicating completely anonymous over Tor without even knowing

  30. Attacks on Hidden Services

  31. First Attack: Øverlier & Syverson ◮ In 2006, Øverlier and Syverson demonstrated how the location (i.e. IP address) of a HS can be revealed ◮ Attacker only needed a Tor client and a relay (trivial requirements) and the attack could work within minutes ◮ Core vulnerability : HS chose relays for its circuit at random ◮ Goal of attacker : Get chosen by HS as the first hop in the circuit

  32. Øverlier & Syverson: How it Works in Practice ◮ Eve uses her Tor client to connect to the HS and she also runs a relay ◮ Eve continuously establishes connections to the HS and checks every time whether her relay was selected as first hop in the circuit HS → RP ◮ As soon as her relay was chosen by the HS as first hop, she has the IP address! ◮ She can confirm whether her relay was selected by doing traffic pattern analysis using statistics ◮ Solution : Guard nodes for HSes

  33. Øverlier & Syverson: Visualized

  34. Second Attack: Murdoch First we have to know... ◮ Computing devices have a so called clock skew , the ratio between the computer’s actual and the nominal clock frequency ◮ So after x days, a computer’s clock drifted off by y milliseconds ◮ Clock skew is a very small value but can even be measured over a network ◮ Computer’s (even identical models) have different clock skews because the manufactoring process is not perfectly accurate → the clock skew can be seen as a hardware fingerprint

  35. Second Attack: Murdoch Clock skew and CPU load... ◮ Clock skew changes with temperature of the CPU (differences in 1–1.5 ◦ C are already measurable) ◮ The CPU’s temperature can be influenced by controlling the load ◮ High load can be induced remotely by making the HS busy (e.g. fetching many websites)

  36. Murdoch: How it Works in Practice ◮ Eve suspects several IP addresses to be the HS she wants to deanonymize ◮ She sends alternating traffic bursts through Tor to the HS and measures the clock skew of the suspected IPs (directly and not over Tor) ◮ Using correlation techniques , she can identify the HS if the IP addresses was in the set of suspects

  37. Murdoch: Visualized

  38. Conclusions

  39. What You Should Keep in Mind ◮ HSes provide responder anonymity as well as DoS and censorship protection ◮ HSes can (and should) be accessed over Tor but they are also accessible over the web ◮ HSes are fairly flexible and do not require modifications of the underlying service (e.g. apache or sshd)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Comprehensive Structure and Privacy Analysis of Tor Hidden Services Iskander Sanchez-Rola,

A Comprehensive Structure and Privacy Analysis of Tor Hidden Services Iskander Sanchez-Rola,

The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services Iskander Sanchez-Rola, Davide Balzarotti, Igor Santos Tor Hidden Services Provides anonymity through the onion routing protocol Tor

958 views • 23 slides
Scott Hidden, P.E. Support Services Supervisor Geotechnical Engineering Unit (GEU) o It is a

Scott Hidden, P.E. Support Services Supervisor Geotechnical Engineering Unit (GEU) o It is a

Scott Hidden, P.E. Support Services Supervisor Geotechnical Engineering Unit (GEU) o It is a standard maintained by the Technical Support Group of the GEU Support Services Section o Standard provisions and drawings are effective with some

366 views • 14 slides
Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$ Cant$hear$each$other$(to$coordinate)$yet$collide$at$B$ We$want$to$avoid$the$inefficiency$of$collisions $ CSE$461$University$of$Washington$ 53$

463 views • 31 slides
Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a statistical Markov model in which the system being modeled is assumed to be a Markov process with unobserved (hidden) states. We call the observed event

741 views • 13 slides
Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients

Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients

Another view Hidden Input CEC is constant error Hidden carrousel No vanishing gradients Input f But, it is not always on Hidden s f Introducing gates: Input f Allow or disallow input Hidden Allow or

641 views • 28 slides
LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY

LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY

LSTMs Overview Subhashini Venugopalan Neural Networks z t Output B Hidden Hidden Input WHY RNNs/LSTMs? Can we operate over sequences of inputs? Limitations of vanilla Neural Networks z t Output Outputs a fixed size vector. B Hidden

737 views • 32 slides
The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a

The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a

The Hidden City The Hidden City Decay: To be slowly destroyed by natural processes and enter a state of ruin. Starting off.. St Fagans Llandaff Cathedral Laura Edgar www.lauraedgar.co.uk A little bit of history.. First ever Bute Docks,

661 views • 20 slides
Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in

Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in

Topics covered: HIdden Surface Removal Shading Hidden Surface Removal usually implemented in two ways binary space partitioning (BSP) tree algorithm SIGGRAPH 1980 paper by Henry Fuchs (now at UNC) zbuffering Ed Catmull SIGGRAPh 1978 (now at

597 views • 15 slides
Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays

Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays

Hidden Semantics: why? how? and what to do? Mike Bond, Cryptomathic Ltd. George French, Barclays Bank Plc. ASA-4 Edinburgh 2010 Crypomathic Logo Here Hidden Semantics: Why Why worry about it: Hidden semantics is important to the API analysis

647 views • 33 slides
Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU

Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU

Introduction Nondeterministic Hidden Logic Nondeterministic Hidden Logic with Sharing Conclusion Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU University Amsterdam CMCS 2012, Tallinn 1 / 14

548 views • 30 slides
X Marks the Spot: Hidden Opportunities & Challenges with Unusual Floorplans Frances Maestre

X Marks the Spot: Hidden Opportunities & Challenges with Unusual Floorplans Frances Maestre

X Marks the Spot: Hidden Opportunities & Challenges with Unusual Floorplans Frances Maestre Vice President of Sales Shepard Exposition Services fmaestre@shepardes.com 407.509.4092 Page 1 Why are you sitting in this class? Looking

225 views • 19 slides
Hidden Tax Strategies For Savvy Business Owners June 28, 2016 The webinar will begin at 1:30

Hidden Tax Strategies For Savvy Business Owners June 28, 2016 The webinar will begin at 1:30

Hidden Tax Strategies For Savvy Business Owners June 28, 2016 The webinar will begin at 1:30 p.m. CT Adam Manlove Bruce Stubbs, JD, LLM Manager, Tax Services Vice President AGH Specialized Tax Solutions Administration If you need CPE credit,

975 views • 70 slides
LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low

LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low

Introduction To and From the Hidden Valley Hidden Sector Parameter Scan Five Sample Points Conclusions LHC Signatures of a Minimal Supersymmetric Hidden Valley arXiv:1112.2705 Yuk Fung Chan 1 Matt Low 2 David Morrissey 3 Andrew Spray 3 1

757 views • 50 slides
MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden

MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden

MODERN PARABLES Part 1: Hidden Treasure 09.26.10 Caleb reads Matthew 13:44 NIV Movie: Hidden Treasure [12:37] Introduction: For the next six weeks we re going to examine six different parables of Jesus. I hope this will be an exciting time of

247 views • 3 slides
1 X 1 X 2 X 3 Ghostbusters HMM Chain Rule and HMMs E 1 E 2 E 3 P(X 1 ) = uniform 1/9 1/9

1 X 1 X 2 X 3 Ghostbusters HMM Chain Rule and HMMs E 1 E 2 E 3 P(X 1 ) = uniform 1/9 1/9

Hidden Markov Models 1 Hidden Markov Models Markov chains not so useful for most agents Need observations to update your beliefs Hidden Markov models (HMMs) Underlying Markov chain over states X You observe outputs (effects) at

617 views • 7 slides
ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka

ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka

ResNet with one-neuron hidden layers is universal approximator Hongzhou Lin, Stefanie Jegelka Poster #28 In the 90s: Universal approximation theorem Output Hidden Layer Input . . . 1 hidden layer, width go to infinity universal

472 views • 9 slides
MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework Thang Hoang , Jorge

MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework Thang Hoang , Jorge

NDSS Symposium 2020 MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework Thang Hoang , Jorge Guajardo , Attila A. Yavuz CSE, University of South Florida hoangm@mail.usf.edu, attilaayavuz@usf.edu Robert Bosch

517 views • 23 slides
UNIONS OF ONIONS Maarten L offler Wolfgang Mulzer Universiteit Utrecht Freie Universit at

UNIONS OF ONIONS Maarten L offler Wolfgang Mulzer Universiteit Utrecht Freie Universit at

UNIONS OF ONIONS Maarten L offler Wolfgang Mulzer Universiteit Utrecht Freie Universit at Berlin 1 CHAPTER I THE PROBLEM 2 PREPROCESSING PARADIGM 3 PREPROCESSING PARADIGM Once upon a time, we were given R . 3 PREPROCESSING

1.49k views • 118 slides
Theory and Design of Low-latency Anonymity Systems (Lecture 3) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 3) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 3) Paul Syverson U.S. Naval Research Laboratory syverson@itd.nrl.navy.mil http://www.syverson.org 1 Reminders Paul, dont trail off in volume when speaking. Attendees, if Paul

1.43k views • 115 slides
T h e T o r P r o j e c t Our mission is to advance human rights and freedoms by

T h e T o r P r o j e c t Our mission is to advance human rights and freedoms by

T h e T o r P r o j e c t Our mission is to advance human rights and freedoms by creating and deploying free and open privacy and anonymity technologies, supporting their unrestricted availability and use, and furthering their

813 views • 55 slides
guard sets for onion routing Jamie Hayes - joint work with George Danezis University College

guard sets for onion routing Jamie Hayes - joint work with George Danezis University College

guard sets for onion routing Jamie Hayes - joint work with George Danezis University College London j.hayes@cs.ucl.ac.uk why does tor exist? Encryption conceals the data - not the metadata. Tor attempts to hide this metadata by

682 views • 36 slides
Profit in Project Management: Clear Communication, Clear Scope, Clear Profits Presented by James

Profit in Project Management: Clear Communication, Clear Scope, Clear Profits Presented by James

Profit in Project Management: Clear Communication, Clear Scope, Clear Profits Presented by James Smith 2 Presenter: James Smith Academic Experience: BA in Economics University of South Alabama MA in Financial-Economics and MBA in

848 views • 32 slides
DISSENT: Accountable, Anonymous Communication Joan Feigenbaum

DISSENT: Accountable, Anonymous Communication Joan Feigenbaum

DISSENT: Accountable, Anonymous Communication Joan Feigenbaum http://www.cs.yale.edu/homes/jf/ Joint work with Bryan Ford (PI), Henry Corrigan Gibbs, Ramakrishna Gummadi, Aaron

802 views • 59 slides
Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher

Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher

Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher at Trend Micro http://www.madlab.it @embyte * With the cooperation of Mayra Rosario and Vincenzo Ciancaglini The Dark Ecosystem Dark Nets TOR

966 views • 39 slides

More recommend