tor
play

Tor: Anonymous Communications for the Dept of Defense...and you. - PowerPoint PPT Presentation

Nov 08, 2023 •153 likes •488 views

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ April 12, CFP 2005 Talk Outline Motivation: Why anonymous communication? Myth 1: This is only for privacy

  1. Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ April 12, CFP 2005

  2. Talk Outline  Motivation: Why anonymous communication? − Myth 1: This is only for privacy nuts. − Myth 2: This stuff enables criminals.  Tor design overview  Hidden servers and rendezvous points  Policy issues raised  Open technical issues and hard problems

  3. Public Networks are Vulnerable to Traffic Analysis  In a Public Network (Internet):  Packet (message) headers identify recipients  Packet routes can be tracked Public Network Responder Initiator Encryption does not hide routing information.

  4. Who Needs Anonymity?  Journalists, Political Dissidents, Whistleblowers  Censorship resistant publishers/readers  Socially sensitive communicants: − Chat rooms and web forums for abuse survivors, people with illnesses  Law Enforcement: − Anonymous tips or crime reporting − Surveillance and honeypots (sting operations)  Corporations: − Hiding collaborations of sensitive business units or partners − Hiding procurement suppliers or patterns − Competitive analysis

  5. Who Needs Anonymity?  You: − Where are you sending email (who is emailing you) − What web sites are you browsing − Where do you work, where are you from − What do you buy, what kind of physicians do you visit, what books do you read, ...

  6. Who Needs Anonymity?  Government

  7. Government Needs Anonymity? Yes, for...  Open source intelligence gathering − Hiding individual analysts is not enough − That a query was from a govt. source may be sensitive  Defense in depth on open and classified networks − Networks with only cleared users (but a million of them)  Dynamic and semitrusted international coalitions − Network can be shared without revealing existence or amount of communication between all parties

  8. Anonymity Loves Company  You can't be anonymous by yourself − Can have confidentiality by yourself  A network that protects only DoD network users won't hide that connections from that network are from Defense Dept.  You must carry traffic for others to protect yourself  But those others don't want to trust their traffic to just one entity either. Network needs distributed trust .  Security depends on diversity and dispersal of network.

  9. Who Needs Anonymity?  And yes criminals

  10. Who Needs Anonymity?  And yes criminals But they already have it. We need to protect everyone else.

  11. Anonymous From Whom? Adversary Model Recipient of your message  Sender of your message  => Need Channel and Data Anonymity Observer of network from outside  Network Infrastructure (Insider)  => Need Channel Anonymity Note: Anonymous authenticated communication makes  perfect sense Communicant identification should be inside the basic  channel, not a property of the channel

  12. Focus of Tor is anonymity of the communication pipe, not what goes through it

  13. Basic Anonymizing Proxy anonymizing proxy anonymizing proxy • Channels appear to come from proxy, not true originator • Appropriate for Web connections, etc.: SSL, TLS, SSH (lower cost symmetric encryption) • Example: The Anonymizer • Advantages: Simple, Focuses lots of traffic for more(?) anonymity • Main Disadvantage: Single point of failure, compromise, attack

  14. Onion Routing Traffic Analysis Resistant Infrastructure  Main Idea: Combine Advantages of mixes and proxies  Use (expensive) public-key crypto to establish circuits  Use (cheaper) symmetric-key crypto to move data − Like SSL/TLS based proxies  Distributed trust like mixes  Related Work (some implemented, some just designs): − ISDN Mixes − Crowds, JAP Webmixes, Freedom Network − Tarzan, Morphmix

  15. Tor

  16. Tor The Onion Routing

  17. Tor Tor's Onion Routing

  18. Numbers and Performance  Running since October 2003 • 100+ nodes on four continents (North America, Europe, Asia, Australia) • Ten thousand+ (?) users • Nodes process 1-90 GB / day application cells • Network has never been down

  19. Tor Circuit Setup • Client Proxy establishes session key + circuit w/ Onion Router 1 Onion Router 1 Client Initiator

  20. Tor Circuit Setup • Client Proxy establishes session key + circuit w/ Onion Router 1 Onion Router 1 • Proxy tunnels through that circuit to extend to Onion Router 2 Onion Router 2 Client Initiator

  21. Tor Circuit Setup • Client Proxy establishes session key + circuit w/ Onion Router 1 Onion Router 1 • Proxy tunnels through that circuit to extend to Onion Router 2 Onion Router 2 • Etc Client Initiator

  22. Tor Circuit Usage • Client Proxy establishes session key + circuit w/ Onion Router 1 Onion Router 1 • Proxy tunnels through that circuit to extend to Onion Router 2 Onion Router 2 • Etc • Client applications connect and communicate over Tor circuit Client Initiator

  23. Tor Circuit Usage • Client Proxy establishes session key + circuit w/ Onion Router 1 Onion Router 1 • Proxy tunnels through that circuit to extend to Onion Router 2 Onion Router 2 • Etc • Client applications connect and communicate over Tor circuit Client Initiator

  24. Tor Circuit Usage • Client Proxy establishes session key + circuit w/ Onion Router 1 Onion Router 1 • Proxy tunnels through that circuit to extend to Onion Router 2 Onion Router 2 • Etc • Client applications connect and communicate over Tor circuit Client Initiator

  25. Where do I go to connect to the network?  Directory Servers − Maintain list of which onion routers are up, their locations, current keys, exit policies, etc. − Directory server keys ship with the code − Control which nodes can join network  Important to guard against Sybil attack and related problems − These directories are cached and served by other servers, to reduce bottlenecks

  26. Some Tor Properties  Simple modular design, restricted ambitions. − ~30K lines of C code − Even servers run in user space, no need to be root − Flexible exit policies, each node chooses what applications/destinations can emerge from it

  27. Some Tor Properties  Lots of supported platforms: Linux, BSD, MacOS X, Solaris, Windows, ...  Deployment paradigm: − Volunteer server operators − No payments, not proprietary − Moving to a P2P incentives model

  28. Number of running Tor servers

  29. Total traffic through Tor network

  30. Location Hidden Servers  Alice can connect to Bob's server without knowing where it is or possibly who he is  Can provide servers that − Are accessible from anywhere − Resist censorship − Require minimal redundancy for resilience in denial of service (DoS) attack − Can survive to provide selected service even during full blown distributed DoS attack − Resistant to physical attack (you can't find them)

  31. Get the Code, Run a Node! (or just surf the web anonymously)  Current code freely available (3-clause BSD license)  Comes with a specification – the JAP team in Dresden implemented a compatible Tor client in Java  Design paper, system spec, code, see the list of current nodes, etc.  http://tor.eff.org/

  32. Policy issues  Spam / spam blacklists  Wikipedia  Internet Relay Chat (IRC)  Good time for anonymous credentials?

  33. Tradeoffs  Low-latency (Tor) vs. high-latency (Mixminion)  Packet-level vs stream-level capture  Padding vs. no padding (mixing, traffic shaping)  UI vs. no UI  AS-level paths and proximity issues  Incentives to run servers / allow exits  Enclave-level onion routers / proxies / helper nodes  Path length? (3 hops, don't reuse nodes)  China?  P2P network vs. static network

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Web Server Design Lecture 2 Socket Programming Old Dominion University Department of

Web Server Design Lecture 2 Socket Programming Old Dominion University Department of

Web Server Design Lecture 2 Socket Programming Old Dominion University Department of Computer Science CS 431/531 Fall 2019 Sawood Alam <salam@cs.odu.edu> 2019-09-05 Interprocess Communication (IPC) File Shared memory

303 views • 12 slides
Overview Overview What is SILC? What is SILC? Analysis of the SILC Protocol with

Overview Overview What is SILC? What is SILC? Analysis of the SILC Protocol with

Overview Overview What is SILC? What is SILC? Analysis of the SILC Protocol with Analysis of the SILC Protocol with Stands for Stands for S S ecure ecure I I nternet nternet L L ive ive C C onferencing. onferencing. Murphi

475 views • 5 slides
State of the Art Web Mapping With TileMill Justin Miller MapBox justin@mapbox.com

State of the Art Web Mapping With TileMill Justin Miller MapBox justin@mapbox.com

State of the Art Web Mapping With TileMill Justin Miller MapBox justin@mapbox.com @incanus77 About MapBox Me TileMill This workshop Download & Install http://mapbox.com/tilemill Cross-platform Windows XP

663 views • 19 slides
Jos Antonio Rey SCaLE 12x, Feb 2014 Introduction What is a community How I got into

Jos Antonio Rey SCaLE 12x, Feb 2014 Introduction What is a community How I got into

Youth Contributing Jos Antonio Rey SCaLE 12x, Feb 2014 Introduction What is a community How I got into this Common Issues Not knowing where to start contributing Feeling disoriented about what is currently happening on the

223 views • 11 slides
Overview of UA Ongoing Cybersecurity Projects The image cannot be displayed. Your computer may

Overview of UA Ongoing Cybersecurity Projects The image cannot be displayed. Your computer may

Overview of UA Ongoing Cybersecurity Projects The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x

886 views • 65 slides
Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices flowing, and help give a broad overview of Drupal jargon, Drupal Architecture & the Drupal Community... May 21st, 2010 - SNHU, Manchester, NH

1.12k views • 52 slides
Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds

Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds

Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds An entity has to change its target An entity has to change its target Partition the world into regions Partition the world into regions

72 views • 4 slides
Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor?

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor?

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity software and network Open source, freely available Community of researchers, developers, users, and relay operators 2

660 views • 50 slides
Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM

Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM

Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM Name-Oriented Mobility (NOM) Workshop April 28, 2014 I. Psaras, L. Saino, M.

186 views • 14 slides
Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are

Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are

Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are they? An application that deals with one of more of the following data types: Text Images Audio Video Most common scenario

742 views • 62 slides
Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

1.56k views • 104 slides
IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF

IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF

IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF 99)! Crypto Forum (CFRG) Proposed PANRG Global Access to the Internet for All Network Coding Research Group (GAIA) (NWCRG) Human

506 views • 29 slides
Analyzing "Global Access to the Internet for All" Projects Sascha Rushing Chair for

Analyzing "Global Access to the Internet for All" Projects Sascha Rushing Chair for

Analyzing "Global Access to the Internet for All" Projects Sascha Rushing Chair for Network Architectures and Services Department for Computer Science Technische Universitt Mnchen January 14, 2016 Technische Universitt Mnchen

577 views • 26 slides
Agenda Tennessee Community-Engagement Research Alliance Against COVID-19 ( TN CEAL) Member

Agenda Tennessee Community-Engagement Research Alliance Against COVID-19 ( TN CEAL) Member

Tennessee Health Disparities Task Force Agenda Tennessee Community-Engagement Research Alliance Against COVID-19 ( TN CEAL) Member Comments/Announcements Office of Health Disparities Elimination October 22, 2020

488 views • 16 slides
CTSA Program Steering Committee Monday, July 9, 2018 2:30 4:00 ET Agenda 2:30 Welcome

CTSA Program Steering Committee Monday, July 9, 2018 2:30 4:00 ET Agenda 2:30 Welcome

CTSA Program Steering Committee Monday, July 9, 2018 2:30 4:00 ET Agenda 2:30 Welcome Christopher Austin 2:30 2:40 Directors Update Christopher Austin Mike Kurilla 2:40 3:30 Review Action Items List All DCI and Cancer

369 views • 19 slides
New Mexico Climate Strategy & Electricity Sector Implications EPSCOR Webinar Series July

New Mexico Climate Strategy & Electricity Sector Implications EPSCOR Webinar Series July

New Mexico Climate Strategy & Electricity Sector Implications EPSCOR Webinar Series July 22, 2020 Laura Tabor Sustainability and Resilience Officer Jacqueline Waite Clean Energy Program Manager Agenda Overview of 2019 Climate Strategy

962 views • 33 slides
Storage task force Shibboleth-features and challenges in PowerFolder Sync & Share 11 FEB

Storage task force Shibboleth-features and challenges in PowerFolder Sync & Share 11 FEB

Storage task force Shibboleth-features and challenges in PowerFolder Sync & Share 11 FEB 2014 Roadmap for today Introduction Use cases / Installations The challenges of Sync & Share Federated AAI Large scale

763 views • 38 slides
TCP/IP Networks Dr. Miled M. Tezeghdanti October 7, 2011 Dr. Miled M. Tezeghdanti () TCP/IP

TCP/IP Networks Dr. Miled M. Tezeghdanti October 7, 2011 Dr. Miled M. Tezeghdanti () TCP/IP

TCP/IP Networks Dr. Miled M. Tezeghdanti October 7, 2011 Dr. Miled M. Tezeghdanti () TCP/IP Networks October 7, 2011 1 / 94 Outline TCP/IP IP ARP ICMP TCP/UDP Dr. Miled M. Tezeghdanti () TCP/IP Networks October 7, 2011 2 / 94

618 views • 58 slides
TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

GLIF Tech Winter meeting Hong-Kong, China 24 February, 2011 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop series About

587 views • 25 slides
CSCE 515: Computer Network Transport Layer TCP UDP Programming ------ Sockets ICMP, ARP

CSCE 515: Computer Network Transport Layer TCP UDP Programming ------ Sockets ICMP, ARP

Process Layer Process Process CSCE 515: Computer Network Transport Layer TCP UDP Programming ------ Sockets ICMP, ARP Network Layer IP & Wenyuan Xu RARP Department of Computer Science and Engineering University of South Carolina

400 views • 8 slides
Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick November 6, 2012 Who

Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick November 6, 2012 Who

Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick November 6, 2012 Who am I? Interfacing Apache HTTP Server 2.4 with External Met Unix

985 views • 61 slides
CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San

CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San

CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /spring2018/cs683/cs683_main.htm (https://goo.gl/t396Fw) 1 Lecture 12 Transport Layer Security/

555 views • 23 slides
Announcements Next week: Organizational Cloud discussion pros/cons - Teams to revisit individual

Announcements Next week: Organizational Cloud discussion pros/cons - Teams to revisit individual

Announcements Next week: Organizational Cloud discussion pros/cons - Teams to revisit individual findings and report Upcoming R2 APIs & Web Services SWEN-343 Today Need for APIs Webservices Types SOAP & REST SOA Microservices

378 views • 33 slides
Programming Interfaces to Non-Vola4le Memory Michael Swi:

Programming Interfaces to Non-Vola4le Memory Michael Swi:

Programming Interfaces to Non-Vola4le Memory Michael Swi: University of WisconsinMadison Outline NVM solid-state drives Persistent memory file systems

1.16k views • 98 slides

More recommend