Presentation on theme: "Tor: The Second-Generation Onion Router"— Presentation transcript:
1Tor: The Second-Generation Onion Router Roger Dingledine, Nick Mathewson, Paul Syverson
2Introduction Second Generation of Onion Routing Focus on deployabilityPerfect forward secrecySeparation of “protocol cleaning” from anonymityNo mixing, padding or traffic shapingTCP Streams can share on circuitLeaky-pipe circuit topology
3Introduction Congestion control Directory servers Exit policies Integrity checkingHidden services
5Non-Goals Not P2P Not secure against end to end attacks No protocol normalizationNot steganographic
6Threat Model Does not protect against a global passive adversary Adversary can:Generate, modify, delay and delete trafficOperate onion routersCompromise many onion routersAim is to project gains traffic analysis attacks not traffic confirmation attacksWhat do you all think of this distinction? Is it valid?
7Design Overlay network Onion routers route traffic Onion Proxy fetches directories and creates circuits on the networkUses TCPAll data is sent in fixed size cellsCircIDDataCMDCircIDStreamID Digest Len CMD DataRelay
8Circuits Describes the Onion Routers on the path Can be used by many TCP streamsBuilt incrementally
9Building a circuit Create c2 E(gx2) Created c2, gy2, H(K2) Relay c1(Extended, gy2, H(K2)Create c1, E(gx1)Relay c1 (Extend, OR2, E(gx1))
10Fetching a web pageRelay c2 (Begin <Bob>)Relay c2 (Connected)Relay c1 (Connected)TCP HandshakeRelay c1 (Begin <Bob>)Last onion router should get the IP address of Bob’s website to protect Alice’s anonymity.
11Additional functionality Integrity checkingOnly done at the edges of a streamSHA-1 digest of data sent and receivedFirst 4 bytes of digest are sent with each message for verificationRate limitingUses token bucket approachInteractive streams get preferential treatment
12Congestion Control There is some concern about OR-to-OR congestion Circuit Level throttling2 windows keep track of relay data to be transmitted to other ORs and data transmitted out of the networkWindows are decremented after forwarding packets and increments on a relay sendme messageWhen a window reaches 0, no messages are forwarded
13Congestion Control Stream Level Throttling Streams have packaging windows associated with themThe window is decremented was messages are sent and incremement when relay sendme are receivedrelay sendme messages are sent after the TCP stream has flushed a certain number of bytesThis congestion control method is pretty primitive. Why not leverage existing work here?
14Hidden Service and Rendezvous Points Tor accommodates receiver anonymity by allowing location hidden servicesDesign goals for location hidden servicesAccess ControlRobustnessSmear-resistanceApplication transparencyLocation hidden service leverage rendezvous points
15Creating and connecting to a Location hidden service
16Other design decisions DoSCPU consumption attacks are possibleCrashing routers also causes a DoSExit Policies and AbuseAs with other systems, abuse is a big dealRouters can specify exit policies restricting how they are usedDirectory ServicesAdvertises current network states and routers
17Attacks and Defenses Passive Attacks Active Attacks Observing user contentEnd-to-end timing correlationActive AttacksCompromising KeysRun a hostile ORAttacks on the Directory ServiceDestroy directory serviceSubvert 1 or more directory serversAttacks against rendezvous pointsMake many introduction requestsCompromise a rendezvous point
18Tor in the wild There is a current deployment of Tor Currently ~ 350 Tor routers~ 40MB read and write at any given timePerformance42% increase in time for large fileVaried for interactive sessions
19Discussion QuestionsIn Tor, if your entry node and exit node are compromised, you are sunk. If this is the case, what is the point of circuits with more then 2 hops?One of the tensions for Tor (and other anonymity systems) is that they need a good user base to improve the system. However, the anonymity the offer isn’t great. How do you get people to use such a system?