Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tor – The Onion Router By: David Rollé. What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward.

Published byHillary Sparks Modified over 9 years ago

Similar presentations

Presentation on theme: "Tor – The Onion Router By: David Rollé. What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward."— Presentation transcript:

1 Tor – The Onion Router By: David Rollé

2 What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward Secrecy  Ease of deployability and use  Remove superfluous information  Multiplex streams  Leaky-Pipe Circuit Topology  Congestion Control  Directory Servers  Variable Exit Policies  Integrity Checking End-to-End  Rendezvous Point  Why?

3 Background of Problem  Tracking information throughout the world  China  Is anonymity on the internet really necessary?  Prevalence of cyber crimes?  E.g. – Leverage  Global adversaries versus limited adversaries  Facebook versus your evil cyber-neighbor Bob  How critical is Tor in today’s society?  SOPA and PIPA  Exit Abuse?  Paper is from 2004, dated by several years. Tor has evolved substantially since this paper’s publishing, adding many layers of security.

4 Goals and Non-Goals of Tor Goals  Deployability  Usability  Flexibility  Simple design Deferred Goals  Not Peer-to-Peer  Not Secure from End-to- End attacks  Why wasn’t this emphasized?  Not protocol normalized  No UDP. Good or bad?  Doesn’t conceal who is connected to network.  Why not?

5 Low-Latency vs. High-Latency Low Latency Advantages  Can run regular webpages, with Javascript and JSON technology in near realtime. Low Latency Disadvantages  Can’t obfuscate data too much; data has time limits for expiration High-Latency Pros  Lots of time to obfuscate data, with multiple layers of encryption and reordering of end traffic. High-Latency Cons  Limits the usefulness of the technology, as email servers and other important request servers cannot work with materials Which do you think is more efficient at safeguarding anonymity?

6 Tor Design

7 Onion Router  TLS Connection to every other Onion Router  Can interpret CircID’s to send data to another location  Can only see previous router and router ahead  Previously a problem in old architecture. How?  Verified by directory servers to create map  Efficiency problem? Better solutions?  Has identity key to verify its information

8 Onion Proxy  Local software for the user  Fetches Directories  Establishes circuits across network  Handle connections from user applications  Multiplexes TCP streams across circuits  Handles the routing from end to end

9 Cell Technology  Circuit ID (assigned at start, interpreted at router by key)  Control Cells  CircID and CMD  Relay Cells  Includes Relay, StreamID, Digest, Length of cell, as well as the CircID and CMD  Digest critical to Leaky-Pipe algorithm

10 Circuit Technology  Onion Routing with a twist  Construct Circuits  Long time to construct a complete circuit  Short time to add/subtract from  Consider rotating circuits once a minute  Destroy Circuits  Relatively quick, useful for rerouting the circuit through different ORs in case of circuit breakage

11 Circuit Creation  OP connects to OR with TLS secure  New CircID, uses a Control Cell to carry data.  OR responds with the second half of the Diffie- Hellman handshake  OP encrypts additional Control Cell and sends them to OR, waits for response, etc.  End result: Multiple layers of encryption, easily translated by OR. Also, Digest allows multiple exit points along circuit  Build longer circuit than necessary.

12 Streams  OP is asked for a connection via SOCKS  Each stream has random stream ID  Why is this important?  Problems with SOCKS  Applications can pass the hostname to the Tor Client, or pass the IP address first  If DNS reolution performed, Alice reveals location of both ends.  Solutions?

13 Integrity Checking via Digest  The Digest is comprised of encoded bits which verify when the cell is completely decoded  Lynchpin for Leaky-Pipe algorithm  ORs verify stream is not in still in transit  Digest pre-negotiated at circuit creation using SHA-1 digest with derivative of the key  Digest serves Leaky-Pipe topology and Integrity checking

14 Throttle Control  Rate Limiting  Bulk stream versus interactive stream  Fairness  Token Bucket Approach  Enforces average rate of incoming bytes  Permits short term bursts above bandwidth allotment  Cannot always wait for a full cell, send when possible

15 Congestion Control  Circuit Level Throttling  Packaging Window  Delivery Window  Relay sendme cell  Stream Level Throttling  Similar construction to circuit level throttling, just one level up the Open Systems Interconnection (OSI) model

16 Rendezvous Points  Requirements:  Access-Control, Robust, Smear-resistant, Application-Transparent  Introduction Points  Hidden server creates circuits to each introduction point (advertised ORs), and can hide some for only select clients  Rendezvous cookie  Obtained from an RP, given to the introduction point to connect server to client  Rendezvous Point  Server connects with second half of handshake from token, and RP connects two circuits together  Client initiates contact directly, and regular Tor operations commence  Why are these not available from outside of Tor?  Could it be possible to make them available outside of Tor?  Possibly have an OP handle the requests, and translate them into RP?  Con: Makes OP liable to attack from adversaries.

17 Design Defenses  DoS defense  Flow Control and Rate Limiting help, but other ideas need to be implemented.  Exit Policies  Open, Restricted (Some restrictions apply), Middleman (no connection outside Tor), Private (Only connect to local network)  Exit abuse hurts capabilities of Tor’s anonymization.  Directory Servers  Previously in-band updates: Entire network obtained all of the states at varying times.  Directories currently act as policemen of new nodes; new nodes require human intervention.  Directories synchronized and redundant.

18 Attack Methodologies and Defenses

19 Passive Attacks  Observe Traffic Patterns  Multiplexing minimizes damage  Observe User Content  Use of Privoxy  Option Distinguishability  Leads to tracing due to distinct pattern behavior  End-to-end Timing Correlation  Tor does not hide timing (low-latency requirement)  End-to-end Size Correlation  Leaky-Pipe Topology  Website Fingerprinting  New attack as of 2004, semi-defended by mitigation

20 Active Attacks  Compromise Keys  Mitigated by key rotation and redundant multiple layer encryption. Replacing a node via identity key could theoretically avoid this defense.  Iterated Compromise  Short lifetimes for circuits  Run Recipient  Adversary controls end server, which allows him to use Tor to attack the other end. Privoxy would help minimize chance of revealing initiator  Run Onion Proxy  Compromised OPs compromise all information sent through OP  DoS non-observed nodes  Only real defense is robustness  Run hostile OR  Requires nodes at both ends of a circuit to obtain information  Introduce Timing  Similar to timing discussed in passive version

21 Active Attacks continued  Tag Attacks  Integrity check mitigates this  Replay Attacks  Session key changes if replay used  Replace End Server  No real solution, verify that server is actually server with authentication. Similar to Recipient attack  Smear Attacks  Good press and exit policies  Hostile Code Distribution  All Tor releases signed

22 Directory Subversion  Destroy Servers  Directories require majority rule, or human intervention if more than half destroyed.  Subvert Server  At worst, cast tie-breaker vote  Subvert Majority of Servers  Ensure Directories are independent and resistant to attacks  Encourage Dissent in Directory Operators  People problem, not Tor problem.  Trick Directories  Server Operators should be able to filter out hostile nodes.  Convince Directories that OR is Functional  Directory servers should test by building circuit and streams to OR.

23 Rendezvous Point Attacks  Many Introduction Point Requests  IP can block requests with authorization tokens, or require certain amounts of computation per request.  Attack Introduction Point  Server re-advertises on different IP, or advertise secretly. Attacker must disable all IPs.  Compromise Introduction Point  Servers should occasionally verify their IPs, and close circuits that flood them.  Compromise Rendezvous Point  Similar to active attacks against ORs

24 Other Attacks?

25 Food For Thought  Global adversaries: Paper never touches on adversaries with large programming armies behind them. Can Tor be useful and efficient in environments such as China?

Download ppt "Tor – The Onion Router By: David Rollé. What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google