Tor Bruce Maggs relying on materials from
2
How Tor Works 3
4
5
Encryption Keys in TOR Each relay has a long-term ``identity’’ public/private key pair used to sign TLS certificates (public keys signed by directory) Medium-term (one week) public/private ``onion’’ keys are used to decrypt requests to extend circuits – so first node can’t spoof the whole path Short-term “connection” keys used to negotiation TLS connections 6
How Tor Works 7
Bridge Relays (a.k.a. Bridges) Some ISPs/governments block all traffic to relays that appear in the Tor directory. Bridges are relays that don’t appear in the directory. User has to solve the problem of finding a bridge. 8
Solve a Captcha to get Bridge Address 9
10
Growth of Tor Network 11
Growth of Tor Network 12
Spike in Number of Users 13
Possible Explanation for Spike Botnet “Mevade.A” a.k.a. “Sefnit” a.k.a. “SBC” is using Tor for connectivity botnet-cause-of-recent-tor-network- overload/ 14
15
Tor Exit Nodes See Plaintext! 16
Tor Browser 17
Tor Browser 18
19
Tor-Aware Web Servers 20 Connect directly to Tor, do not advertise their network addresses.
Establishing a Hidden Service 21
Establishing a Hidden Service 22
Finding a Hidden Service 23
Contacting a Hidden Service 24
Contacting a Hidden Service 25
Communicating with a Hidden Service 26
Using Tor as a SOCKS5 Proxy Can tunnel any TCP connection through Tor (and DNS requests) First run the Tor browser, it will also act as a SOCKS5 proxy and accept connections Configure your application, e.g., chat, to use as SOCKS5 proxy 27
Configure HexChat to use Proxy 28
Now Chatting through Tor 29
4 30