Tor Internals and Hidden Services

Slides:



Advertisements
Similar presentations
(4.4) Internet Protocols Layered approach to Internet Software 1.
Advertisements

Network Layer and Transport Layer.
Presented by Serge Kpan LTEC Network Systems Administration 1.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Computer Networks IGCSE ICT Section 4.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)
Networking Components Chad Benedict – LTEC
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Mr C Johnston ICT Teacher
© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
TUTORIAL # 2 INFORMATION SECURITY 493. LAB # 4 (ROUTING TABLE & FIREWALLS) Routing tables is an electronic table (file) or database type object It is.
NETWORKING COMPONENTS By Cleve Rosser. Hubs allow large numbers of computers to be connected on a single or multiple LAN. Each computer plugs into the.
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.
The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.
Networking Components Michelle Vega Network System Administrations LTEC /026 Mr. West.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Mr C Johnston ICT Teacher
TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Information Security 493. Lab # 4 (Routing table & firewalls) Routing tables is an electronic table (file) or database type object that is stored in a.
The Silk Road: An Online Marketplace
Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
Nathaniel Ley CIS235 Dec. 09, Why do we need Tor?  Encryption is not enough to ensure complete anonymity, since packet headers can still reveal.
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Internet Flow By: Terry Hernandez. Getting from the customers computer onto the internet Internet Browser
Hiding in the Dark: The Internet You Cannot See Marc Visnick
1 Internet data security (HTTPS and SSL) Ruiwu Chen.
1 28-Sep-16 S Ward Abingdon and Witney College CCNA Exploration Semester 1 OSI network layer CCNA Exploration Semester 1 Chapter 5.
Defining Network Infrastructure and Network Security Lesson 8.
What is BizTalk ?
Data Virtualization Tutorial… SSL with CIS Web Data Sources
Go to youtube and search “Code.org internet videos”
Anonymous Internet Protocols
Lecture 3 By Miss Irum Matloob.
CS590B/690B Detecting Network Interference (FALL 2016)
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
Practical Censorship Evasion Leveraging Content Delivery Networks
Anonymous Communication
Server Concepts Dr. Charles W. Kann.
Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017
ADDRESSING Before you can send a message, you must know the destination address. It is extremely important to understand that each computer has several.
Firewalls.
Deanonymization of Clients in Bitcoin P2P Network
Exercise ?: TOR.
Topic 5: Communication and the Internet
I. Basic Network Concepts
0x1A Great Papers in Computer Security
Anupam Das , Nikita Borisov
Section 14.1 Section 14.2 Identify the technical needs of a Web server
Firewalls Routers, Switches, Hubs VPNs
Anonymous Communication
Internet Basics Videos
Bruce Maggs relying on materials from
Network and the internet
Protocol Application TCP/IP Layer Model
Bruce Maggs relying on materials from
Topic 12: Virtual Private Networks
Anonymous Communication
BPSec: AD Review Comments and Responses
Bruce Maggs relying on materials from
Presentation transcript:

Tor Internals and Hidden Services

Plan Four part series Basic skeleton – TOR – Theory Only Why only stop yourself to browsers? - Hidden Services How it is actually used while hacking – Mostly Demo Bypassing Countermeasures

Introduction to TOR What is tor? What are you going to gain from talk-1? History – Wikipedia (A long time ago in a galaxy far, far away. .....) [1995] [DARPA] It was originally open-sourced in October of 2003 Onion Routing? ⎳Layers + Layers …. So - Tor works by bouncing connections from your computer to destinations (such as google.com) through a series of intermediate computers, or relays. Tor is an anonymity tool used by those who want to stay private and uncensored when browsing the Internet. In this series of talk, we’ll take a deep dive into the structure and protocols used by the Tor network in order to see first-hand how Tor operates. This idea of Onion Routing was (and is!) simply that we can wrap traffic in encrypted layers (like onions) in order to protect the contents of the data as well as the anonymity of the sender and receiver. Tor works by bouncing connections from your computer to destinations (such as google.com) through a series of intermediate computers, or relays.

From Nigeria to DC

Relays 6000 relays – [Link] These relays are located all across the world and run completely by volunteers willing to give up some bandwidth for the cause. Tor software configured to act as a relay. (No special HW or SW) Speed ~ No. of relays If there are more relays to choose from, it will be more difficult to track any one user. https://metrics.torproject.org/networksize.html

Types of relays Tor bounces connections through 3 relays. Each of these have a specific role to play

Types of Relays Entry/Guard Relay - This is the entry point to the Tor network. Relays are selected to serve as guard relays after being around for a while, as well as having shown to be stable and having high bandwidth. Middle Relay - Middle relays are exactly that - middle nodes used to transport traffic from the guard relay to the exit relay. This prevents the guard and exit relay from knowing each other. Exit Relay - These relays are the exit point at the edge of the Tor network. These relays send traffic to the final destination intended by the client. Generally, it is safe to run a guard or middle relay on any VPS or shared server, since all the server operators will see is harmless encrypted traffic. However, there are special responsibilities to consider when running an exit node. Since exit relays send traffic directly to the end destination, any illicit activity done through Tor appears to come from the exit relay. This leads to the rare possibility of raids, abuse notices, or more. Thanks Exit node operated.

Why Onions? How do we know we can actually trust relays? How can we be sure relays won’t track who we’re connecting to and sniff the data we send across the wire? we don’t have to!. Tor is designed to put as little trust in relays as possible. It does this through the use of encryption. Now that we know how connections are routed through relays, how do we know we can actually trust relays?

How it works? – Onion protocol The client encrypts the original data in such a way that only the exit relay can decrypt it. This encrypted data is then encrypted again in such a way that only the middle relay can decrypt it. Finally, this encrypted data is encrypted once more in such a way that only the guard relay can decrypt it. This means that we have wrapped our original data in layers of encryption, much like an onion is wrapped in layers of exit relays can see the original data sent by the client, since they have to pass that data to the destination. This means that, if credentials are passed over HTTP, FTP, or other cleartext protocols, the exit relays can sniff the traffic!

Relays – SHHH …. Hah! I blocked TOR : PS OG How do they blocked it? When a Tor client starts up, it needs a way to fetch a list of all the entry, middle, and exit relays available. This list of all relays isn’t a secret. Making this list public is necessary, it also presents a problem. Two Ways: Block users coming out of Tor Block users going into Tor Oppressive Government - The first situation is possible, and is up to the discretion of the device (router, etc.) or website owner. All a site owner needs to do is to download the list of Tor exit nodes and block all traffic from those nodes. the second situation is much worse. While blocking incoming Tor users can keep them from a particular site, blocking users from going into Tor will keep them from every site, making Tor effectively useless to those under censorship - some of the users who need Tor most. Just using relays, this is possible since real OG’s can just download a list of all guard relays and block any traffic to them.

Hello to Bridges !! Simply : bridges are just unpublished entry relays. Users that are behind censored networks can use bridges as a way to access the Tor network. How to to connect without knowing bridges? The Tor project has created a way for users to receive a small list of bridges so that they can connect to the rest of the Tor network. https://bridges.torproject.org/bridges

Can Anyone Find Every Bridge? The list of all bridges is a closely guarded secret. But there are ways to discover bridges [Link] Scanning entire IPV4 NW Zmap or masscan 79 to 80% positive results Ways : https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges Zmap - 79–86%”

How TOR is organized & maintained? Master list of Relays & Bridges Who Maintains it? 10 Tor nodes run by trusted volunteers are hardcoded into each Tor client. These nodes have a very special role : To maintain the status of the entire Tor network. These nodes are known as directory authorities (DA’s). Why 10? 9 of the DA’s maintain the master list of relays, while one DA (Tonga) maintains the list of bridges. https://gitweb.torproject.org/tor.git/tree/src/or/config.c#n824

Directory Authorities Map

How DA helps in maintaining TOR? The status of all the Tor relays is maintained in a living document called the consensus. DA’s maintain this document and update it every hour by a vote. Process : Each DA compiles a list of all known relays Each DA then computes the other needed data, such as relay flags, bandwidth weights, and more The DA then submits this data as a “status-vote” to all the other authorities Each DA next will go get any other votes it is missing from the other authorities All the parameters, relay information, etc. from each vote are combined or computed and then signed by each DA This signature is then posted to the other DA’s There should be a majority of the DA’s that agree on the data, validating the new consensus The consensus is then published by each DA You’ll notice that I mention each DA publishes this consensus. This is done over HTTP such that anyone can download the latest copy http://directory_authority/tor/status-vote/current/consensus/ http://86.59.21.38/tor/status-vote/current/consensus/ Exit nodes

Thanks