Overview  Anonymity systems  Review of how Tor works  Tor Project Inc.  Helper tools and accessories  Advanced Tor control  Attack Vectors

Anonymity Systems  JAP  I2P  Freenet  Xerobank  Botnets

Freenet  Storage network p2p based  Shares files on your system to other nodes  Plausabile Deniability

I2P  Opposing design of Tor  UDP based  Darknet design  Java, Python, and C API’s  Mixed routing based on packets  Splits tunneling between upstream and downstream  “Garlic Routing” – mix streams together to prevent traffic analysis  Variable latency design

Tor  Tor (not TOR) – previously stood for The Onion Router  Provides a method of anonymity by passing data between proxies

Tor Network

Terminology  Cell – your message  Circuit – tunnel made up of relays  Entry Node: first hop into the Tor network  Exit Node: last hop before destination  Relay Node: middle hop  Bridge Node: nodes not listed in the Tor directory to evade filtering

Who’s Using Tor?  Whistleblowers  Wikileaks – runs hidden service  Militaries  field ops  command and control using hidden services  Chinese journalists and dissidents

Tor Project  501(c)(3) NFP  Freely available  Full spec and full documentation

Project Finances

Current Project Sponsors  Federal Grant:  International Program to Support Democracy Human Rights and Labor  $632,189  International Broadcasting Bureau  Voice of America, Radio Free Europe/Radio Liberty, Radio and TV Martí, Radio Free Asia, Radio Sawa/Alhurra TV  $270,000  Stichting.Net  Association of NFP’s in the Netherlands  $38,279  Google: $29,083  ITT: $27,000  Other: $9,997

Past Funders  DARPA and Naval Research Labratory  EFF –

Tor Performance

Number of Relays

Number of Users

Tor Tools  Torbutton  Tor Browser Bundle  Vidalia  TorCheck  Arm  Tor-ramdisk  Anthony G. Basile from Buffalo

Tor Control Port  Telnet to the control port  Create custom circuits (long or short)  Show live circuit information  Change configuration on the fly  Map a site to an exit node  Reload a configuration authenticate "“ extendcircuit 0 a,b,c,… extendcircuit 0 a,b setevents circ setconf confitem Mapaddress google.com=a.b Getconf confitem

Attacks

Tor Passive Attack Vectors  Traffic profiling – entry and exit analysis  Cleartext exit node transmission  Fingerprinting - OS, browser, configuration, activity  Timing correlation  Network partitioning  End to end Size correlation

Tor Active Attack Vectors  Compromised keys  Malicious web servers  Malicious Exit/Relay nodes  DoS non-controlled nodes  Timestamping and tagging  Injecting or replacing unencrypted info  Malicious Tor client

Tor Client Side Attacks  DNS rebinding  Disbanding attack – javascript, java, flash  History disclosure  Timezone information (partitioning)

Social Engineering Attacks  Getting more traffic  “Use my relay. I have huge tubes!”  “Nick’s relay sucks”  “I’ve added a feature to my node.”  Replacement  a2f2f e726f e636f6d2f f  Partitioning  “Don’t use servers from this country”  “These servers are amazing!”

More Info   Metrics.torproject.org  Blog.torproject.org  Check.torproject.org