Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Tor: a brief intro Roger Dingledine The Tor Project https://torproject.org/

Published byBrent Poole Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Tor: a brief intro Roger Dingledine The Tor Project https://torproject.org/"— Presentation transcript:

1 1 Tor: a brief intro Roger Dingledine The Tor Project https://torproject.org/

2 2 What is Tor? ● Online anonymity 1) software, 2) network, 3) protocol ● Open source, freely available ● Community of researchers, developers, users, and relay operators ● Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch,...

3 3 ● 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy The Tor Project, Inc.

4 4 Estimated 500,000 daily Tor users

5 5 Threat model: what can the attacker do? Alice Anonymity network Bob watch (or be!) Bob! watch Alice! Control part of the network!

6 6 Anonymity isn't cryptography: Cryptography just protects contents. Alice Bob “Hi, Bob!” attacker

7 7 Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?”

8 8 Anonymity serves different interests for different user groups. Anonymity Private citizens “It's privacy!”

9 9 Anonymity serves different interests for different user groups. Anonymity Private citizens Businesses “It's network security!” “It's privacy!”

10 10 Anonymity serves different interests for different user groups. Anonymity Private citizens Governments Businesses “It's traffic-analysis resistance!” “It's network security!” “It's privacy!”

11 11 Anonymity serves different interests for different user groups. Anonymity Private citizens Governments Businesses “It's traffic-analysis resistance!” “It's network security!” “It's privacy!” Human rights activists “It's reachability!”

12 12 Five pieces to today's talk ● 1) Who uses Tor and why? ● 2) The Tor design in a nutshell ● 3) Tor and censorship ● 4) We have data ● 5) Performance questions

13 13 Regular citizens don't want to be watched and tracked. (the network can track too) Hostile Bob Incompetent Bob Indifferent Bob “Oops, I lost the logs.” The AOL fiasco “I sell the logs.” “Hey, they aren't my secrets.” Name, address, age, friends, interests (medical, financial, etc), unpopular opinions, illegal opinions.... Blogger Alice 8-year-old Alice Sick Alice Consumer Alice Oppressed Alice....

14 14 Businesses need to keep trade secrets. AliceCorp Competitor Compromised network “Oh, your employees are reading our patents/jobs page/product sheets?” “Hey, it's Alice! Give her the 'Alice' version!” “Wanna buy a list of Alice's suppliers? What about her customers? What about her engineering department's favorite search terms?”

15 15 Law enforcement needs anonymity to get the job done. Officer Alice Investigated suspect Sting target Anonymous tips “Why is alice.localpolice.gov reading my website?” “Why no, alice.localpolice.gov! I would never sell counterfeits on ebay!” Witness/informer Alice “Is my family safe if I go after these guys?” Organized Crime “Are they really going to ensure my anonymity?”

16 16 Governments need anonymity for their security Coalition member Alice Shared network Defense in Depth Untrusted ISP “Do I really want to reveal my internal network topology?” “What about insiders?” Agent Alice “What does FBI Google for?” Compromised service “What will you bid for a list of Baghdad IP addresses that get email from.gov?” “Somebody in that hotel room just checked his Navy.mil mail!”

17 17 Journalists and activists need Tor for their personal safety Blocked Alice Filtered website Monitored network Monitoring ISP “What does the Global Voices website say today?” “I want to tell people what's going on in my country” “I think they're watching. I'm not even going to try.” Activist/ Whistleblower Alice “Where are the bloggers connecting from?” “I run livejournal and track my users” “Of course I tell China about my users” Monitored website “Did you just post to that website?”

18 18 You can't get anonymity on your own: private solutions are ineffective... Officer Alice Investigated suspect... AliceCorp Competitor Citizen Alice AliceCorp anonymity net Municipal anonymity net Alice's small anonymity net “Looks like a cop.” “It's somebody at AliceCorp!” “One of the 25 users on AliceNet.”

19 19... so, anonymity loves company! Officer Alice Investigated suspect... AliceCorp Competitor Citizen Alice Shared anonymity net “???”

20 20 Yes, bad people need anonymity too. But they are already doing well. Evil Criminal Alice Stolen mobile phones Compromised botnet Open wireless nets.....

21 21 Current situation: Bad people on the Internet are doing fine Trojans Viruses Exploits Phishing Spam Botnets Zombies Espionage DDoS Extortion

22 22 The simplest designs use a single relay to hide connections. Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Relay E(Bob3,“X”) E(Bob1, “Y”) E(Bob2, “Z”) “Y” “Z” “X” (example: some commercial proxy providers)

23 23 But a single relay (or eavesdropper!) is a single point of failure. Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Evil Relay E(Bob3,“X”) E(Bob1, “Y”) E(Bob2, “Z”) “Y” “Z” “X”

24 24... or a single point of bypass. Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Irrelevant Relay E(Bob3,“X”) E(Bob1, “Y”) E(Bob2, “Z”) “Y” “Z” “X” Timing analysis bridges all connections through relay ⇒ An attractive fat target

25 25 So, add multiple relays so that no single one can betray Alice. Bob Alice R1 R2 R3 R4 R5

26 26 A corrupt first hop can tell that Alice is talking, but not to whom. Bob Alice R1 R2 R3 R4 R5

27 27 A corrupt final hop can tell that somebody is talking to Bob, but not who. Bob Alice R1 R2 R3 R4 R5

28 28 Alice makes a session key with R1...And then tunnels to R2...and to R3 Bob Alice R1 R2 R3 R4 R5 Bob2

29 29 What we spend our time on ● Performance and scalability ● Maintaining the whole software ecosystem ● Blocking-resistance (circumvention) ● Basic research on anonymity ● Reusability and modularity ● Advocacy, education, and trainings around the world ● Metrics, data, and analysis

30 30 Relay versus Discovery ● There are two pieces to all these “proxying” schemes: ● a relay component: building circuits, sending traffic over them, getting the crypto right ● a discovery component: learning what relays are available

31 31 The basic Tor design uses a simple centralized directory protocol. S2 S1 Alice Trusted directory S3 cache Servers publish self-signed descriptors. Authorities publish a consensus list of all descriptors Alice downloads consensus and descriptors from anywhere

32 32 Attackers can block users from connecting to the Tor network ● By blocking the directory authorities ● By blocking all the relay IP addresses in the directory ● By filtering based on Tor's network fingerprint ● By preventing users from finding the Tor software

33 33 R4 R2 R1 R3 Bob Alice Blocked User Blocked User Blocked User Blocked User Blocked User Alice

34 34 “Bridge” relays ● Hundreds of thousands of Tor users, already self-selected for caring about privacy. ● Rather than signing up as a normal relay, you can sign up as a special “bridge” relay that isn't listed in any directory. ● No need to be an “exit” (so no abuse worries), and you can rate limit if needed ● Integrated into Vidalia (our GUI) so it's easy to offer a bridge or to use a bridge

35 35

36 36

37 37

38 38

39 39 Javascript, cookies, history, etc ● Javascript refresh attack ● Cookies, History, browser window size, user-agent, language, http auth,... ● Mostly problems when you toggle from Tor to non-Tor or back ● Mike Perry's Torbutton Firefox extension tackles many of these

40 40 Flash is dangerous too ● Some apps are bad at obeying their proxy settings. ● Adobe PDF plugin. Flash. Other plugins. Extensions. Especially Windows stuff: did you know that Microsoft Word is a network app?

41 41 Choose how to install it ● Tor Browser Bundle: standalone Windows exe with Tor, Vidalia, Firefox, Torbutton, Polipo, e.g. for USB stick ● Vidalia bundle: Windows/OSX installer ● Tor VM: Transparent proxy for Windows ● “Net installer” via our secure updater ● Amnesia Linux LiveCD

42 42 Only a piece of the puzzle ● Assume the users aren't attacked by their hardware and software – No spyware installed, no cameras watching their screens, etc ● Users can fetch a genuine copy of Tor?

43 43 Publicity attracts attention ● Many circumvention tools launch with huge media splashes. (The media loves this.) ● But publicity attracts attention of the censors. ● We threaten their appearance of control, so they must respond. ● We can control the pace of the arms race.

44 44 How to scale the network? ● The clients need to learn info about the relays they can use. Eventually this means partial network knowledge, and non-clique topology. ● Everybody-a-relay, and the anonymity questions that come with that.

45 45 Advocacy and education ● Unending stream of people (e.g. in DC) who make critical policy decisions without much technical background ● Worse, there's a high churn rate ● Need to teach policy-makers, business leaders, law enforcement, journalists,... ● Data retention? Internet driver's license?

46 46 Our NSF EAGER ● 1) Invent and deploy new privacy-preserving algorithms to collect data about the Tor network, its performance, and its users ● 2) Publish this data, plus tools to analyze it ● 3) Figure out what else to measure and do it ● 4) Work with other research groups to make sure they get the data they need to solve the problems Tor actually has

47 47

48 48

49 49

50 50

51 51

52 52

53 53

54 54

55 55

56 56

57 57

58 58 Six performance problems ● Tor's congestion/flow control is not good ● Some users bulk-transfer over Tor ● Not enough capacity (run a relay!) ● Load balancing isn't right ● Not just high latency, but high variability ● High directory downloading overhead

Download ppt "1 Tor: a brief intro Roger Dingledine The Tor Project https://torproject.org/"

Similar presentations

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.
INTERNET SAFETY FOR EVERYONE A QUICK AND EASY CRASH COURSE.

INTERNET SAFETY FOR EVERYONE A QUICK AND EASY CRASH COURSE.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
INTERNET SAFETY FOR EVERYONE

INTERNET SAFETY FOR EVERYONE
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Www.sti-innsbruck.at © Copyright 2012 STI INNSBRUCK www.sti-innsbruck.at Tor project: Anonymity online.

© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Privacy & Security Online Ivy, Kris & Neil Privacy Threat - Ivy Is Big Brother Watching You? - Kris Identity Theft - Kris Medical Privacy - Neil Children’s.

Privacy & Security Online Ivy, Kris & Neil Privacy Threat - Ivy Is Big Brother Watching You? - Kris Identity Theft - Kris Medical Privacy - Neil Children’s.
E-Safety E-safety relates to the education of using new technology responsibly and safely focusing on raising awareness of the core messages of safe content,

E-Safety E-safety relates to the education of using new technology responsibly and safely focusing on raising awareness of the core messages of safe content,
Tiffanie Donovan CSC101-03 11/27/12. Societal Topics-Weeks 7 & 8 Internet Regulation Internet regulation has the operation of keeping people from viewing.

Tiffanie Donovan CSC /27/12. Societal Topics-Weeks 7 & 8 Internet Regulation Internet regulation has the operation of keeping people from viewing.
Digital Law -The Deep Web- Digital Law -The Deep Web- Liam Leppard Matthias Lee Russell Wong.

Digital Law -The Deep Web- Digital Law -The Deep Web- Liam Leppard Matthias Lee Russell Wong.
A Quick and Easy Crash Course Internet Safety for Everyone.

A Quick and Easy Crash Course Internet Safety for Everyone.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your e-mail address ► Preventing Spam ► Possible.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.
Smart, Safe, and Secure Online Spam commercial messages that you didn’t ask for (a company trying to sell things by sending out thousands of messages at.

Smart, Safe, and Secure Online Spam commercial messages that you didn’t ask for (a company trying to sell things by sending out thousands of messages at.
Avoiding Frauds and Scams Barbara Martin-Worley Director, Consumer Fraud Protection 18 th Judicial District Attorney’s Office Serving Arapahoe, Douglas,

Avoiding Frauds and Scams Barbara Martin-Worley Director, Consumer Fraud Protection 18 th Judicial District Attorney’s Office Serving Arapahoe, Douglas,
1 Design of a blocking-resistant anonymity system Roger Dingledine, Nick Mathewson The Tor Project.

1 Design of a blocking-resistant anonymity system Roger Dingledine, Nick Mathewson The Tor Project.
1 How to make Tor play well with the rest of the Internet. Roger Dingledine The Tor Project https://www.torproject.org/

1 How to make Tor play well with the rest of the Internet. Roger Dingledine The Tor Project

Similar presentations

Ads by Google