Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.

Published byAugusta Farmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013."— Presentation transcript:

1 Aaron Johnson U.S. Naval Research Laboratory aaron.m.johnson@nrl.navy.mil CSci 6545 George Washington University 11/18/2013

2 Overview

3 What is Tor? Tor is a system for anonymous communication and censorship circumvention.

4 What is Tor? Tor is based on onion routing. UsersDestinationsOnion Routers

5 What is Tor? UsersDestinationsOnion Routers Tor is based on onion routing.

6 What is Tor? UsersDestinationsOnion Routers Tor is based on onion routing.

7 What is Tor? UsersDestinationsOnion Routers Tor is based on onion routing.

8 What is Tor? UsersDestinationsOnion Routers Tor is based on onion routing. Unencrypted

9 Motivation

10 Why Tor? Individuals avoiding censorship Individuals avoiding surveillance Journalists protecting themselves or sources Law enforcement during investigations Intelligence analysts for gathering data

11 Why Tor? Over 500000 daily users 2.4GiB/s aggregate traffic Over 4000 relays in over 80 countries

12 Tor History 1996: “Hiding Routing Information” by David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Information Hiding: First International Workshop. 1997: "Anonymous Connections and Onion Routing," Paul F. Syverson, David M. Goldschlag, and Michael G. Reed. IEEE Security & Privacy Symposium. 1998: Distributed network of 13 nodes at NRL, NRAD, and UMD. 2000: “Towards an Analysis of Onion Routing Security” by Paul Syverson, Gene Tsudik, Michael Reed, and Carl Landwehr. Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability. 2003: Tor network is deployed (12 US nodes, 1 German), and Tor code is released by Roger Dingledine and Nick Mathewson under the free and open MIT license. 2004: “Tor: The Second-Generation Onion Router” by Roger Dingledine, Nick Mathewson, and Paul Syverson. USENIX Security Symposium. 2006: The Tor Project, Inc. incorporated as a non-profit.

13 Tor Today Funding levels at $1-2 million (current and former funders include DARPA, NSF, US State Dept., SIDA, BBG, Knight Foundation, Omidyar Network, EFF) The Tor Project, Inc. employs a small team for software development, research, funding management, community outreach, and user support Much bandwidth, research, development, and outreach still contributed by third parties

14 Other anonymous communication designs and systems Single-hop anonymous proxies: anonymizer.com, anonymouse.org Dining Cryptographers network: Dissent, Herbivore Mix networks: MixMinion, MixMaster, BitLaundry Onion routing: Crowds, Java Anon Proxy, I2P, Aqua, PipeNet, Freedom Others: Anonymous buses, XOR trees,

15 Security Model

16 Threat Model Adversary is local and active.

17 Threat Model Adversary is local and active. Not global

18 Threat Model Adversary is local and active. Adversary may run relays

19 Threat Model Adversary is local and active. Adversary may run relays Destination may be malicious

20 Threat Model Adversary is local and active. Adversary may run relays Destination may be malicious Adversary may observe some ISPs

21 Security Definitions Identity is primarily IP address but can include other identifying information Sender anonymity: Connection initiator cannot be determined Receiver anonymity: Connection recipient cannot be determined Unobservability: It cannot be determined who is using the system.

22 Design

23 General Tor Functionality Provides connection-oriented bidirectional communication Only makes TCP connections Provides standard SOCKS interface to applications Provides application-specific software for some popular applications (e.g. HTTP)

24 Tor Protocols 1.Exit circuits (anonymity wrt all but sender) 2.Hidden services (anonymity wrt all) 3.Censorship circumvention (unobservability)

25 Tor Protocols 1.Exit circuits (anonymity wrt all but sender) 2.Hidden services (anonymity wrt all) 3.Censorship circumvention (unobservability)

26 Exit Circuits

27 1.Client learns about relays from a directory server.

28 Exit Circuits 1.Client learns about relays from a directory server. Centralized, point of failure

29 Exit Circuits 1.Client learns about relays from a directory server. 2.Clients begin all circuits with a selected guard.

30 Exit Circuits 1.Client learns about relays from a directory server. 2.Clients begin all circuits with a selected guard. Only guards directly observe client

31 Exit Circuits 1.Client learns about relays from a directory server. 2.Clients begin all circuits with a selected guard. 3.Relays define individual exit policies.

32 Exit Circuits 1.Client learns about relays from a directory server. 2.Clients begin all circuits with a selected guard. 3.Relays define individual exit policies. 4.Clients multiplex streams over a circuit.

33 Exit Circuits 1.Client learns about relays from a directory server. 2.Clients begin all circuits with a selected guard. 3.Relays define individual exit policies. 4.Clients multiplex streams over a circuit. Different streams on circuit can be linked.

34 Exit Circuits 1.Client learns about relays from a directory server. 2.Clients begin all circuits with a selected guard. 3.Relays define individual exit policies. 4.Clients multiplex streams over a circuit. 5.New circuits replace existing ones periodically.

35 Exit Circuits 1.Client learns about relays from a directory server. 2.Clients begin all circuits with a selected guard. 3.Relays define individual exit policies. 4.Clients multiplex streams over a circuit. 5.New circuits replace existing ones periodically. Circuits creation protects anonymity with respect to all but sender

36 Creating a Circuit u123 13 {m} s i : Encrypted using the DH session key g xiyi

37 Creating a Circuit [0,CREATE, g x1 ] 1.CREATE/CREATED u123 13 {m} s i : Encrypted using the DH session key g xiyi

38 Creating a Circuit [0,CREATED, g y1 ] 1.CREATE/CREATED u123 13 {m} s i : Encrypted using the DH session key g xiyi

39 Creating a Circuit 1.CREATE/CREATED u123 13 {m} s i : Encrypted using the DH session key g xiyi

40 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED [0,{[EXTEND,2, g x2 ]} s1 ] u123 14 {m} s i : Encrypted using the DH session key g xiyi

41 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED [l 1,CREATE, g x2 ] u123 14 {m} s i : Encrypted using the DH session key g xiyi

42 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED [l 1,CREATED, g y2 ] u123 14 {m} s i : Encrypted using the DH session key g xiyi

43 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED [0,{EXTENDED} s1 ] u123 14 {m} s i : Encrypted using the DH session key g xiyi

44 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED 3.[Repeat with layer of encryption] [0,{{[EXTEND,3,g x3 ]} s2 } s1 ] u123 15 {m} s i : Encrypted using the DH session key g xiyi

45 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED 3.[Repeat with layer of encryption] u123 [l 1,{[EXTEND,3,g x3 ]} s2 ] 15 {m} s i : Encrypted using the DH session key g xiyi

46 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED 3.[Repeat with layer of encryption] [l 2,CREATE,g x3 ] u123 15 {m} s i : Encrypted using the DH session key g xiyi

47 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED 3.[Repeat with layer of encryption] [l 2,CREATED,g y3 ] u123 15 {m} s i : Encrypted using the DH session key g xiyi

48 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED 3.[Repeat with layer of encryption] [l 1,{EXTENDED,g y3 } s2 ] u123 15 {m} s i : Encrypted using the DH session key g xiyi

49 Creating a Circuit 1.CREATE/CREATED 2.EXTEND/EXTENDED 3.[Repeat with layer of encryption] [0,{{EXTENDED,g y3 } s2 } s1 ] u123 15 {m} s i : Encrypted using the DH session key g xiyi

50 Tor Protocols 1.Exit circuits (anonymity wrt all but sender) 2.Hidden services (anonymity wrt all) 3.Censorship circumvention (unobservability)

51 Hidden Services HS User wants to hide service

52 Hidden Services IP HS chooses and publishes introduction point IP HS HS chooses and publishes introduction point (IP) guard

53 Hidden Services guard IP HS Learns about HS on web Learns about HS on web (.onion address)

54 Hidden Services guard IP HS Client looks up IP at a Hidden Service Directory using.onion address guard

55 Hidden Services guard IP HS RP Client builds circuit to chosen Rendezvous Point (RP)

56 guard Hidden Services guard IP HS Notifies HS of RP through IP RP guard RP Notifies HS of RP through IP

57 guard Hidden Services guard IP HS RP

58 guard Hidden Services guard IP HS RP guard Build new circuit to RP

59 guard Hidden Services guard IP HS RP guard Communicate

60 Tor Protocols 1.Exit circuits (anonymity wrt all but sender) 2.Hidden services (anonymity wrt all) 3.Censorship circumvention (unobservability)

61 Blocking Tor Tor directory and relay IPs are public Tor connections are made over TLS Tor cells have a fixed length

62 Tor directory and relay IPs are public Tor connections are made over TLS Tor cells have a fixed length Blocking Tor Tor bridges are kept private, released via – CAPTCHA – Email request – Personal communication

63 Tor directory and relay IPs are public Tor connections are made over TLS Tor cells have a fixed length Blocking Tor Pluggable transports obfsproxy3 makes protocol look like strings of random bits Flash proxies use transient web clients over WebSockets

64 Tor directory and relay IPs are public Tor connections are made over TLS Tor cells have a fixed length Blocking Tor Not observed to be a problem currently – ScrambleSuit: randomized lengths – StegoTorus: Steganographic HTTP – SkypeMorph/FreeWave; Steganographic VOIP

65 Blocking Tor Tor directory and relay IPs are public Tor connections are made over TLS Tor cells have a fixed length Countries have manpower to enumerate bridges Network surveillance used to detect possible Tor connections, followup scans confirm

66 Attacks

67 Attacks on Tor Correlation attack Guard compromise Bandwidth manipulation Congestion/throughput attack Latency attack Application-layer attacks DoS attacks

68 68 Correlation Attack

69 69 Correlation Attack

70 70 Correlation Attack

71 71 Correlation Attack

72 72 Correlation Attack

73 73 Node Adversary Controls a fixed allotment of relays based on bandwidth budget We assume adversary has 100 MiB/s – comparable to large family of relays Adversaries apply 5/6th of bandwidth to guard relays and the rest to exit relays. (We found this to be the most effective allocation we tested.)

74 Time to first compromised circuit October 2012 – March 2013 74 50% of clients use a compromised circuit in less than 70 days

75 Attacks on Tor Correlation/throughput attack Guard compromise Bandwidth manipulation Congestion attack Latency attack Application-layer attacks DoS attacks

Download ppt "Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013."

Similar presentations

Aaron Johnson with Joan Feigenbaum Paul Syverson

Aaron Johnson with Joan Feigenbaum Paul Syverson
A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)

A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)
Towards a Theory of Onion Routing Aaron Johnson Yale University 5/27/2008.

Towards a Theory of Onion Routing Aaron Johnson Yale University 5/27/2008.
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Tor – The Onion Router By: David Rollé. What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward.

Tor – The Onion Router By: David Rollé. What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
Privacy Protection In Grid Computing System Presented by Jiaying Shi.

Privacy Protection In Grid Computing System Presented by Jiaying Shi.
Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.

Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Xinwen Fu Anonymous Communication & Computer Forensics 91.580.203 Computer & Network Forensics.

Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.

I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.

Similar presentations

Ads by Google