Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview  Anonymity systems  Review of how Tor works  Tor Project Inc.  Helper tools and accessories  Advanced Tor control  Attack Vectors.

Published byLillian Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview  Anonymity systems  Review of how Tor works  Tor Project Inc.  Helper tools and accessories  Advanced Tor control  Attack Vectors."— Presentation transcript:

1

2 Overview  Anonymity systems  Review of how Tor works  Tor Project Inc.  Helper tools and accessories  Advanced Tor control  Attack Vectors

3 Anonymity Systems  JAP  I2P  Freenet  Xerobank  Botnets

4 Freenet  Storage network p2p based  Shares files on your system to other nodes  Plausabile Deniability

5 I2P  Opposing design of Tor  UDP based  Darknet design  Java, Python, and C API’s  Mixed routing based on packets  Splits tunneling between upstream and downstream  “Garlic Routing” – mix streams together to prevent traffic analysis  Variable latency design

6 Tor  Tor (not TOR) – previously stood for The Onion Router  Provides a method of anonymity by passing data between proxies

7 Tor Network

8 Terminology  Cell – your message  Circuit – tunnel made up of relays  Entry Node: first hop into the Tor network  Exit Node: last hop before destination  Relay Node: middle hop  Bridge Node: nodes not listed in the Tor directory to evade filtering

9 Who’s Using Tor?  Whistleblowers  Wikileaks – runs hidden service  Militaries  field ops  command and control using hidden services  Chinese journalists and dissidents

10 Tor Project  501(c)(3) NFP  Freely available  Full spec and full documentation

11 Project Finances https://www.torproject.org/about/financials.html

12 Current Project Sponsors  Federal Grant:  International Program to Support Democracy Human Rights and Labor  $632,189  International Broadcasting Bureau  Voice of America, Radio Free Europe/Radio Liberty, Radio and TV Martí, Radio Free Asia, Radio Sawa/Alhurra TV  $270,000  Stichting.Net  Association of NFP’s in the Netherlands  $38,279  Google: $29,083  ITT: $27,000  Other: $9,997 https://www.torproject.org/about/sponsors.html.en

13 Past Funders  DARPA and Naval Research Labratory 2001-2006  EFF – 2004-2005

14 Tor Performance

15 Number of Relays

16 Number of Users

17 Tor Tools  Torbutton  Tor Browser Bundle  Vidalia  TorCheck  Arm  Tor-ramdisk  Anthony G. Basile from Buffalo

18

19 Tor Control Port  Telnet to the control port  Create custom circuits (long or short)  Show live circuit information  Change configuration on the fly  Map a site to an exit node  Reload a configuration authenticate "“ extendcircuit 0 a,b,c,… extendcircuit 0 a,b setevents circ setconf confitem Mapaddress google.com=a.b Getconf confitem

20 Attacks

21 Tor Passive Attack Vectors  Traffic profiling – entry and exit analysis  Cleartext exit node transmission  Fingerprinting - OS, browser, configuration, activity  Timing correlation  Network partitioning  End to end Size correlation

22 Tor Active Attack Vectors  Compromised keys  Malicious web servers  Malicious Exit/Relay nodes  DoS non-controlled nodes  Timestamping and tagging  Injecting or replacing unencrypted info  Malicious Tor client

23 Tor Client Side Attacks  DNS rebinding  Disbanding attack – javascript, java, flash  History disclosure  Timezone information (partitioning)

24 Social Engineering Attacks  Getting more traffic  “Use my relay. I have huge tubes!”  “Nick’s relay sucks”  “I’ve added a feature to my node.”  Replacement  687474703a2f2f7777772e726f63686573746572323 630302e636f6d2f6861782f  Partitioning  “Don’t use servers from this country”  “These servers are amazing!”

25 More Info  www.torproject.org www.torproject.org  Metrics.torproject.org  Blog.torproject.org  Check.torproject.org  @torproject

Download ppt "Overview  Anonymity systems  Review of how Tor works  Tor Project Inc.  Helper tools and accessories  Advanced Tor control  Attack Vectors."

Similar presentations

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.
SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
A look into Bullet Proof Hosting November 2014 - DefCamp 5 Silviu Sofronie – Head of Forensics

A look into Bullet Proof Hosting November DefCamp 5 Silviu Sofronie – Head of Forensics
Tor – The Onion Router By: David Rollé. What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward.

Tor – The Onion Router By: David Rollé. What is Tor?  Second generation Onion Routing  Aims to improve on first generation issues  Perfect Forward.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
A Usability Evaluation of the Tor Anonymity Network By Gregory Norcie.

A Usability Evaluation of the Tor Anonymity Network By Gregory Norcie.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Lesson 19 Internet Basics.

Lesson 19 Internet Basics.
A distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications From U. of Dortmund, Germany.

A distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications From U. of Dortmund, Germany.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.

Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.

Similar presentations

Ads by Google