onion routing and tor: fundamentals and anonymity

Onion Routing and Tor:

Fundamentals and anonymity

Anurag Singh

Anonymity: Overview

What is Anonymity ?

Anonymity is the state of being

unidentifiable within a set of subjects.

◦ Hide your activities among others’ similar

activities

◦ You cannot be anonymous by yourself!

Unlinkability of action and identity

Unobservability (hard to achieve) Observer cannot even tell whether a certain

action took place or not

You Are Not Anonymous

Your IP address can be linked directly to

you

◦ ISPs store communications records

◦ Usually for several years (Data Retention

Laws)

◦ Law enforcement can subpoena these

records

Your browser is being tracked

◦ Cookies, Flash cookies, E-Tags, HTML5

Storage

◦ Browser fingerprinting

Your activities can be used to identify

Who Uses Anonymity

Systems ? “If you’re not doing anything wrong,

you shouldn’t have anything to hide.”• Implies that anonymous communication is

for criminals

The truth: who uses Tor?• Journalists

• Law enforcement

• Human rights activists

• Normal people

Fact: Tor was/is developed by the Navy

• Business executives

• Military/intelligence

personnel

• Abuse victims

Why Do We Need Anonymity

? To protect privacy◦ Avoid tracking by advertising companies

◦ Viewing sensitive content Information on medical conditions

Advice on bankruptcy

Protection from prosecution◦ Not every country guarantees free speech

To prevent chilling-effects◦ It’s easier to voice unpopular or

controversial opinions if you areanonymous

Anonymity Layer

Function:

◦ Hide the source,

destination, and content of

Internet flows from

eavesdroppers

Key challenge:

◦ Defining and quantifying

anonymity

◦ Building systems that are

resilient to

deanonymization

◦ Maintaining performance

Application

Presentatio

nSession

Transport

Network

Data Link

Physical

Anonymity

Related Work

Chaum’s Mix-Net design◦ Correspondence hiding between sender &

receiver by wrapping messages in layersand relaying through “mix” routers.

Babel ‘s Mix master and Mixminion◦ Try to maximize anonymity at the cost of high

latency.

Anonymizer◦ Single-hop proxy

PipeNet◦ Low-latency design giving user anonymity by

shutting down the network by not sending.

Related Work

P2P Tarzan and MorphMix designs◦ Rely and generate traffic for other participating

users and hide who originated or relayed a request.

Hordes/Crowds◦ Hides the initiator of traffic thorough multicast

responses

Freedom◦ Supports session keys and address of the server

in a circuit.

Rennhard’s Anonymity Network◦ Builds circuits in stages which helps to obtain

perfect forward secrecy by extending them one hop at a time.

Threats to Anonymity

Traffic Analysis◦ Passive traffic analysis

Infer from network traffic who is talking to whom

To hide your traffic, must carry other people’s traffic!

◦ Active traffic analysis Inject packets or put a timing signature on packet flow.

Compromised network nodes (routers)◦ It is not obvious which nodes have been

compromised Attacker may be passively logging traffic

◦ Better not to trust any individual node Assume that some fraction of nodes is good, don’t know

which

How Traffic Analysis Work ?

Internet data packets have two parts:◦ a data payload

Generally Encrypted

traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. because

◦ a header used for routing it focuses on the header, which discloses source,

destination, size, timing, and so on.

simple traffic analysis◦ sitting somewhere between sender and recipient on

the network, looking at headers.

sophisticated traffic analysis

Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.

Onion Routing (Original)

A techniquefor anonymous communicationover a computer network.

Messages are repeatedly encrypted andthen sent through several network nodescalled onion routers.

Like someone peeling an onion,each onionrouter removes a layer of encryption touncover routing instructions, and sends themessage to the next router where this isrepeated.

This prevents these intermediary nodesfrom knowing the origin, destination, andcontents of the message.

Onion Router and Analogy

Tor

(The Second Generation Onion

Router) a distributed, anonymous network

reduce the risks of both simple andsophisticated traffic analysis bydistributing transactions over severalplaces on the Internet.

data packets on the Tor network takea random pathway through severalrelays.

no observer at any single point can tellwhere the data came from or whereit's going.

Tor

(The Second Generation Onion

Router) Basic design: a mix network with

improvements◦ Perfect forward secrecy

◦ Introduces guards to improve source anonymity

◦ Takes bandwidth into account when selecting relays Mixes in Tor are called relays

◦ Introduces hidden services Servers that are only accessible via the Tor

overlay

Deployment and Statistics

Largest, most well deployed anonymitypreserving service on the Internet◦ Publicly available since 2002

◦ Continues to be developed and improved

Currently, ~5000 Tor relays around theworld◦ All relays are run by volunteers

◦ It is suspected that some are controlled byintelligence agencies

500K – 900K daily users◦ Numbers are likely larger now, thanks to

Snowden

How Tor Works ?

Courtesy: https://www.torproject.org/about/overview.html.en

How Tor Works ?...Circuit

Setup

Courtesy: https://www.torproject.org/about/overview.html.en

How Tor Works ?....new

connection

Courtesy: https://www.torproject.org/about/overview.html.en

Tor Enhancements over

Previous

Onion Routing applications Tor uses telescoping path-built design ◦ Previous designs allowed hostiles to record traffic

and compromise successive nodes.

Tor uses SOCKS proxy interface◦ Previous designs required a separate application

proxy for each application protocol. Tor is able to share one circuit for many

TCP streams◦ Previous designs required a separate circuit for

each application level request. Which is a threat to

anonymity. Leaky pipe circuit topology

Tor Enhancements over

Previous

Onion Routing applications Directory servers◦ Previous designs resorted to flooding info on

the network.

Variable exit policies End-to-end integrity checks◦ Previous designs had no integrity checks.

Rendezvous points/hidden services◦ Previous designs included replay onions.

Congestion control: uses end-to-end acks◦ Previous designs didn’t address traffic

bottlenecks.

Hidden Services

Tor is very good at hiding the source of traffic

◦ But the destination is often an exposed website

What if we want to run an anonymous service?

◦ i.e. a website, where nobody knows the IP address?

Tor supports Hidden Services

◦ Allows you to run a server and have people connect

◦ … without disclosing the IP or DNS name

Many hidden services

◦ Tor Mail, Tor Char

◦ DuckDuckGo

◦ Wikileaks

• The Pirate Bay

• Silk Road (2.0)

Hidden Services Example:

Creating a hidden Server

Server creates circuitsto “introduction points”

Server gives intro points’descriptors and addresses to service lookup directory

Client obtains servicedescriptor and intro pointaddress from directory

Using a Location Hidden

Service

Client sends address of therendezvous point and anyauthorization, if needed, toserver through intro point

If server chooses to talk to client,connect to rendezvous point

If server chooses to talk to client,connect to rendezvous point

Client creates a circuitto a “rendezvous point”

Staying Anonymous

Tor can't solve all anonymity problems.

It focuses only on protecting the transport of data

to protect your anonymity, be smart.

Tor does not provide protection against end-to-end timing attacks: ◦ If your attacker can watch the traffic coming

out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit.

The Future of Tor

Providing a usable anonymizingnetwork on the Internet today is an ongoing challenge.

Recent activities like NSA snooping.

More number of users attracted towards Tor.

Each new user and relay provides additional diversity, enhancing Tor's ability to put control over your security and privacy back into your hands.

THANKYOU