![Page 1: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/1.jpg)
1
Tor:Anonymous Communications for the
Dept of Defense...and you.
Roger DingledineFree Haven Project
http://tor.eff.org/
![Page 2: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/2.jpg)
2
Talk Outline
Motivation: Why anonymous communication?−Myth 1: This is only for privacy nuts.−Myth 2: This stuff enables criminals.
Tor design overview Hidden servers and rendezvous points Policy issues raised Open technical issues and hard problems
![Page 3: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/3.jpg)
3
Approach
Current code freely available (free software license). Comes with a specification and full documentation –
the JAP team in Dresden implemented a compatible Tor client in Java, and researchers at Aachen implemented another one.
Chosen as the anonymity layer for EU PRIME project. 50000+ active users. PC World magazine named Tor one of the Top 100
Products of 2005.
![Page 4: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/4.jpg)
4
Bad people on the Internet are doing great
Trojans, viruses, 'sploits Botnets, zombies Phishing > funding Collect user information > spam better Corporate espionage > extortion >
funding
![Page 5: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/5.jpg)
5
! In a Public Network (Internet):! Packet (message) headers identify recipients! Packet routes can be tracked
Encryption does not hide routing information.
Initiator
Public Network
Responder
![Page 6: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/6.jpg)
6
Who Needs Anonymity?
Journalists, Dissidents, Whistleblowers (Indymedia, bloggers, Iran, Tibet)
Censorship resistant publishers/readers (libraries)
Socially sensitive communicants:−Chat rooms and web forums for abuse
survivors, people with illnesses
![Page 7: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/7.jpg)
7
You:−Where are you sending email (who is
emailing you)−What web sites are you browsing−Where do you work, where are you from−What do you buy, what kind of physicians
do you visit, what books do you read, ...
Who Needs Anonymity?
![Page 8: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/8.jpg)
8
Who Needs Anonymity?
Corporations: (Google, WalMart, ...)−Who's talking to the company lawyers? Are your
employees looking at monster.com?−Hiding procurement suppliers or patterns−Competitive analysis
Law Enforcement: (Inqtel, Nye Kripos)−Anonymous tips or crime reporting−Surveillance and honeypots (sting operations)
![Page 9: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/9.jpg)
9
Government
Who Needs Anonymity?
![Page 10: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/10.jpg)
10
Open source intelligence gathering− Hiding individual analysts is not enough
− That a query was from a govt. source may be sensitive Defense in depth on open and classified networks
− Networks with only cleared users (but a million of them) Dynamic and semitrusted international coalitions
− Network can be shared without revealing existence or amount of communication between all parties
• Elections and voting
Government Needs Anonymity?Yes, for...
![Page 11: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/11.jpg)
11
Anonymity Loves Company
You can't be anonymous by yourself.
−Can have confidentiality by yourself. A network that protects only DoD network users won't
hide that connections from that network are from DoD. You must carry traffic for others to protect yourself. But those others don't want to trust their traffic to just
one entity either. Network needs distributed trust. Security depends on diversity and dispersal of network.
![Page 12: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/12.jpg)
12
Who Needs Anonymity?
And yes criminals
![Page 13: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/13.jpg)
13
Who Needs Anonymity?
And yes criminals
But they already have it.We need to protect everyone else.
![Page 14: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/14.jpg)
14
Privacy and Criminals
Criminals have privacy−Motivation to learn−Motivation to buy−Identity theft
Normal People, Companies, Governments, Police don’t
The worst of all possible worlds
![Page 15: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/15.jpg)
15
Privacy and Crackers
Crackers have privacy−Break into system−Destroy the logs−Repeat as needed−They don’t use or need our software
Normal People, Companies, Governments, Police don’t
The worst of all possible worlds
![Page 16: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/16.jpg)
16
Anonymous From Whom?Adversary Model
Recipient of your message Sender of your message
=> Need Channel and Data Anonymity
Observer of network from outside Network Infrastructure (Insider)
=> Need Channel Anonymity
Note: Anonymous authenticated communication makes perfect sense
Communicant identification should be inside the basic channel, not a property of the channel
![Page 17: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/17.jpg)
17
Focus of Tor is anonymity of the communication pipe,
not what goes through it
![Page 18: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/18.jpg)
18
How Do You Get Communication Anonymity?
Many technical approaches Overview of two extensively used approaches
−Mixes−Proxies
![Page 19: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/19.jpg)
19
message 1
message 2
message 3
message 4
Randomly permutes and decrypts inputs
Mix
What does a mix do?
![Page 20: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/20.jpg)
20
message 2
Key property: Adversary can't tell which ciphertext corresponds to a given message
?
What does a mix do?
![Page 21: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/21.jpg)
21
Basic Mix (Chaum ‘81)
Server 1 Server 2 Server 3
PK1 PK2PK3
![Page 22: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/22.jpg)
22
Encryption of Message
PK1 PK2PK3
message
Ciphertext = EPK1[EPK2[EPK3[message]]]
![Page 23: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/23.jpg)
23
Server 1 Server 2 Server 3
m1
m2
m3
m2
m3
m1
decrypt
and
permute
m2
m1
m3
decrypt
and
permute
decrypt
and
permute
m2
m3
m1
Basic Chaum-type Mix
![Page 24: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/24.jpg)
24
Server 1 Server 2 Server 3
m3?
One honest server preserves privacy
![Page 25: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/25.jpg)
25
What if you need quick interaction?
Web browsing, Remote login, Chat, etc.
Mixnets introduced for email and other high latency apps
Each layer of message requiresexpensive publickey crypto
![Page 26: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/26.jpg)
26
• Channels appear to come from proxy, not true originator• Appropriate for Web connections, etc.:
SSL, TLS, SSH (lower cost symmetric encryption)• Examples: The Anonymizer• Advantages: Simple, Focuses lots of traffic for more anonymity• Main Disadvantage: Single point of failure, compromise, attack
anonymizing proxyanonymizing proxy
Basic Anonymizing Proxy
![Page 27: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/27.jpg)
27
Onion Routing Traffic Analysis Resistant Infrastructure
Main Idea: Combine Advantages of mixes and proxies Use (expensive) publickey crypto to establish circuits Use (cheaper) symmetrickey crypto to move data
− Like SSL/TLS based proxies
Distributed trust like mixes Related Work (some implemented, some just designs):
− ISDN Mixes
− Crowds, JAP Webmixes, Freedom Network
− Tarzan, Morphmix
![Page 28: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/28.jpg)
28
Tor
![Page 29: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/29.jpg)
29
Tor
The Onion Router
![Page 30: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/30.jpg)
30
Tor
Tor's Onion Routing
![Page 31: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/31.jpg)
31
Numbers and Performance
Running since October 2003• 250 nodes on six continents• Volunteerbased infrastructure• Fifty thousand+ (?) users• Nodes process 1100 GB / day application
cells• Network has never been down
![Page 32: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/32.jpg)
32
ClientInitiator
Tor Circuit Setup• Client Proxy establishes session key + circuit w/ Onion Router 1Onion Router 1
![Page 33: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/33.jpg)
33
ClientInitiator
Tor Circuit Setup• Client Proxy establishes session key + circuit w/ Onion Router 1Onion Router 1• Proxy tunnels through that circuit to extend to Onion Router 2Onion Router 2
![Page 34: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/34.jpg)
34
ClientInitiator
Tor Circuit Setup• Client Proxy establishes session key + circuit w/ Onion Router 1Onion Router 1• Proxy tunnels through that circuit to extend to Onion Router 2Onion Router 2• Etc
![Page 35: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/35.jpg)
35
ClientInitiator
Tor Circuit Usage• Client Proxy establishes session key + circuit w/ Onion Router 1Onion Router 1• Proxy tunnels through that circuit to extend to Onion Router 2Onion Router 2• Etc• Client applications connect and communicate over Tor circuit
![Page 36: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/36.jpg)
36
ClientInitiator
Tor Circuit Usage• Client Proxy establishes session key + circuit w/ Onion Router 1Onion Router 1• Proxy tunnels through that circuit to extend to Onion Router 2Onion Router 2• Etc• Client applications connect and communicate over Tor circuit
![Page 37: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/37.jpg)
37
ClientInitiator
Tor Circuit Usage• Client Proxy establishes session key + circuit w/ Onion Router 1Onion Router 1• Proxy tunnels through that circuit to extend to Onion Router 2Onion Router 2• Etc• Client applications connect and communicate over Tor circuit
![Page 38: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/38.jpg)
38
Where do I go to connect to the network?
Directory Servers−Maintain list of which onion routers are up, their
locations, current keys, exit policies, etc.
−Directory server keys ship with the code
−Control which nodes can join network Important to guard against “Sybil attack” and related
problems
−These directories are cached and served by other servers, to reduce bottlenecks
−Need to decentralize, get humans out of the loop, without letting attackers sign up 100,000 nodes.
![Page 39: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/39.jpg)
39
Some Tor Properties
Simple modular design, restricted ambitions.−~40K lines of C code−Even servers run in user space, no need to be
root−Flexible exit policies, each node chooses what
applications/destinations can emerge from it−Server usability is key to adoption. Without a
network, we are nothing.
![Page 40: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/40.jpg)
40
Some Tor Properties
Simple modular design, restricted ambitions.−Just anonymize the pipe
Can use, e.g., privoxy as front end if desired to anonymize data
−SOCKS compliant TCP: includes Web, remote login, mail, chat, more No need to build proxies for every application
![Page 41: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/41.jpg)
41
Some Tor Properties
Lots of supported platforms: Linux, BSD, MacOS X, Solaris, Windows, ...(Tor servers on xbox, linksys wireless routers.) Deployment paradigm:
−Volunteer server operators−No payments, not proprietary−Moving to a P2P incentives model
![Page 42: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/42.jpg)
42
Number of running Tor servers
![Page 43: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/43.jpg)
43
Total traffic through Tor network
![Page 44: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/44.jpg)
44
Location Hidden Servers
Alice can connect to Bob's server without knowing where it is or possibly who he is
Can provide servers that− Are accessible from anywhere
− Resist censorship
− Require minimal redundancy for resilience in denial of service (DoS) attack
− Can survive to provide selected service even during full blown distributed DoS attack
− Resistant to physical attack (you can't find them)
![Page 45: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/45.jpg)
45
Policy issues
Attacks we've seen:−Ransom note via Hotmail−Spam via Google Groups−IRC jerks > DDoS on Tor server−Vin Diesel movies
Wikipedia, Slashdot SORBS / spam blacklists
![Page 46: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/46.jpg)
46
Get the Code, Run a Node!(or just surf the web anonymously)
Current code freely available (free software license). Comes with a specification, fully documentation, and
alternative implementations. Design paper, system spec, code, see the list of
current nodes, etc.
http://tor.eff.org/
![Page 47: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/47.jpg)
47
Design Tradeoffs
Lowlatency (Tor) vs. highlatency (Mixminion) Packetlevel vs streamlevel capture
−IP packets reveal OS characteristics−Need applicationlevel scrubbing; and DNS
requests to local servers still leak info.−Exit policies turn into IDS policies?!
Padding vs. no padding (mixing, traffic shaping) UI vs. no UI (Contest!) ASlevel paths and proximity issues
![Page 48: Anonymity and Tor, 04-04 - Simson Garfinkelsimson.net › ref › 2005 › csci_e-170 › slides › L05-roger.pdf · 3 Approach Current code freely available (free software license)](https://reader033.vdocuments.us/reader033/viewer/2022053000/5f0482d87e708231d40e54f4/html5/thumbnails/48.jpg)
48
Design Tradeoffs
Enclavelevel onion routers / proxies / helper nodes Path length? (3 hops, don't reuse nodes) China? P2P network vs. static network