Download - Tor2web ESC2011
tor2web
Past, Present and Future of Tor Hidden Services
Sunday, September 4, 2011
What is tor2web?
• Gate to hidden services
• Allows people to access HTTP(s) Hidden Services without Tor
Sunday, September 4, 2011
Tradeoff
• --Client Anonymity
• ++Usability
Sunday, September 4, 2011
Tor Hidden Services
• am4wuhz3zifexz5u.onion
• Anonymity for the Server
• DoS protection
• End-To-End encryption
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Why use HS
• Avoid retaliation for what you publish
• Securely host and serve content
• Stealth Hidden Service
Sunday, September 4, 2011
Tor2web
• Works for HTTP(s) HS
• Promote Tor HS
• HS can impact the whole web!
Sunday, September 4, 2011
Tor2web 1.0
• Started by Aaaron Swartz in 2008
• Now part of GlobaLeaks
Sunday, September 4, 2011
Tor2web 1.0 Issues
• Exposed to abuse complaints
• Misuse of HS to spread illegal material
• No disclaimer
• This leads to Server Takedown
Sunday, September 4, 2011
First iteration
Sunday, September 4, 2011
Solved problems
• Tell the audience no content is hosted on the server
• Abuse and problem complaint form
• Dynamic URL rewriting
Sunday, September 4, 2011
Kharon
• Complementary to tor2web
• Firefox and Chrome plugin
• https://github.com/hellais/kharon
• rewrites hidden services to tor2web and i2p
• Done by evilaliv3, hellais and vecna
Sunday, September 4, 2011
Unsolved problems
• Responsibility not distributed
• Links directly serve the content
• High risk of takedown
Sunday, September 4, 2011
Future tor2web 3.0
• Discussed with Paul Syverson
• Further reduce the risk of takedown
• Distribute responsibility across multiple actors
Sunday, September 4, 2011
Scenarios
• Spammer links to *.tor2web.org site hosted on HS
• Illegal content hosting
Sunday, September 4, 2011
Definitions
NodeA
NodeB
Hidden Service
User
Sunday, September 4, 2011
Node A
• Landing page
• Accept disclaimer
• Does not serve content
• Generates a unique, temporary access URL for the User
Sunday, September 4, 2011
Properties of the URL
• Usable once
• Only Node A’s can make them
• Usable only by who generated it
Sunday, September 4, 2011
The unique URL
nonce
timestamp
the_user
onion_address
(maybe the IP)
H(
)
Sunday, September 4, 2011
The unique URL
NodeA
NodeB
Signed nonce
verifies the signature
User
Hash
computes the H(...)Sunday, September 4, 2011
Node B
NodeBUser
content
Node B is in different ISP and/or country
Sunday, September 4, 2011
What have we achieved?
• Distribute responsibility across two actors in two different jurisdictions
• Avoid direct serving of content
• URL’s are unique per user
Sunday, September 4, 2011
New problems
• How to handle caching?
• The issue is the delay in connecting to HS
• Cache is used only after connection has been established
• What are the flaws in this solution?
Sunday, September 4, 2011
Questions?
• Wiki: http://wiki.tor2web.org
• Mailing list: [email protected]
• IRC: #tor2web on irc.oftc.net
Sunday, September 4, 2011
Thanks for listening!
Sunday, September 4, 2011