onion routing and tor: fundamentals and anonymity
TRANSCRIPT
Onion Routing and Tor:
Fundamentals and anonymity
Anurag Singh
Anonymity: Overview
What is Anonymity ?
Anonymity is the state of being
unidentifiable within a set of subjects.
◦ Hide your activities among others’ similar
activities
◦ You cannot be anonymous by yourself!
Unlinkability of action and identity
Unobservability (hard to achieve) Observer cannot even tell whether a certain
action took place or not
You Are Not Anonymous
Your IP address can be linked directly to
you
◦ ISPs store communications records
◦ Usually for several years (Data Retention
Laws)
◦ Law enforcement can subpoena these
records
Your browser is being tracked
◦ Cookies, Flash cookies, E-Tags, HTML5
Storage
◦ Browser fingerprinting
Your activities can be used to identify
Who Uses Anonymity
Systems ? “If you’re not doing anything wrong,
you shouldn’t have anything to hide.”• Implies that anonymous communication is
for criminals
The truth: who uses Tor?• Journalists
• Law enforcement
• Human rights activists
• Normal people
Fact: Tor was/is developed by the Navy
• Business executives
• Military/intelligence
personnel
• Abuse victims
Why Do We Need Anonymity
? To protect privacy◦ Avoid tracking by advertising companies
◦ Viewing sensitive content Information on medical conditions
Advice on bankruptcy
Protection from prosecution◦ Not every country guarantees free speech
To prevent chilling-effects◦ It’s easier to voice unpopular or
controversial opinions if you areanonymous
Anonymity Layer
Function:
◦ Hide the source,
destination, and content of
Internet flows from
eavesdroppers
Key challenge:
◦ Defining and quantifying
anonymity
◦ Building systems that are
resilient to
deanonymization
◦ Maintaining performance
Application
Presentatio
nSession
Transport
Network
Data Link
Physical
Anonymity
Related Work
Chaum’s Mix-Net design◦ Correspondence hiding between sender &
receiver by wrapping messages in layersand relaying through “mix” routers.
Babel ‘s Mix master and Mixminion◦ Try to maximize anonymity at the cost of high
latency.
Anonymizer◦ Single-hop proxy
PipeNet◦ Low-latency design giving user anonymity by
shutting down the network by not sending.
Related Work
P2P Tarzan and MorphMix designs◦ Rely and generate traffic for other participating
users and hide who originated or relayed a request.
Hordes/Crowds◦ Hides the initiator of traffic thorough multicast
responses
Freedom◦ Supports session keys and address of the server
in a circuit.
Rennhard’s Anonymity Network◦ Builds circuits in stages which helps to obtain
perfect forward secrecy by extending them one hop at a time.
Threats to Anonymity
Traffic Analysis◦ Passive traffic analysis
Infer from network traffic who is talking to whom
To hide your traffic, must carry other people’s traffic!
◦ Active traffic analysis Inject packets or put a timing signature on packet flow.
Compromised network nodes (routers)◦ It is not obvious which nodes have been
compromised Attacker may be passively logging traffic
◦ Better not to trust any individual node Assume that some fraction of nodes is good, don’t know
which
How Traffic Analysis Work ?
Internet data packets have two parts:◦ a data payload
Generally Encrypted
traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. because
◦ a header used for routing it focuses on the header, which discloses source,
destination, size, timing, and so on.
simple traffic analysis◦ sitting somewhere between sender and recipient on
the network, looking at headers.
sophisticated traffic analysis
Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.
Onion Routing (Original)
A techniquefor anonymous communicationover a computer network.
Messages are repeatedly encrypted andthen sent through several network nodescalled onion routers.
Like someone peeling an onion,each onionrouter removes a layer of encryption touncover routing instructions, and sends themessage to the next router where this isrepeated.
This prevents these intermediary nodesfrom knowing the origin, destination, andcontents of the message.
Onion Router and Analogy
Tor
(The Second Generation Onion
Router) a distributed, anonymous network
reduce the risks of both simple andsophisticated traffic analysis bydistributing transactions over severalplaces on the Internet.
data packets on the Tor network takea random pathway through severalrelays.
no observer at any single point can tellwhere the data came from or whereit's going.
Tor
(The Second Generation Onion
Router) Basic design: a mix network with
improvements◦ Perfect forward secrecy
◦ Introduces guards to improve source anonymity
◦ Takes bandwidth into account when selecting relays Mixes in Tor are called relays
◦ Introduces hidden services Servers that are only accessible via the Tor
overlay
Deployment and Statistics
Largest, most well deployed anonymitypreserving service on the Internet◦ Publicly available since 2002
◦ Continues to be developed and improved
Currently, ~5000 Tor relays around theworld◦ All relays are run by volunteers
◦ It is suspected that some are controlled byintelligence agencies
500K – 900K daily users◦ Numbers are likely larger now, thanks to
Snowden
How Tor Works ?
Courtesy: https://www.torproject.org/about/overview.html.en
How Tor Works ?...Circuit
Setup
Courtesy: https://www.torproject.org/about/overview.html.en
How Tor Works ?....new
connection
Courtesy: https://www.torproject.org/about/overview.html.en
Tor Enhancements over
Previous
Onion Routing applications Tor uses telescoping path-built design ◦ Previous designs allowed hostiles to record traffic
and compromise successive nodes.
Tor uses SOCKS proxy interface◦ Previous designs required a separate application
proxy for each application protocol. Tor is able to share one circuit for many
TCP streams◦ Previous designs required a separate circuit for
each application level request. Which is a threat to
anonymity. Leaky pipe circuit topology
Tor Enhancements over
Previous
Onion Routing applications Directory servers◦ Previous designs resorted to flooding info on
the network.
Variable exit policies End-to-end integrity checks◦ Previous designs had no integrity checks.
Rendezvous points/hidden services◦ Previous designs included replay onions.
Congestion control: uses end-to-end acks◦ Previous designs didn’t address traffic
bottlenecks.
Hidden Services
Tor is very good at hiding the source of traffic
◦ But the destination is often an exposed website
What if we want to run an anonymous service?
◦ i.e. a website, where nobody knows the IP address?
Tor supports Hidden Services
◦ Allows you to run a server and have people connect
◦ … without disclosing the IP or DNS name
Many hidden services
◦ Tor Mail, Tor Char
◦ DuckDuckGo
◦ Wikileaks
• The Pirate Bay
• Silk Road (2.0)
Hidden Services Example:
Creating a hidden Server
Server creates circuitsto “introduction points”
Server gives intro points’descriptors and addresses to service lookup directory
Client obtains servicedescriptor and intro pointaddress from directory
Using a Location Hidden
Service
Client sends address of therendezvous point and anyauthorization, if needed, toserver through intro point
If server chooses to talk to client,connect to rendezvous point
If server chooses to talk to client,connect to rendezvous point
Client creates a circuitto a “rendezvous point”
Staying Anonymous
Tor can't solve all anonymity problems.
It focuses only on protecting the transport of data
to protect your anonymity, be smart.
Tor does not provide protection against end-to-end timing attacks: ◦ If your attacker can watch the traffic coming
out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit.
The Future of Tor
Providing a usable anonymizingnetwork on the Internet today is an ongoing challenge.
Recent activities like NSA snooping.
More number of users attracted towards Tor.
Each new user and relay provides additional diversity, enhancing Tor's ability to put control over your security and privacy back into your hands.
THANKYOU