Tor - The Free Haven Project
12.07.2015 Views
Share Embed Flag

Tor - The Free Haven Project

Tor - The Free Haven Project

Tor - The Free Haven Project

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
  • No tags were found...
freehaven.net

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>Tor</strong>: AnonymousCommunications for the Deptof Defense ... and you.Roger Dingledine<strong>The</strong> <strong>Free</strong> <strong>Haven</strong> <strong>Project</strong>http://tor.eff.org/1

<strong>Tor</strong>: Big Picture●●●●<strong>Free</strong>ly available (Open Source), unencumbered.Comes with a spec and full documentation:German universities implemented compatible Java<strong>Tor</strong> clients; researchers use it to study anonymity.Chosen as anonymity layer for EU PRIME project.200000+ active users.● PC World magazine named <strong>Tor</strong> one of the Top 100Products of 2005.2

Informally: anonymity means youcan't tell who did what“Who wrote this blog post?”“Who's been viewing my webpages?”“Who's been emailing patent attorneys?”3

Formally: anonymity meansindistinguishability within an“anonymity set”Alice1Alice2Alice3Alice4Alice5....BobAlice7Alice6Alice8Attacker can't tell which Aliceis talking to Bob!4

We have to make some assumptionsabout what the attacker can do.Alicewatch Alice!Anonymity networkControl part of the network!Bobwatch (or be!) Bob!Etc, etc.5

Anonymity isn't cryptography:Cryptography just protects contents.Alice“Hi, Bob!”“Hi, Bob!”attackerBob6

Anonymity isn't steganography:Attacker can tell that Alice is talking;just not to whom.Alice1Alice2...AnonymitynetworkBob1Bob2AliceN(Strong high-bandwidthsteganography may not exist.)7

Anonymity isn't just wishful thinking...“You can't prove it was me!”“Promise you won't look!”“Promise you won't remember!”“Promise you won't tell!”“I didn't write my name on it!”“Isn't the Internet already anonymous?”8

...since “weak” anonymity... isn't.“You can't prove it was me!”Will others parties have theability and incentives to keeptheir promises?Proof is a very strong word.With statistics,suspicion becomes certainty.“Promise you won't look!”“Promise you won't remember!”“Promise you won't tell!”“I didn't write my name on it!”Not what we're talkingabout.Nope!(More info later.)“Isn't the Internet already anonymous?”9

Anonymity serves differentinterests for different user groups.GovernmentsBusinessesAnonymity“It's privacy!”Private citizens10

Anonymity serves differentinterests for different user groups.GovernmentsBusinessesAnonymity“It's network security!”“It's privacy!”Private citizens11

Anonymity serves differentinterests for different user groups.GovernmentsBusinesses“It's traffic-analysisresistance!”Anonymity“It's network security!”“It's privacy!”Private citizens12

Regular citizens don't want to bewatched and tracked.BloggerAliceHostile Bob“I sell the logs.”8-year-oldAliceSickAliceConsumerAlice....OppressedAliceName, address,age, friends,interests(medical, financial, etc),unpopular opinions,illegal opinions....Incompetent BobIndifferent Bob“Oops, I lost the logs.”“Hey, they aren'tmy secrets.”(the network can track too)13

Businesses need to keep tradesecrets.Competitor“Oh, your employees are readingour patents/jobs page/product sheets?”AliceCorpCompetitorCompromisednetwork“Hey, it's Alice! Give her the 'Alice' version!”“Wanna buy a list of Alice's suppliers?What about her customers?What about her engineering department'sfavorite search terms?”14

Law enforcement needs anonymityto get the job done.OfficerAliceInvestigatedsuspectStingtargetOrganizedCrime“Why is alice.localpolice.gov readingmy website?”“Why no, alice.localpolice.gov!I would never sell counterfeits on ebay!”“Is my family safe if Igo after these guys?”Witness/informerAliceAnonymoustips“Are they really going to ensuremy anonymity?”15

Governments need anonymityfor their securityAgentAliceUntrustedISPCompromisedservice“What will you bid for a list of BaghdadIP addresses that get email from .gov?”“What does the CIA Google for?”CoalitionmemberAliceSharednetworkDefense inDepth“Do I really want to reveal myinternal network topology?”“What about insiders?”16

You can't get anonymity on your own:private solutions are ineffective...CitizenAliceAlice's smallanonymity net...“One of the 25 userson AliceNet.”OfficerAliceMunicipalanonymity netInvestigatedsuspect“Looks like a cop.”AliceCorpAliceCorpanonymity netCompetitor“It's somebody atAliceCorp!”17

... so, anonymity loves company!CitizenAlice...“???”OfficerAliceSharedanonymity netInvestigatedsuspect“???”AliceCorpCompetitor“???”18

Yes, bad people need anonymity too.But they are already doing well.CompromisedbotnetEvil CriminalAliceStolen mobilephonesOpen wireless nets.....19

Current situation: Bad people onthe Internet are doing fineTrojansVirusesExploitsBotnetsZombiesEspionageDDoSExtortionSpamPhishing20

IP addresses can be enough tobootstrap knowledge of identity.Alice18.244.x.xHotlinked adAmazon accountWikipedia post21

<strong>Tor</strong> is not the first or onlydesign for anonymity.Low-latencyHigh-latencySingle-hopproxiesV1 OnionRouting (~96)Java Anon Proxy(~00-)Crowds(~96)ZKS“<strong>Free</strong>dom”(~99-01)<strong>Tor</strong>(01-)Chaum's Mixes(1981)anon.penet.fi (~91)Remailer networks:cypherpunk (~93),mixmaster (~95),mixminion (~02)...and more!22

Low-latency systems are vulnerable toend-to-end correlation attacks.Low-latency: Alice1 sends: xx x xxxx xBob2 gets: xx x xxxx xAlice2 sends: x x xx x xBob1 gets: x x x x x xTimeHigh-latency: Alice1 sends: xx x xxxxAlice2 sends: x x xx x xBob1 gets: xx xxxx .....Bob2 gets: x xxxxx .....match!match!<strong>The</strong>se attacks work in practice. <strong>The</strong> obvious defensesare expensive (like high-latency), useless, or both.23

Still, we focus on low-latency,because it's more useful.Interactive apps: web, IM, VOIP, ssh, X11, ...# users: millions?Apps that accept multi-hour delays and high bandwidthoverhead: email, sometimes.# users: tens of thousands at most?And if anonymity loves company....?24

<strong>The</strong> simplest designs use a singlerelay to hide connections.Alice1Bob3,“X”“Y”Bob1Alice2Bob1, “Y”Relay“Z”Bob2Alice3Bob2, “Z”“X”Bob3(ex: some commercial proxy providers)25

But an attacker who sees Alice cansee what she's doing.Alice1Bob3,“X”“Y”Bob1Alice2Bob1, “Y”Relay“Z”Bob2Alice3Bob2, “Z”“X”Bob326

Add encryption to stop attackers whoeavesdrop on Alice.Alice1E(Bob3,“X”)“Y”Bob1Alice2Alice3E(Bob1, “Y”)E(Bob2, “Z”)Relay“Z”“X”Bob2Bob3(ex: some commercial proxy providers)27

But a single relay is a single point offailure.Alice1Alice2Alice3E(Bob3,“X”)E(Bob1, “Y”)E(Bob2, “Z”)EvilRelay“Y”“Z”“X”Bob1Bob2Bob3Eavesdropping the relayworks too.28

So, add multiple relays so thatno single one can betray Alice.AliceBobR1R3R4R2R529

A corrupt first hop can tell that Aliceis talking, but not to whom.AliceBobR1R3R4R2R530

AliceA corrupt final hop can tell thatsomebody is talking to Bob,but not who.BobR1R3R4R2R531

Alice makes a session key with R1AliceBobR1R3R4R2R532

Alice makes a session key with R1...And then tunnels to R2AliceBobR1R3R4R2R533

Alice makes a session key with R1...And then tunnels to R2...and to R3AliceBobR1R3R4R2R534

Alice makes a session key with R1...And then tunnels to R2...and to R3AliceBobR1R3R4R2R535

Can multiplex many connectionsthrough the encrypted circuitAliceBobR1R3Bob2R4R2R536

<strong>Tor</strong> anonymizes TCP streams only:it needs other applications to cleanhigh-level protocols.SSHSOCKSWebbrowserIRCclientHTTPWebscrubberSOCKSSOCKS<strong>Tor</strong> client<strong>Tor</strong> network37

We added a control protocol forexternal GUI applications.(GUI contest!)SSHSOCKSWebbrowserHTTPWebscrubberSOCKS<strong>Tor</strong> clientControllerGUIControlprotocol(Change configuration,report errors,manage circuits, etc.)38

Usability for server operators is key.●Rate limiting: eating too much bandwidth is rude!●Exit policies: not everyone is willing to emitarbitrary traffic.allow 18.0.0.0/8:*allow *:22allow *:80reject *:*39

Server discovery must not permit liarsto impersonate the whole network.Alice1EvilServer1. Alice says, “Describe the network!”Alice1EvilServerE.S.E.S.E.S.E.S.E.S.E.S.2. Alice is now in trouble.40

Server discovery is hard becausemisinformed clients lose anonymity.Alice1Known to Alice1SSSBob1SSSAlice2SSSBob2Known to Alice241

Early <strong>Tor</strong> versions used a trivialcentralized directory protocol.S1Trusted directorycacheAliceS2Trusted directorycacheAlice downloadsany signed listS3Servers publishself-signeddescriptors.Authoritiespublish signedlists of all descriptors42

We redesigned our directory protocolto reduce trust bottlenecks.S1EvilTrusted directorycacheAliceS2S3Servers publishself-signeddescriptors.Trusted directoryAuthoritiespublish signedstatements aboutdescriptors.cacheAlice downloadsall statements;believes themajority;downloadsdescriptors asneeded.(Also uses less bandwidth!)43

<strong>Tor</strong> implements responder anonymitywith hidden services.Alice3. “H(PK).onion” ?“PK, Sign(S1)” !DirectoryS12. “PK, Sign(S1)”1. “Sign(PK)”BobAll these connections are anonymized.44

<strong>Tor</strong> implements responder anonymitywith hidden services.DirectoryAlice5. PK, E(“Meet me at S2”,T)4. “Wait for T,handshake”S2S15' E(“Meet me at S2”,T)6. “T!”handshakeBobAll these connections are anonymized.45

<strong>Tor</strong> implements responder anonymitywith hidden services.Bidirectional anonymity!(provides uptime, linked to service)AliceS1BobS2(provides bandwidth, chosen by Alice)46

We're currently the largest stronganonymity network ever deployed.S S > SS > 700 runningA > 200,000 in a week> 70 MB/sec47

Growth in servers is increasing.48

Bandwidth capacity is increasing.49

Problem: Abusive users getthe whole network blocked.NiceAliceX/.JerkAlice<strong>Tor</strong> networkXwikipediaXSome IRCnetworksMinimize scope of blocking?50

Other common abuses●●●●●Somebody connects to Hotmail, and sends anobnoxious mail.Somebody connects to IRC and yells -> DDoS on<strong>Tor</strong> exit server.Somebody tries to get you shut down byconnecting to Google Groups and posting spam.Somebody uses <strong>Tor</strong> to download a movie, andyour ISP gets a DMCA takedown.SORBS / Blacklists51

Problem: China is hard to beat.<strong>The</strong>y can just block the whole network.SAliceSAliceXXSS<strong>The</strong>y don't, yet. But when they do...?52

Can we get a large number of semisecretrelays for China?SSAliceAliceSXSSSXSSAnd how to distribute them?53

Next steps● Need to work on Windows stability and usability –including GUI and installers.●●●●●Need to make it easier to be a server; incentives.Design for scalability and decentralization – tensof thousands of servers, millions of users.Hidden services need to be faster / more stable.Enclave-level onion routers (for enterprise/govt).Documentation and user support.54

University <strong>Tor</strong> servers● MIT, RPI, UCLA, Brown, ...●●Harvard, Georgia Tech, CMUUMass Amherst● Dartmouth, Rice, UNC, ...●●●BerkeleyRose-HulmanMichigan Tech55

Questions?●<strong>Tor</strong>: http://tor.eff.org/– Try it out; want to run a server?●Anonymity bibliography:http://freehaven.net/anonbib/56

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!