Understanding Tor Onion Services and Their Use Cases
HOPE2016-Tor_onion_services
HOPE2016-Tor_onion_services
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Underst<strong>and</strong>ing</strong> <strong>Tor</strong> <strong>Onion</strong> <strong>Services</strong><br />
<strong>and</strong> <strong>Their</strong> <strong>Use</strong> <strong>Cases</strong><br />
asn<br />
Nima Fatemi (mrphs)<br />
David Goulet (dgoulet)<br />
License: CC-BY-SA 4.0 International
How <strong>Tor</strong> Works
Encrypted Link<br />
Unencrypted Link<br />
Alice<br />
Alice picks a<br />
r<strong>and</strong>om 3-hop<br />
path through<br />
the relays <strong>and</strong><br />
finally exits the<br />
network to go<br />
to Bob.<br />
Guard<br />
Middle<br />
Jane<br />
Exit<br />
Bob
What are <strong>Onion</strong> <strong>Services</strong><br />
●<br />
The “.onion” addresses<br />
●<br />
16 characters long (base32)<br />
●<br />
E.g: nzh3fv6jc6jskki3.onion<br />
●<br />
Client <strong>and</strong> Server hide their location<br />
●<br />
Everything stays inside the <strong>Tor</strong> network<br />
●<br />
Can be used for all sorts of TCP traffic
History of <strong>Onion</strong> Service<br />
Changes in version 0.0.6pre1 - 2004-04-08<br />
o Features:<br />
- Hidden services <strong>and</strong> rendezvous points are implemented. Go to<br />
http://6sxoyfb3h2nvok2d.onion/ for an index of currently available<br />
hidden services. (This only works via a socks4a proxy such as<br />
Privoxy, <strong>and</strong> currently it's quite slow.)
How many onions?
How much onion traffic?
Estimated Traffic<br />
As of July 2016,<br />
~4% of client traffic is <strong>Onion</strong> <strong>Services</strong>
Properties <strong>and</strong> <strong>Use</strong> cases
Properties<br />
• Self authenticated<br />
• End-to-End encrypted<br />
• Isolation <strong>and</strong> NAT punching<br />
• Minimized surface attack<br />
●<br />
HSAuth / stealth mode<br />
●<br />
Unix Sockets<br />
• Censorship resistance<br />
- No DNS or BGP hijacking/poisoning/etc BS
Stealth Mode<br />
$ vi /etc/tor/torrc<br />
HiddenServiceDir /var/lib/tor/hidden_service/<br />
# Authorized users only<br />
HiddenServiceAuthorizeClient stealth user1,user2,user3<br />
$ cat /var/lib/tor/hidden_service/hostname<br />
ujd82kjkjusj3i88.onion oiujadsfuDIUankjnaei/R # client: user1<br />
kkioajdyuje99zja.onion 87ajdiuta6dHDYTJAkz7/x # client: user2<br />
98kjjaokkeoahzu1.onion uAuasdoi18DBfoRjsayu/x # client: user3
<strong>Use</strong> cases<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
Health sector should move to onion services yesterday<br />
Government services<br />
Tip-lines / abuse complains / whistleblowing<br />
Zines <strong>and</strong> culture (The <strong>Tor</strong>ist)<br />
Securing (vulnerable) infrastructure<br />
Libraries<br />
Internet of Things / Home Assistant<br />
Malicious exit nodes are now useless<br />
Messaging, file sharing<br />
Owncloud<br />
Software distribution (repos)<br />
All your favorite mobile apps
Keeping your (vulnerable) infra secure<br />
Unique onion address<br />
x Compromised<br />
Web Server<br />
Static HTML<br />
visitors<br />
x<br />
x<br />
<strong>Use</strong>r 2<br />
<strong>Use</strong>r 1<br />
DB (MySQL)<br />
App Server (PHP)<br />
<strong>Use</strong>r 3
How <strong>Onion</strong> <strong>Services</strong> Work
<strong>Onion</strong> Service: Step 1<br />
IP1-3<br />
<strong>Tor</strong> Circuit<br />
<strong>Tor</strong> Network<br />
Introduction Point<br />
IP1<br />
IP2<br />
Step 1:<br />
Service picks<br />
introduction points<br />
<strong>and</strong> build circuit to<br />
them.<br />
Alice<br />
IP3<br />
service
<strong>Onion</strong> Service: Step 2<br />
IP1-3<br />
<strong>Tor</strong> Circuit<br />
<strong>Tor</strong> Network<br />
Introduction Point<br />
Step 2:<br />
Service uploads its<br />
onion service<br />
descriptor to a<br />
directory.<br />
IP1<br />
IP2<br />
Directory<br />
Alice<br />
IP3<br />
service
<strong>Onion</strong> Service: Step 3<br />
Step 3:<br />
Alice learns about<br />
the .onion <strong>and</strong><br />
fetches the<br />
descriptor from the<br />
Directory<br />
IP1-3<br />
RP<br />
<strong>Tor</strong> Circuit<br />
<strong>Tor</strong> Network<br />
Introduction Point<br />
Rendezvous Point<br />
IP1<br />
IP2<br />
Directory<br />
Alice<br />
RP<br />
IP3<br />
service
Step 4:<br />
Alice tells the<br />
service to meet at<br />
the Rendevous<br />
Point<br />
<strong>Onion</strong> Service: Step 4<br />
IP1-3<br />
RP<br />
<strong>Tor</strong> Circuit<br />
<strong>Tor</strong> Network<br />
Introduction Point<br />
Rendezvous Point<br />
IP1<br />
IP2<br />
Directory<br />
Alice<br />
RP<br />
IP3<br />
Service
<strong>Onion</strong> Service: Step 5<br />
Step 5:<br />
Service connect to<br />
the Rendezvous<br />
point.<br />
IP1-3<br />
RP<br />
<strong>Tor</strong> Circuit<br />
<strong>Tor</strong> Network<br />
Introduction Point<br />
Rendezvous Point<br />
IP1<br />
IP2<br />
Directory<br />
Alice<br />
RP<br />
IP3<br />
Service
<strong>Onion</strong> Service: Step 6<br />
Step 6:<br />
Alice <strong>and</strong> the<br />
Service can now<br />
the circuit to<br />
exchange data.<br />
IP1-3<br />
RP<br />
<strong>Tor</strong> Circuit<br />
<strong>Tor</strong> Network<br />
Introduction Point<br />
Rendezvous Point<br />
IP1<br />
IP2<br />
Directory<br />
Alice<br />
RP<br />
IP3<br />
Service
Directory<br />
desc_id = H(onion-address |<br />
H(time-period | descriptor-cookie | replica))<br />
H(“zti6p9h6spbtx5xr” | H(17573 | “” | 0))<br />
desc_id = 3xqunszqnaolrrfmtzgaki7mxelgvkje
Directory (2)<br />
Relays:<br />
desc_id = 3xqunszqnaolrrfmtzgaki7mxelgvkje<br />
Base16(desc_id) =<br />
337871756E737A716E616F6C7272666D747A67616...<br />
HSDir 1: 33789F22470A22C8BEEF907CED29847781E15C5D<br />
HSDir 2: 337B7E307550F48DCDADA7481FA8436B2FCDADA9<br />
HSDir 3: 337DA8971BE4580EAC5D1D7AE4E508020CF04594
Directory (3)<br />
desc_id rep1<br />
HSDir n<br />
HSDir n+1<br />
HSDir n+2<br />
Hashring<br />
HSDir n +2<br />
HSDir n+1<br />
HSDir n<br />
desc_id rep0
And cracks started to form...
Weak Cryptography<br />
●<br />
RSA 1024<br />
●<br />
SHA1<br />
… plausible?
Harvesting <strong>Onion</strong>s<br />
base32<br />
rendezvous-service-descriptor 3xqunszqnaolrrfmtzgaki7mxelgvkje<br />
version 2<br />
permanent-key<br />
-----BEGIN RSA PUBLIC KEY-----<br />
MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE<br />
aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg<br />
I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=<br />
-----END RSA PUBLIC KEY-----<br />
secret-id-part anmjoxxwiupreyajjt5yasimfmwcnxlf<br />
publication-time 2015-03-11 19:00:00<br />
protocol-versions 2,3<br />
introduction-points<br />
-----BEGIN MESSAGE-----<br />
...<br />
→ 3g2upl4pq6kufc4m.onion
HSDir Camping Attack<br />
Relays:<br />
desc_id = 3xqunszqnaolrrfmtzgaki7mxelgvkje<br />
Base16(desc_id) =<br />
337871756E737A716E616F6C7272666D747A67616...<br />
HSDir 1: 33789F22470A22C8BEEF907CED29847781E15C5D<br />
HSDir 2: 337B7E307550F48DCDADA7481FA8436B2FCDADA9<br />
HSDir 3: 337DA8971BE4580EAC5D1D7AE4E508020CF04594
HSDir Camping Attack (2)<br />
desc_id rep1<br />
HSDir n<br />
HSDir n+1<br />
HSDir n+2<br />
Hashring<br />
HSDir n +2<br />
HSDir n+1<br />
HSDir n<br />
desc_id rep0
HSDir Deanonymization Attack<br />
13:37:02 UTC<br />
M<br />
Directory<br />
13:37:00 UTC<br />
M<br />
Alice<br />
G<br />
Is this connection related<br />
to <strong>Onion</strong> Service???<br />
IP<br />
RP
HSDir Deanonymization Attack<br />
Circuit killed at<br />
13:37:03 UTC<br />
Directory<br />
Alice<br />
G<br />
13:37:03 UTC<br />
M M M<br />
IP<br />
M<br />
M<br />
RP
HSDir Deanonymization Attack<br />
Circuit killed at<br />
13:37:03 UTC<br />
Directory<br />
Alice<br />
G<br />
Circuit killed at<br />
13:37:05 UTC<br />
IP<br />
M<br />
M<br />
RP
HSDir Deanonymization Attack<br />
G<br />
Circuit A opens - 13:37:00 UTC<br />
Circuit A dies - 13:37:03 UTC<br />
Circuit B opens - 13:37:03 UTC<br />
Circuit C opens - 13:37:03 UTC<br />
Circuit B dies - 13:37:05 UTC<br />
Circuit C traffic - 13:37:XX UTC<br />
Directory<br />
Request for xyz.onion - 13:37:02 UTC<br />
Circuit A dies - 13:37:03 UTC<br />
xyz.onion was visited by Alice
Guard Discovery Attack (1/2)<br />
Attacker wants to learn the guard of an onion service, <strong>and</strong> has<br />
signed up a few middle relays on the network:<br />
●<br />
The attacker can force the onion service to create <strong>Tor</strong> circuits.<br />
●<br />
The attacker can figure out if her middle node was picked on a<br />
circuit.<br />
Attacker learns guard node in use
Guard Discovery Attack (2/2)<br />
ok...<br />
Circuit #1<br />
M<br />
RP 1<br />
Hey. How about<br />
you create over<br />
9000 circuits? :)<br />
M 1 RP 3<br />
Circuit #2<br />
G M 2 M RP 2<br />
<strong>Onion</strong> Service<br />
Attacker<br />
Circuit #3<br />
M 3<br />
M
The Next Generation<br />
<strong>Onion</strong> Service
Better Cryptography<br />
● {ed|curve}25519<br />
●<br />
Keccak (sha3)
Directory Predictability<br />
desc_id = H(onion-address |<br />
H(time-period | descriptor-cookie | replica))<br />
Invariant<br />
time-period span<br />
11:00 UTC 11:00 UTC<br />
11:00 UTC<br />
+24<br />
+48<br />
desc_id k 1<br />
desc_id k 2<br />
...
Shared R<strong>and</strong>omness<br />
desc_id = H(onion-address |<br />
H(time-period | r<strong>and</strong>om-value | descriptor-cookie | replica))<br />
Invariant<br />
gabelmoo<br />
longclaw Faravahar moria1 dannenberg tor26 matsuka<br />
dizum<br />
r<strong>and</strong>om-value<br />
(every 24 hour)
New Address Size<br />
From 16 characters:<br />
nzh3fv6jc6jskki3.onion<br />
... to 52 characters:<br />
a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion<br />
(ed25519 public key base32 encoded)<br />
How do we fix the UX disaster?
Guard – Current Design<br />
G<br />
M<br />
M<br />
RP<br />
<strong>Onion</strong> Service
Vanguard proposal<br />
No intersection<br />
between Guard sets<br />
<strong>Onion</strong> Service<br />
G<br />
3 months<br />
G 3<br />
G 3 Guard set 6<br />
Guard set 1<br />
Guard set 3<br />
G 1 G 2<br />
G n<br />
G 1<br />
Guard set 2<br />
G 2<br />
G 1 G 2 G n<br />
G 1 G 2 G n<br />
Guard set 4<br />
G 1 G 2 G n<br />
G 1<br />
Guard set 5<br />
G 2<br />
G 1 G 2 G n<br />
~11 days<br />
G 1 G 2 G n<br />
12 hours<br />
M<br />
M<br />
G<br />
RP<br />
RP<br />
RP<br />
Guard<br />
Rendezvous Point<br />
Alice<br />
Bob
<strong>Onion</strong> Balance<br />
https://github.com/DonnchaC/onionbalance
Single <strong>Onion</strong> <strong>Services</strong><br />
Service side loses<br />
anonymity<br />
<strong>Onion</strong> Service<br />
Rendezvous<br />
Point
Development Progress Report
Development of Next Gen <strong>Onion</strong> <strong>Services</strong><br />
●<br />
We are actively developing Next Gen <strong>Onion</strong> <strong>Services</strong><br />
●<br />
We always need more help in design analysis.<br />
Dig in the [tor-dev] mailing list where all our design.<br />
●<br />
We have limited development firepower. We are always<br />
looking for people that can test or review code. Show up in<br />
#tor-dev IRC on OFTC.
Takeaways
How to keep your onions healthy<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
Don't run relays on onion servers<br />
<strong>Use</strong> Unix Sockets <strong>and</strong> avoid TCP all together<br />
Keep your <strong>Tor</strong> update<br />
Audit your configs (webserver, etc)<br />
<strong>Use</strong> stealth auth whenever you can<br />
OPSEC<br />
https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices
Community<br />
●<br />
●<br />
●<br />
●<br />
●<br />
We need more creative ideas <strong>and</strong> experimentation with<br />
onion services<br />
We need more people <strong>and</strong> orgs running <strong>Onion</strong> <strong>Services</strong><br />
Many applications can benefit from native <strong>Tor</strong> support.<br />
(see GPG, Bitcoin, FB for Android, etc.)<br />
We need quick <strong>and</strong> easy ways for people to setup onion<br />
services (TAILS Server)<br />
Ways for people to quickly find useful <strong>and</strong> relevant onion<br />
services (search engines?)
Thank you!