SlideShare a Scribd company logo

TOR NETWORK

Download as PPTX, PDF
Rishikese MR
Rishikese MR

This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.

Software
1 of 24
TOR NETWORK A Presentation by Nishanth Samuel Fenn Roll No. 57 S7, CS-B. Under the Guidance of Mr. Pramod Pavithran
2
Contents • Why do we need anonymity? • Introducing the Tor Network • How does the Tor Network work? • Hidden Services • Weaknesses
Why do we need anonymity? • To hide user identity from target web site • To hide browsing pattern from employer or ISP • To conceal our internet usage from hackers • To circumvent censorship
Introducing the Tor Network • Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing. • This is done by passing the data through a circuit of at least three different routers. • The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
R1 R2 R3 R4 srvr1 srvr2 R5 R6 one minute later
How Tor Works? --- Onion Routing Alice Bob OR2 OR1 • A circuit is built incrementally one hop by one hop • Onion-like encryption • ‘Alice’ negotiates an AES key with each router • Messages are divided into equal sized cells • Each router knows only its predecessor and successor • Only the Exit router (OR3) can see the message, however it does not know where the message is from M M√ M OR3 M C1 C2 C2 C3 C3 Port
Cells • All data is sent in fixed size (bytes) cells • Control cell commands: • Padding, create, destroy • Relay cell commands: • Begin, data, connected, teardown, ...
How Tor Works? --- Node to Node Connection • Tor implements Perfect Forward Secrecy (PFC) by using AES encryption • In AES (Advanced Encryption Standard), a private key is generated and shared between the two users, and from this key, session keys are generated • Original keypairs are only used for signatures (i.e. to verify the authenticity of messages)
How Tor Works? --- Integrity Checking • Only done at the edges of a stream • SHA-1 digest of data sent and received • First 4 bytes of digest are sent with each message for verification
Commands in Use
Hidden Services • Location-hidden services allow a server to offer a TCP service without revealing its IP address. • Tor accommodates receiver anonymity by allowing location hidden services • Design goals for location hidden services • Access Control: filtering incoming requests • Robustness: maintain a long-term pseudonymous identity • Smear-resistance: against socially disapproved acts • Application transparency • Location hidden service leverage rendezvous points
Weaknesses • Autonomous System (AS) eavesdropping • Exit node eavesdropping • Traffic-analysis attack • Tor exit node block • Bad Apple attack • Sniper attack • Heartbleed bug
Autonomous System (AS) eavesdropping If an Autonomous System (AS) exists on both path segments from a client to entry relay and from exit relay to destination, such an AS can statistically correlate traffic on the entry and exit segments of the path and potentially infer the destination with which the client communicated. In 2012, LASTor proposed a method to predict a set of potential ASes on these two segments and then avoid choosing this path during path selection algorithm on client side. In this paper, they also improve latency by choosing shorter geographical paths between client and destination.
Exit node eavesdropping As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it that does not use end-to-end encryption such as SSL orTLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data
Exit node eavesdropping (Contd.) • In October 2011, a research team from ESIEA claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them, and then acquiring their encryption keys and algorithm seeds. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used a denial-of-service attack.
Bad Apple attack • This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor's design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. The second part of this attack is called the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' This wording is used to illustrate that one insecure application on Tor may allow to trace other applications.)
Heartbleed bug • Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of theTransport Layer Security(TLS) protocol. The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. • The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.
Licit and illicit uses • Tor is increasingly in common use by victims of domestic violence and the social workers and agencies which assist them • A growing list of news organizations are using the SecureDrop software platform to accept material for publication in a manner intended to protect the anonymity of sources. • It is endorsed by civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists
Licit and illicit uses (Contd.) • Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain access to censored information, to organize political activities, or to circumvent laws against criticism of heads of state. • Tor can be used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, credit card fraud, and identity theft. • Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously
Dangers of using Tor Network • "The more you hide the more somebody wants to know why.“ • While the inter-relay communications might be secure, the entry and exit nodes are vulnerable to packet sniffing and • The exit node decrypts the packet it received from its sibling on the chain of nodes and receives your full plaintext request. This can be easily seen by the operator of the exit node. • Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced to your IP • Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
References • https://www.torproject.org/ • https://en.wikipedia.org/wiki/Tor_(anonymity_network) • McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany: Springer-Verlag. pp. 63–76. • "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014. • "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014. • "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014. • Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info-stealing attack". InfoWorld. • Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project. • Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout, Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11). National Institute for Research in Computer Science and Control.
Q&A
ThankYou

Recommended

Tor Presentation
Tor PresentationTor Presentation
Tor Presentation
Hassan Faraz
 
Onion protocol
Onion protocolOnion protocol
Onion protocol
Anshu Raj
 
Tor Network
Tor NetworkTor Network
Tor Network
Muhammad Jabir A C K
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to Tor
Jaskaran Narula
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
Mohammed Bharmal
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 

Recommended

Tor Presentation
Tor PresentationTor Presentation
Tor Presentation
Hassan Faraz
 
Onion protocol
Onion protocolOnion protocol
Onion protocol
Anshu Raj
 
Tor Network
Tor NetworkTor Network
Tor Network
Muhammad Jabir A C K
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to Tor
Jaskaran Narula
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
Mohammed Bharmal
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
OWASP Delhi
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymity
anurag singh
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
Jisc
 
What is firewall
What is firewallWhat is firewall
What is firewall
Harshana Jayarathna
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
Case IQ
 
Dark web
Dark webDark web
Dark web
aakshidhingra
 
Dark web
Dark webDark web
Dark web
Safwan Hashmi
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
Ashly Liza
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Network security
Network securityNetwork security
Network security
fatimasaham
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
Seth Porter, MA, MLIS
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
Brian Pichman
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
n|u - The Open Security Community
 
Network security
Network securityNetwork security
Network security
Simranpreet Singh
 
How TOR works?
How TOR works?How TOR works?
How TOR works?
Onkar Badiger
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
Prashant Rana
 

More Related Content

What's hot

Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
Case IQ
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
Ashly Liza
 

What's hot (20)

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymity
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Dark web
Dark webDark web
Dark web
 
Dark web
Dark webDark web
Dark web
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 
Network security
Network securityNetwork security
Network security
 

Viewers also liked

Deep Web
Deep WebDeep Web
Deep Web
St John
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdStrike
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
realpeterz
 
Googlechrome ppt
Googlechrome pptGooglechrome ppt
Googlechrome ppt
abshah37
 

Viewers also liked (18)

How TOR works?
How TOR works?How TOR works?
How TOR works?
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network tor
 
Deep Web
Deep WebDeep Web
Deep Web
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Darknet
DarknetDarknet
Darknet
 
Deep web
Deep webDeep web
Deep web
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Deep weeb juanita- monica
Deep weeb juanita- monicaDeep weeb juanita- monica
Deep weeb juanita- monica
 
floating touch
floating touchfloating touch
floating touch
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
 
Maximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 TechnologyMaximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 Technology
 
Colloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m riceColloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m rice
 
Googlechrome ppt
Googlechrome pptGooglechrome ppt
Googlechrome ppt
 
Tor
TorTor
Tor
 

Similar to TOR NETWORK

Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)
IAEME Publication
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
IAEME Publication
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
IAEME Publication
 

Similar to TOR NETWORK (20)

Anonymity Network TOR
Anonymity Network TOR Anonymity Network TOR
Anonymity Network TOR
 
Anonymous traffic network
Anonymous traffic networkAnonymous traffic network
Anonymous traffic network
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocols
 
.Onion
.Onion.Onion
.Onion
 
Tor
TorTor
Tor
 
Tor browser
Tor browserTor browser
Tor browser
 
The Onion Routing (TOR)
The Onion Routing (TOR)The Onion Routing (TOR)
The Onion Routing (TOR)
 
Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)
 
Information security using onion routing(tor)
Information security using onion routing(tor)Information security using onion routing(tor)
Information security using onion routing(tor)
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, FreenetComparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
 
Anonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsAnonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing Protocols
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?
 

More from Rishikese MR

More from Rishikese MR (19)

1 2 3 4 5 g
1 2 3 4 5 g1 2 3 4 5 g
1 2 3 4 5 g
 
Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language Processing
 
Fuzzy Logic
Fuzzy LogicFuzzy Logic
Fuzzy Logic
 
Crowd Sourcing With Smart Phone
Crowd Sourcing With Smart PhoneCrowd Sourcing With Smart Phone
Crowd Sourcing With Smart Phone
 
BLUE BRAIN
BLUE BRAINBLUE BRAIN
BLUE BRAIN
 
The No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra ModelThe No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra Model
 
CYBORG
CYBORG CYBORG
CYBORG
 
DATA WAREHOUSING
DATA WAREHOUSINGDATA WAREHOUSING
DATA WAREHOUSING
 
Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV's Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV's
 
Middleware and Middleware in distributed application
Middleware and Middleware in distributed applicationMiddleware and Middleware in distributed application
Middleware and Middleware in distributed application
 
EMOTION BASED COMPUTING
EMOTION BASED COMPUTINGEMOTION BASED COMPUTING
EMOTION BASED COMPUTING
 
BITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USESBITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USES
 
3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE
 
OUTERNET
OUTERNETOUTERNET
OUTERNET
 
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
 
Google Glass and its Features
Google Glass and its FeaturesGoogle Glass and its Features
Google Glass and its Features
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud Computing
 
Artificial intelligence in gaming.
Artificial intelligence in gaming.Artificial intelligence in gaming.
Artificial intelligence in gaming.
 
A seminar on neo4 j
A seminar on neo4 jA seminar on neo4 j
A seminar on neo4 j
 

Recently uploaded

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 

Recently uploaded (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 

TOR NETWORK

  • 1. TOR NETWORK A Presentation by Nishanth Samuel Fenn Roll No. 57 S7, CS-B. Under the Guidance of Mr. Pramod Pavithran
  • 2. 2
  • 3. Contents • Why do we need anonymity? • Introducing the Tor Network • How does the Tor Network work? • Hidden Services • Weaknesses
  • 4. Why do we need anonymity? • To hide user identity from target web site • To hide browsing pattern from employer or ISP • To conceal our internet usage from hackers • To circumvent censorship
  • 5. Introducing the Tor Network • Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing. • This is done by passing the data through a circuit of at least three different routers. • The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
  • 6. R1 R2 R3 R4 srvr1 srvr2 R5 R6 one minute later
  • 7. How Tor Works? --- Onion Routing Alice Bob OR2 OR1 • A circuit is built incrementally one hop by one hop • Onion-like encryption • ‘Alice’ negotiates an AES key with each router • Messages are divided into equal sized cells • Each router knows only its predecessor and successor • Only the Exit router (OR3) can see the message, however it does not know where the message is from M M√ M OR3 M C1 C2 C2 C3 C3 Port
  • 8. Cells • All data is sent in fixed size (bytes) cells • Control cell commands: • Padding, create, destroy • Relay cell commands: • Begin, data, connected, teardown, ...
  • 9. How Tor Works? --- Node to Node Connection • Tor implements Perfect Forward Secrecy (PFC) by using AES encryption • In AES (Advanced Encryption Standard), a private key is generated and shared between the two users, and from this key, session keys are generated • Original keypairs are only used for signatures (i.e. to verify the authenticity of messages)
  • 10. How Tor Works? --- Integrity Checking • Only done at the edges of a stream • SHA-1 digest of data sent and received • First 4 bytes of digest are sent with each message for verification
  • 12. Hidden Services • Location-hidden services allow a server to offer a TCP service without revealing its IP address. • Tor accommodates receiver anonymity by allowing location hidden services • Design goals for location hidden services • Access Control: filtering incoming requests • Robustness: maintain a long-term pseudonymous identity • Smear-resistance: against socially disapproved acts • Application transparency • Location hidden service leverage rendezvous points
  • 13. Weaknesses • Autonomous System (AS) eavesdropping • Exit node eavesdropping • Traffic-analysis attack • Tor exit node block • Bad Apple attack • Sniper attack • Heartbleed bug
  • 14. Autonomous System (AS) eavesdropping If an Autonomous System (AS) exists on both path segments from a client to entry relay and from exit relay to destination, such an AS can statistically correlate traffic on the entry and exit segments of the path and potentially infer the destination with which the client communicated. In 2012, LASTor proposed a method to predict a set of potential ASes on these two segments and then avoid choosing this path during path selection algorithm on client side. In this paper, they also improve latency by choosing shorter geographical paths between client and destination.
  • 15. Exit node eavesdropping As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it that does not use end-to-end encryption such as SSL orTLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data
  • 16. Exit node eavesdropping (Contd.) • In October 2011, a research team from ESIEA claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them, and then acquiring their encryption keys and algorithm seeds. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used a denial-of-service attack.
  • 17. Bad Apple attack • This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor's design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. The second part of this attack is called the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' This wording is used to illustrate that one insecure application on Tor may allow to trace other applications.)
  • 18. Heartbleed bug • Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of theTransport Layer Security(TLS) protocol. The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. • The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.
  • 19. Licit and illicit uses • Tor is increasingly in common use by victims of domestic violence and the social workers and agencies which assist them • A growing list of news organizations are using the SecureDrop software platform to accept material for publication in a manner intended to protect the anonymity of sources. • It is endorsed by civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists
  • 20. Licit and illicit uses (Contd.) • Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain access to censored information, to organize political activities, or to circumvent laws against criticism of heads of state. • Tor can be used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, credit card fraud, and identity theft. • Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously
  • 21. Dangers of using Tor Network • "The more you hide the more somebody wants to know why.“ • While the inter-relay communications might be secure, the entry and exit nodes are vulnerable to packet sniffing and • The exit node decrypts the packet it received from its sibling on the chain of nodes and receives your full plaintext request. This can be easily seen by the operator of the exit node. • Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced to your IP • Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
  • 22. References • https://www.torproject.org/ • https://en.wikipedia.org/wiki/Tor_(anonymity_network) • McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany: Springer-Verlag. pp. 63–76. • "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014. • "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014. • "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014. • Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info-stealing attack". InfoWorld. • Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project. • Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout, Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11). National Institute for Research in Computer Science and Control.
  • 23. Q&A