Anonymity Systems: Tor
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Anonymity Systems: Tor

on

  • 2,264 views

Presentation at Rochester 2600 group about the Tor Project.

Presentation at Rochester 2600 group about the Tor Project.

Statistics

Views

Total Views
2,264
Views on SlideShare
2,003
Embed Views
261

Actions

Likes
2
Downloads
65
Comments
0

3 Embeds 261

http://digital-era.net 249
http://www.rochester2600.com 9
http://10.2.2.13:8000 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Anonymity Systems: Tor Presentation Transcript

  • 1.
  • 2. Overview
    Anonymity systems
    Review of how Tor works
    Tor Project Inc.
    Helper tools and accessories
    Advanced Tor control
    Attack Vectors
  • 3. Anonymity Systems
    JAP
    I2P
    Freenet
    Xerobank
    Botnets
  • 4. Freenet
    Storage network p2p based
    Shares files on your system to other nodes
    Plausabile Deniability
  • 5. I2P
    Opposing design of Tor
    UDP based
    Darknet design
    Java, Python, and C API’s
    Mixed routing based on packets
    Splits tunneling between upstream and downstream
    “Garlic Routing” – mix streams together to prevent traffic analysis
    Variable latency design
  • 6. Tor
    Tor (not TOR) – previously stood for The Onion Router
    Provides a method of anonymity by passing data between proxies
  • 7. Tor Network
  • 8. Terminology
    Cell – your message
    Circuit – tunnel made up of relays
    Entry Node: first hop into the Tor network
    Exit Node: last hop before destination
    Relay Node: middle hop
    Bridge Node: nodes not listed in the Tor directory to evade filtering
  • 9. Who’s Using Tor?
    Whistleblowers
    Wikileaks – runs hidden service
    Militaries
    field ops
    command and control using hidden services
    Chinese journalists and dissidents
  • 10. Tor Project
    501(c)(3) NFP
    Freely available
    Full spec and full documentation
  • 11. Project Finances
    https://www.torproject.org/about/financials.html
  • 12. Current Project Sponsors
    Federal Grant:
    International Program to Support Democracy Human Rights and Labor
    $632,189
    International Broadcasting Bureau
    Voice of America, Radio Free Europe/Radio Liberty, Radio and TV Martí, Radio Free Asia, Radio Sawa/Alhurra TV
    $270,000
    Stichting.Net
    Association of NFP’s in the Netherlands
    $38,279
    Google: $29,083
    ITT: $27,000
    Other: $9,997
    https://www.torproject.org/about/sponsors.html.en
  • 13. Past Funders
    DARPA and Naval Research Labratory 2001-2006
    EFF – 2004-2005
  • 14. Tor Performance
  • 15. Number of Relays
  • 16. Number of Users
  • 17. Tor Tools
    Torbutton
    Tor Browser Bundle
    Vidalia
    TorCheck
    Arm
    Tor-ramdisk
    Anthony G. Basile from Buffalo
  • 18.
  • 19. Tor Control Port
    authenticate "“
    extendcircuit 0 a,b,c,…
    extendcircuit 0 a,b
    seteventscirc
    setconfconfitem
    Mapaddress google.com=a.b
    Getconfconfitem
    Telnet to the control port
    Create custom circuits (long or short)
    Show live circuit information
    Change configuration on the fly
    Map a site to an exit node
    Reload a configuration
  • 20. Attacks
  • 21. Tor Passive Attack Vectors
    Traffic profiling – entry and exit analysis
    Cleartext exit node transmission
    Fingerprinting - OS, browser, configuration, activity
    Timing correlation
    Network partitioning
    End to end Size correlation
  • 22. Tor Active Attack Vectors
    Compromised keys
    Malicious web servers
    Malicious Exit/Relay nodes
    DoS non-controlled nodes
    Timestamping and tagging
    Injecting or replacing unencrypted info
    Malicious Tor client
  • 23. Tor Client Side Attacks
    DNS rebinding
    Disbanding attack – javascript, java, flash
    History disclosure
    Timezone information (partitioning)
  • 24. Social Engineering Attacks
    Getting more traffic
    “Use my relay. I have huge tubes!”
    “Nick’s relay sucks”
    “I’ve added a feature to my node.”
    Replacement
    “Tor rapes babies. Use my software.”
    Partitioning
    “Don’t use servers from this country”
    “These servers are amazing!”
  • 25. More Info
    www.torproject.org
    Metrics.torproject.org
    Blog.torproject.org
    Check.torproject.org
    @torproject