Tor2web ESC2011

1,651 views
1,548 views

Published on

Tor2web is a gate to Tor Hidden Services

Published in: Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,651
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Tor2web ESC2011

  1. 1. tor2web Past, Present and Future of Tor Hidden ServicesSunday, September 4, 2011
  2. 2. What is tor2web? • Gate to hidden services • Allows people to access HTTP(s) Hidden Services without TorSunday, September 4, 2011
  3. 3. Tradeoff • --Client Anonymity • ++UsabilitySunday, September 4, 2011
  4. 4. Tor Hidden Services • am4wuhz3zifexz5u.onion • Anonymity for the Server • DoS protection • End-To-End encryptionSunday, September 4, 2011
  5. 5. Sunday, September 4, 2011
  6. 6. Sunday, September 4, 2011
  7. 7. Sunday, September 4, 2011
  8. 8. Sunday, September 4, 2011
  9. 9. Sunday, September 4, 2011
  10. 10. Sunday, September 4, 2011
  11. 11. Why use HS • Avoid retaliation for what you publish • Securely host and serve content • Stealth Hidden ServiceSunday, September 4, 2011
  12. 12. Tor2web • Works for HTTP(s) HS • Promote Tor HS • HS can impact the whole web!Sunday, September 4, 2011
  13. 13. Tor2web 1.0 • Started by Aaaron Swartz in 2008 • Now part of GlobaLeaksSunday, September 4, 2011
  14. 14. Tor2web 1.0 Issues • Exposed to abuse complaints • Misuse of HS to spread illegal material • No disclaimer • This leads to Server TakedownSunday, September 4, 2011
  15. 15. First iterationSunday, September 4, 2011
  16. 16. Solved problems • Tell the audience no content is hosted on the server • Abuse and problem complaint form • Dynamic URL rewritingSunday, September 4, 2011
  17. 17. Kharon • Complementary to tor2web • Firefox and Chrome plugin • https://github.com/hellais/kharon • rewrites hidden services to tor2web and i2p • Done by evilaliv3, hellais and vecnaSunday, September 4, 2011
  18. 18. Unsolved problems • Responsibility not distributed • Links directly serve the content • High risk of takedownSunday, September 4, 2011
  19. 19. Future tor2web 3.0 • Discussed with Paul Syverson • Further reduce the risk of takedown • Distribute responsibility across multiple actorsSunday, September 4, 2011
  20. 20. Scenarios • Spammer links to *.tor2web.org site hosted on HS • Illegal content hostingSunday, September 4, 2011
  21. 21. Definitions User Node B Node A Hidden ServiceSunday, September 4, 2011
  22. 22. Node A • Landing page • Accept disclaimer • Does not serve content • Generates a unique, temporary access URL for the UserSunday, September 4, 2011
  23. 23. Properties of the URL • Usable once • Only Node A’s can make them • Usable only by who generated itSunday, September 4, 2011
  24. 24. The unique URL H( nonce timestamp the_user (maybe the IP) onion_address )Sunday, September 4, 2011
  25. 25. The unique URL Signed nonce Node Node A B verifies the Hash signature User computes the H(...)Sunday, September 4, 2011
  26. 26. Node B Node B is in different ISP and/or country content Node User BSunday, September 4, 2011
  27. 27. What have we achieved? • Distribute responsibility across two actors in two different jurisdictions • Avoid direct serving of content • URL’s are unique per userSunday, September 4, 2011
  28. 28. New problems • How to handle caching? • The issue is the delay in connecting to HS • Cache is used only after connection has been established • What are the flaws in this solution?Sunday, September 4, 2011
  29. 29. Questions? • Wiki: http://wiki.tor2web.org • Mailing list: tor2web-talk@lists.tor2web.org • IRC: #tor2web on irc.oftc.netSunday, September 4, 2011
  30. 30. Thanks for listening!Sunday, September 4, 2011

×