• Like
Tor2web ESC2011
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Published

Tor2web is a gate to Tor Hidden Services …

Tor2web is a gate to Tor Hidden Services

Published in Technology , Design
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,342
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
10
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. tor2web Past, Present and Future of Tor Hidden ServicesSunday, September 4, 2011
  • 2. What is tor2web? • Gate to hidden services • Allows people to access HTTP(s) Hidden Services without TorSunday, September 4, 2011
  • 3. Tradeoff • --Client Anonymity • ++UsabilitySunday, September 4, 2011
  • 4. Tor Hidden Services • am4wuhz3zifexz5u.onion • Anonymity for the Server • DoS protection • End-To-End encryptionSunday, September 4, 2011
  • 5. Sunday, September 4, 2011
  • 6. Sunday, September 4, 2011
  • 7. Sunday, September 4, 2011
  • 8. Sunday, September 4, 2011
  • 9. Sunday, September 4, 2011
  • 10. Sunday, September 4, 2011
  • 11. Why use HS • Avoid retaliation for what you publish • Securely host and serve content • Stealth Hidden ServiceSunday, September 4, 2011
  • 12. Tor2web • Works for HTTP(s) HS • Promote Tor HS • HS can impact the whole web!Sunday, September 4, 2011
  • 13. Tor2web 1.0 • Started by Aaaron Swartz in 2008 • Now part of GlobaLeaksSunday, September 4, 2011
  • 14. Tor2web 1.0 Issues • Exposed to abuse complaints • Misuse of HS to spread illegal material • No disclaimer • This leads to Server TakedownSunday, September 4, 2011
  • 15. First iterationSunday, September 4, 2011
  • 16. Solved problems • Tell the audience no content is hosted on the server • Abuse and problem complaint form • Dynamic URL rewritingSunday, September 4, 2011
  • 17. Kharon • Complementary to tor2web • Firefox and Chrome plugin • https://github.com/hellais/kharon • rewrites hidden services to tor2web and i2p • Done by evilaliv3, hellais and vecnaSunday, September 4, 2011
  • 18. Unsolved problems • Responsibility not distributed • Links directly serve the content • High risk of takedownSunday, September 4, 2011
  • 19. Future tor2web 3.0 • Discussed with Paul Syverson • Further reduce the risk of takedown • Distribute responsibility across multiple actorsSunday, September 4, 2011
  • 20. Scenarios • Spammer links to *.tor2web.org site hosted on HS • Illegal content hostingSunday, September 4, 2011
  • 21. Definitions User Node B Node A Hidden ServiceSunday, September 4, 2011
  • 22. Node A • Landing page • Accept disclaimer • Does not serve content • Generates a unique, temporary access URL for the UserSunday, September 4, 2011
  • 23. Properties of the URL • Usable once • Only Node A’s can make them • Usable only by who generated itSunday, September 4, 2011
  • 24. The unique URL H( nonce timestamp the_user (maybe the IP) onion_address )Sunday, September 4, 2011
  • 25. The unique URL Signed nonce Node Node A B verifies the Hash signature User computes the H(...)Sunday, September 4, 2011
  • 26. Node B Node B is in different ISP and/or country content Node User BSunday, September 4, 2011
  • 27. What have we achieved? • Distribute responsibility across two actors in two different jurisdictions • Avoid direct serving of content • URL’s are unique per userSunday, September 4, 2011
  • 28. New problems • How to handle caching? • The issue is the delay in connecting to HS • Cache is used only after connection has been established • What are the flaws in this solution?Sunday, September 4, 2011
  • 29. Questions? • Wiki: http://wiki.tor2web.org • Mailing list: tor2web-talk@lists.tor2web.org • IRC: #tor2web on irc.oftc.netSunday, September 4, 2011
  • 30. Thanks for listening!Sunday, September 4, 2011