Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
How it works to keep you safe online 
Phuturecon 2014 
IceQUICK 
ParkBenchIndustries.com
Who am I 
 Former USAF NOC admin (Active Duty and Contractor) 
 Windows/Solaris/Linux admin 
 IT process architect (ITI...
This presentation 
Combined from a variety of sources 
No tricks, vulnerabilities, hacks 
Not ‘breaking news’ 
Why I t...
What is Tor? 
 Network of virtual tunnels 
 Privately Browse Internet 
 FREE! 
 Used by… 
 Journalists 
 Activists 
...
Tor History 
 ~1995 - Naval Research Lab as “Onion Routing” 
 2002 - Converted to TOR “The Onion Router” 
 Code open-so...
Technologies Used 
 PKI 
 Public/Private Keys 
 Hashing / Signing 
 Diffie-Hellman key exchange 
 PFS – Perfect Forwa...
Life of a session 
 Client to Node 1(Guard) 
 Perform DH Key Exchange 
 Acquire PFS Session Key 
 Use Node 1(Guard) to...
DH Key Exchange 
 Key Exchange 
 Client gets the node’s public key from directory 
 Client sends the first half of DH h...
Uses 
 Web Browsing 
 DNS 
 Most services using TCP 
 Chat, Mail, etc. 
 Hidden Services 
 E.g. http://j8hlg2sh2hoas...
What can you do? 
 Run a Relay 
 Exit node or not 
 Home cable modem 
 VPS 
 Tor Cloud – Amazon 
 Help Develop 
 C,...
Questions?
Enjoy! 
@IceQUICK 
icequick@parkbenchindustries.com 
@DC970
Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014
Upcoming SlideShare
Loading in …5
×

Tor: How it works to keep you safe online. PhutureCon 2014

832 views

Published on

Presented at the first PhutureCon (2014) (http://phuturecon.com) in Denver, CO.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Tor: How it works to keep you safe online. PhutureCon 2014

  1. 1. How it works to keep you safe online Phuturecon 2014 IceQUICK ParkBenchIndustries.com
  2. 2. Who am I  Former USAF NOC admin (Active Duty and Contractor)  Windows/Solaris/Linux admin  IT process architect (ITIL)  Not a developer (Tor is written in C)  Tor Experience  User for 10+ years  Relay node admin for ~3 years
  3. 3. This presentation Combined from a variety of sources No tricks, vulnerabilities, hacks Not ‘breaking news’ Why I trust the network Why you should contribute
  4. 4. What is Tor?  Network of virtual tunnels  Privately Browse Internet  FREE!  Used by…  Journalists  Activists  Censorship circumventing citizens  Military intel analysts  Law enforcement  Whistleblowers  Bloggers  http://www.torproject.org/ Privacy-contious
  5. 5. Tor History  ~1995 - Naval Research Lab as “Onion Routing”  2002 - Converted to TOR “The Onion Router”  Code open-sourced  2006 – Tor Project Formed  501(c)(3) research-educational non-profit  Today: 60%+ of funding still from US Government
  6. 6. Technologies Used  PKI  Public/Private Keys  Hashing / Signing  Diffie-Hellman key exchange  PFS – Perfect Forward Secrecy  DHT – Distributed Hash Table  For hidden services /.onions
  7. 7. Life of a session  Client to Node 1(Guard)  Perform DH Key Exchange  Acquire PFS Session Key  Use Node 1(Guard) to repeat process to Node 2(Relay)  Use Node 2(Relay) to repeat process to Node 3 (Exit)  Use Node 3 to contact internet resource  Create new path every 10 minutes  Will route existing TCP sessions through existing paths  Repeat…
  8. 8. DH Key Exchange  Key Exchange  Client gets the node’s public key from directory  Client sends the first half of DH handshake encrypted with node’s public key  Node receives, decrypts it, using its private key  Node has first half (client’s) of two-way DH handshake  Node completes second half of the handshake, creating session key  Hashes the resulting session key and signs it with it private key  Node sends to client – both parties now have the session key  Verify Session Key  Client believes session key came from the router  Client decrypts session key using router's public key  Will only work if session key was signed with the router's private key
  9. 9. Uses  Web Browsing  DNS  Most services using TCP  Chat, Mail, etc.  Hidden Services  E.g. http://j8hlg2sh2hoasdh8.onion/
  10. 10. What can you do?  Run a Relay  Exit node or not  Home cable modem  VPS  Tor Cloud – Amazon  Help Develop  C, C++, Python, Java  OnionTip.com  BTC to node operators  Defend its use
  11. 11. Questions?
  12. 12. Enjoy! @IceQUICK icequick@parkbenchindustries.com @DC970

×