A Presentation by:
REMMY NWEKE, 2016 Fellow, Cyber Security Policy Defender
Secretary, Cyber Security Experts Association of Nigeria (CSEAN)
Lagos Branch
To mark the Cyber Security Awareness Campaign,
October 2016
Artificial intelligence in the post-deep learning era
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
1. Using a VPN or/and Tor
A Presentation by:
REMMY NWEKE, 2016 Fellow, Cyber Security Policy Defender
Secretary, Cyber Security Experts Association of Nigeria (CSEAN)
Lagos Branch
To mark the Cyber Security Awareness Campaign,
October 2016
Contact:
Lead Strategist/Group Executive Editor
DigitalSENSE Africa Media Ltd
editor_ls@digitalsenseafrica.com.ng
editor_ls@digitalsenseafrica.com.ng
remmyn@gmail.com @ITRealms @DigitalSENSEng @NaijaAgroNet
2. 1. Appreciations
2. Classical definitions … What is VPN?
3. Historical path to Virtual Private Network (VPN)
4. The Orange Book and X.25 Protocols
5. Classical definitions … What is Tor?
6. De-anonymizing the user:
7. Historical path to The Onion Routing - Tor
8. How is Tor different from other proxies?
9. Summary comparison between VPN and Tor
10. Who uses Tor and How?
11. Conclusion & recommendations
12. Questions
13. Reference
Overview
3. A Virtual Private Network (VPN) is a method used to add security and privacy to private
and public networks, like Wireless Fidelity (Wi-Fi) hotspots and the Internet.
VPNs are most often used by corporations to protect sensitive data.
Thus, VPN is a network technology that creates a secure network connection over a
public network such as the Internet or a private network owned by a service provider.
But according to the open source encyclopedia, Wikipedia, VPN, is a private network
that extends across a public network or internet, which affords users to send and
receive data across shared or public networks as if their computing devices were
directly connected to the private network.
VPNs can provide functionality, security and/or network management benefits to the
user. But they can also lead to new issues, and some VPN services, especially "free"
ones, which includes violating their users' privacy by logging their usage and making it
available without their consent, or make money by selling the user's bandwidth to
other users.
Classical definitions … What is VPN?
4. 1) Certain VPNs allow employees to securely access corporate intranet while located
outside the office and geographically separated in an organization, creating one
cohesive network.
2) Individual Internet users can use some VPNs to secure their wireless transactions, to
circumvent geo-restrictions and censorship, and/or to connect to proxy servers for
the purpose of protecting personal identity and location.
3) In addition some Internet sites block access via known VPNs to prevent the
circumvention of their geo-restrictions.
4) A VPN, therefore, is created by establishing a virtual point-to-point connection
through the use of dedicated connections, virtual tunneling protocols, or traffic
encryption.
5) Avails public Internet to provide some of the benefits of a Wide Area Network (WAN).
6) From a user perspective, resources available within private network could be accessed
remotely.
7) VPN has point-to-point topology, which do not tend to support or connect broadcast
domains, so as Microsoft Windows NetBIOS as it would on a Local Area Network
(LAN).
8) However, designers have developed VPN variants, such as Virtual Private LAN Service
(VPLS), and layer-2 tunneling protocols, to overcome this limitation.
Some Common Features of VPN:
5. 1) Historically, the first incentive to Virtual Private Network (VPN) creation was a desire
of different companies and corporations to remove a set of impediments of their
successful business development.
2) Search to boost corporate data security, with top on the agenda being how to keep
information safe while transferring same to the other departments of the company,
invariably located far away from the headquarters, such as Shell, MTN Group, Etisalat
and even through Embassies.
3) Businesses required to make private Wireless Fidelity (Wi-Fi) network safe for their
works.
4) Essentially to aids to economize on remote network access for employees was
another reason to make use of a VPN.
5) The X.25 Protocol and Frame Relay were the first steps to for creation of a VPN which
later conquered not only business market but also became popular with common
online users.
Historical path to Virtual Private Network (VPN)
6. X.25 is an International Telecommunication Union (ITU)-Technical standard protocol
suite for packet switched Wide Area Network (WAN) communication.
An X.25 WAN consists of Packet-Switching Exchange (PSE) nodes as the networking
hardware, and leased lines, plain old telephone service connections, or Integrated
Services Digital Network (ISDN) connections as physical links.
X.25 is a family of protocols that was popular during the 1980s with
telecommunications companies and in financial transaction systems such as
Automated Teller Machines.
X.25 was originally defined by the International Telegraph and Telephone Consultative
Committee (CCITT, now ITU-T) in a series of drafts and finalized in a publication
known as The Orange Book in 1976.
Therefore, X.25 largely has been replaced by less complex protocols, especially the
Internet Protocol (IP). Although the service is still being used, for instance, as at 2012
in credit card payment industry and available in niche and legacy applications.
The Orange Book and X.25 Protocol
8. (1) Highlight on ISDN:
Integrated Services Digital Network also known as ISDN is often a set of communication
standards for simultaneous digital transmission of voice, video, data, and other network
services. For some industry analysts, ISDN saw the birth of original high-speed internet
service. It sparked the high-speed internet development between services.
(2) Climax on DTE:
Data Terminal Equipment (DTE) is an end instrument that converts user information into
signals or reconverts received signals. These can also be called tail circuits. A DTE device
communicates with the data circuit-terminating equipment (DCE). The DTE/DCE
classification was introduced by International Business Machines (IBM).
(3) Highpoint on DCE:
In computer data transmission, DCE (Data Communication Equipment) is the interface
that a modem or other serial device uses in exchanging data with the computer. For
further information about the DCE interface and its relationship to the Data Terminal
Equipment (DTE) interface.
Highpoints of X.25 Network:
9. There are a range of events, including the Edward Snowden scandal event, which forced
Internet users to consider their online privacy and security even more seriously.
It also prompted governments globally to begin to adopt laws which entails that all
communication providers keep users’ data up to 2 years.
Users of countries with a highly censored Internet space like China also started looking
for alternative ways of getting unrestricted access to the net.
Another spur to VPN popularity was the blocking policy of renowned online streaming
channels like Netflix, Hulu, Spotify, etc.
Else We forget – Eventful Concerns:
10. Tor is an acronym for the original software project code named ‘The Onion Router’; an
open source application that facilitates anonymous communication.
Tor directs Internet traffic through a free, worldwide, volunteer network consisting of
over 7,000 relays, to conceal a user's location and usage from anyone conducting
network surveillance or traffic analysis.
Using Tor makes it somewhat difficult for Internet activities to be traced back to the
user: this includes visits to Web sites, online posts, instant messages, and other
communication forms.
Tor's use is envisioned to protect the personal privacy of users, as well as their
freedom and ability to conduct confidential communication by keeping their Internet
activities from being scrutinized.
The Onion routing is implemented by encryption in the application layer of a
communication protocol stack, nested like the layers of an onion.
Classical definitions … What is Tor?
11. Tor encrypts the data, including the destination IP address, multiple times and sends it
through a virtual circuit comprising successive, randomly selected Tor relays.
Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in
order to pass the remaining encrypted data on to it.
The final relay decrypts the innermost layer of encryption and sends the original data
to its destination without revealing, or even knowing, the source IP address.
This is because the routing of the communication is partly concealed at every hop in
the Tor circuit. This method eliminates any single point at which the communicating
peers could be determined through network surveillance that relies upon knowing its
source and destination.
Classical definitions … What is Tor? -2
12. De-anonymizing User:
There is possibility for an adversary to de-anonymize the user by some means, which
include by exploiting vulnerable software on the user's computer.
The NSA had a technique that targets a vulnerability - which they codenamed
‘EgotisticalGiraffe’ - in an outdated Firefox browser version at one time bundled with the
Tor package, and in general, targets Tor users for close monitoring under its XKeyscore
programme.
Attacks against Tor are an active area of academic research.
Xkeyscore:
XKeyscore (XKS) is the search engine interface that interacts with all United States
National Security Agency (NSA) federated databases for the collected Internet traffic,
communicated data and phone metadata of private citizens. XKS is used to search the big
data collection and was first used by NSA for searching and analyzing global Internet
data, which it collects on a daily basis.
De-anonymizing user and XKeyscore:
14. What is Tor?
The name "Tor" can refer to several different components. Although Tor is a
programme you can run on your computer that helps keep you safe on the Internet.
It protects you by bouncing your communications around a distributed network of
relays run by volunteers all around the world:
It prevents somebody watching your Internet connection from learning what sites you
visit, and it prevents the sites you visit from learning your physical location. This set of
volunteer relays is called the Tor network.
The way most people use Tor is with Tor Browser, which is a version of Firefox that
fixes many privacy issues.
The Tor Project is a non-profit (charity) organization that maintains and develops the
Tor software.
Historical path to what is Tor?
15. A typical proxy provider sets up a server somewhere on the Internet and allows any
interested party to use it to relay their traffics.
This creates a simple, easy to maintain architecture and users all enter and leave
through the same server.
The provider may charge for use of the proxy, or fund their costs through
advertisements on the server.
In the simplest configuration, you don't have to install anything. You just have to point
your browser at their proxy server.
Simple proxy providers are fine solutions if you do not want protections for your
privacy and anonymity online and you trust the provider to not do bad things.
Some simple proxy providers use (Secure Sockets Layer) technology or connection to
secure themselves, which protects users against local eavesdroppers, such as those at
a cafe with free Wi-Fi Internet.
How is Tor different from other proxies?
16. Simple proxy providers also create a single point of failure. The
provider knows both who you are and what you browse on the
Internet. They can see your traffic as it passes through their server.
In some cases, they can even see inside your encrypted traffic as
they relay it to your banking site or to ecommerce stores. You have to
trust the provider isn't watching your traffic, injecting their own
advertisements into your traffic stream, or recording your personal
details.
Tor passes your traffic through at least 3 different servers before
sending it on to the destination. Because there's a separate layer of
encryption for each of the three relays, somebody watching your
Internet connection can't modify, or read, what you are sending into
the Tor network. Your traffic is encrypted between the Tor client (on
your computer) and where it pops out somewhere else in the world.
How is Tor different from other proxies? - 2
17. This is because Tor is The Onion Routing network; when the project
on Tor was beginning the new next-generation design and
implementation of onion routing in 2001-2002, the project managers
used to tell people they were working on onion routing, and the
response would be "Neat. Which one?“
Even if onion routing has become a standard household term, Tor
was born out of the actual onion routing project run by the Naval
Research Lab.
Note: Even though it originally came from an acronym, Tor, its not
spelt as "TOR". Only the first letter is capitalized.
In fact, usually people are spotted who haven't read any of the
website but instead learned everything they know about Tor from
news articles by the fact that they spell it wrong, technically
speaaking.
Why is it called Tor?
18. Summary comparison between VPN and Tor:
Common features of VPN Common features of Tor
1. Some VPNs allow employees to securely access a
corporate intranet while located outside the office.
2. Some can securely connect geographically
separated offices of an organization, thereby
creating one cohesive network.
3. Individual Internet users can use some VPNs to
secure their wireless transactions, to circumvent
geo-restrictions and censorship, and/or to
connect to proxy servers for the purpose of
protecting personal identity and location.
4. Some Internet sites block access via known VPNs
to prevent the circumvention of their geo-
restrictions.
5. VPN facilitates creation of virtual point-to-point
connection through dedicated connections, virtual
tunneling protocols, or traffic encryption.
6. Avails public Internet to provide some benefits to
WAN.
7. Private network resources could be accessed
remotely.
8. VPN has point-to-point topology
9. VPN has variants, such as Virtual Private LAN
Service (VPLS), and layer-2 tunneling protocols, to
overcome limitations.
1. An Internet communication method intended to
enable online anonymity.
2. In Tor, file sharing for instance, is not allowed,
because file sharing (peer-to-peer/P2P) is
reputedly unwanted in the Tor network, and exit
nodes are configured to block file sharing traffic
by default.
3. Tor is not really designed for it, and file sharing
through Tor slows down everyone's browsing.
4. The current Tor network is quite small compared
to the number of people trying to use it.
5. And many of these users don't understand or care
that Tor can't currently handle file-sharing traffic
load.
6. Tor network is currently slow.
7. Tor is never going to be blazing fast … because
traffic is bouncing through volunteers' computers
in various parts of the world;
8. So, some bottlenecks and network latency will
always be present.
9. You shouldn't expect to see university-style
bandwidth through Tor.
19. Nowadays, Information Technology (IT) professionals use Tor to verify
Internet Protocol (IP) based firewall rules: A firewall may have some
policies that only allow certain IP addresses or ranges.
Tor can be used to verify those configurations by using an IP number
outside of the company's allotted IP block.
To bypass their own security systems for sensitive professional
activities: For instance, a company may have a strict policy regarding
the material employees can view on the internet.
A log review reveals a possible violation. Tor can be used to verify the
information without an exception being put into corporate security
systems.
Professional journalists, citizen journalists, law enforcement officers,
Human Right Activists and Whistle Blowers, Business Executives and
finally, Information Technology (IT) practitioners known as techies.
Who uses Tor:
20. Professional journalists, citizen journalists, law enforcement officers use to engage in
online ‘undercover’ by using Tor to engage in online ‘undercover.’
Human right activists and whistle blowers use Tor to report abuses from danger zones
and used by Human Rights Watch, Global Voices to mention a few.
Business executives use Tor for servicing of security breach information at
clearinghouses.
IT Professionals use Tor to verify Internet Protocol (IP) based firewall rules: A firewall
may have some policies that only allow certain IP addresses or ranges. Tor can be used
to verify those configurations by using an IP number outside of the company's allotted
IP block.
In addition, IT professionals use Tor to bypass their own security systems for sensitive
professional activities: For instance, a company may have a strict policy regarding the
material employees can view on the internet. A log review reveals a possible violation.
Tor can be used to verify the information without an exception being put into
corporate security systems.
How professionals use Tor:
21. Both VPN and Tor are tools for security purposes and personnel, but a decision must be
made starting with the evaluation of the purpose for a given tool, so as to determine the kind
of tool or tools required for delivery of such needs.
As always, there is need for continuous training or capacity building for cybersecurity
practitioners in order to expose them to various tools in the industry, even they are not
going to deploy same personally, but getting to know about helps a great deal.
Individual commitment is also required to ensure that almost everyone is carried along as we
journey for a better cyber society, both in our private and public sectors, especially exploring
the Massive Open Online Courses (MOOC) based on your needs and future plans.
However, there are several MOOC-based cyber security courses not limited to:
Usable Security (Coursera)
Cybersecurity and Mobility (Coursera)
Cybersecurity and Its Ten Domains (Coursera)
International Cyber Conflicts (Coursera)
Cybersecurity and the Internet of Things (Coursera)
Cyber Security: Safety at Home, Online, in Life (FutureLearn)
Cryptography (Coursera)
Innovation and IT Management (edX)
Conclusion and recommendations:
22. i. www.X.25 - Wikipedia, the free encyclopedia
ii. www.whatismyipaddress.com/isdn
iii. www.https://en.wikipedia.org/wiki/X.25
iv. X.25 diagram: Adamantios - Own work, Public Domain,
https://commons.wikimedia.org/w/index.php?curid=5398843
v. www.Searchnetworking.techtarget.com
vi. www.https://upload.wikimedia.org/wikipedia/commons/4/41/Geographies_of_Tor.p
ng
vii. www.torproject.org
viii. https://www.mooc-list.com/tags/cybersecurity
ix. https://en.wikipedia.org/wiki/XKeyscore
References:
23. i. PSE – Packet-Switching Exchange
ii. ITU - International Telecommunication Union
iii. ISDN - Integrated Services Digital Network
iv. CCITT - International Telegraph and Telephone Consultative Committee
v. IP – Internet Protocol
vi. WAN - Wide Area Network
vii. LAN - Local Area Network
viii. ITU-T - International Telecommunication Union – Technical
ix. Wi-Fi - Wireless Fidelity
x. DTE - Data Terminal Equipment
xi. DCE - Data Communication Equipment/Environment
xii. VPLS - Virtual Private LAN Service
xiii. XKS - XKeyscore
xiv. NSA – National Security Agency (US)
Acroynms and full meanings:
24. Thank you all for listening
God bless us all! God bless CSEAN!!
God bless Nigeria!!!
REMMY NWEKE,
2016 Fellow, Cyber Security Policy Defender
Secretary, Cyber Security Experts Association of Nigeria
(CSEAN) Lagos Branch
Lead Strategist/Group Executive Editor
DigitalSENSE Africa Media Ltd
editor_ls@digitalsenseafrica.com.ng
remmyn@gmail.com @ITRealms @DigitalSENSEng @NaijaAgroNet
08023122558, 08041000475, 08172004283
Questions:
Editor's Notes
Appreciation: I wish to thank CSEAN, especially the President, Mr. Remi Afon, for this opportunity and the management of DigitalSENSE Africa Media Ltd, for the time devoted to creating this presentation and being here.