This document provides an overview of anonymous networks and circumvention techniques. It discusses Tor, Freenet, Gnunet, and I2P as examples of implemented anonymous networks. Tor routes traffic through volunteer servers called nodes to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Circumvention techniques like Obfsproxy and Flashproxy are also summarized, which transform Tor traffic to bypass censorship methods like deep packet inspection.
This presentation is all about How TOR works?, How TOR was designed?, and the add-on's, extensions that make possible the functioning of TOR.
Feel free to contact me if you want the slide notes as the slide notes are not displayed by SlideShare!
This presentation is all about How TOR works?, How TOR was designed?, and the add-on's, extensions that make possible the functioning of TOR.
Feel free to contact me if you want the slide notes as the slide notes are not displayed by SlideShare!
The global Tor network and its routing protocols provide an excellent framework for online anonymity. However, the selection of Tor-friendly software for Windows is sub-par at best.
Want to anonymously browse the web? You’re stuck with Firefox, and don’t even think about trying to anonymously use Flash. Want to dynamically analyze malware without letting the C2 server know your home IP address? You’re outta luck. Want to anonymously use any program that doesn’t natively support SOCKS or HTTP proxying? Not gonna happen.
While some solutions currently exist for generically rerouting traffic through Tor, these solutions either don’t support Windows, or can be circumvented by malware, or require an additional network gateway device.
Missed the live session at Black Hat USA 2013? Check out the slides from Jason Geffner's standing room only presentation! Jason released a free new CrowdStrike community tool to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines.
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is transmitted through a series of network nodes called onion routers, each of which "peels" away a single layer, uncovering the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.
Onion routing was developed in the mid-1990s at the U.S. Naval Research to protect U.S. intelligence communications online. It was further developed by the Defence Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998. Onion Routing is implemented The Onion Routing project or TOR project.
Tails is an operating system like Windows or Mac OS, but one specially designed to preserve your anonymity and privacy
Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distribution aimed at preservingprivacy and anonymity
All its outgoing connections are forced to go through Tor,[4] and direct (non-anonymous) connections are blocked
The system is designed to be booted as a live DVD or live USB, and will leave no trace (digital footprint) on the machine unless explicitly told to do so. The Tor Project has provided most of the financial support for its development
it is the latest operating system,
Presentation of "Anonymity in the web based on routing protocols" technical report developed for the Web Security course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
Link: https://www.slideshare.net/BiagioBotticelli/anonymity-in-the-web-based-on-routing-protocols
Technical report developed for the Web Security course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
The paper presents the techniques which allow the user to gain anonymity in the Internet by using Tor and I2P routing protocols.
There is also an introduction to Dark Web and Tor Hidden Services.
The internet contents an average person see on internet is not the whole web. So the remaining is called dark web. This presentation is about types of web and mainly on dark web.
The global Tor network and its routing protocols provide an excellent framework for online anonymity. However, the selection of Tor-friendly software for Windows is sub-par at best.
Want to anonymously browse the web? You’re stuck with Firefox, and don’t even think about trying to anonymously use Flash. Want to dynamically analyze malware without letting the C2 server know your home IP address? You’re outta luck. Want to anonymously use any program that doesn’t natively support SOCKS or HTTP proxying? Not gonna happen.
While some solutions currently exist for generically rerouting traffic through Tor, these solutions either don’t support Windows, or can be circumvented by malware, or require an additional network gateway device.
Missed the live session at Black Hat USA 2013? Check out the slides from Jason Geffner's standing room only presentation! Jason released a free new CrowdStrike community tool to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines.
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is transmitted through a series of network nodes called onion routers, each of which "peels" away a single layer, uncovering the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.
Onion routing was developed in the mid-1990s at the U.S. Naval Research to protect U.S. intelligence communications online. It was further developed by the Defence Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998. Onion Routing is implemented The Onion Routing project or TOR project.
Tails is an operating system like Windows or Mac OS, but one specially designed to preserve your anonymity and privacy
Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distribution aimed at preservingprivacy and anonymity
All its outgoing connections are forced to go through Tor,[4] and direct (non-anonymous) connections are blocked
The system is designed to be booted as a live DVD or live USB, and will leave no trace (digital footprint) on the machine unless explicitly told to do so. The Tor Project has provided most of the financial support for its development
it is the latest operating system,
Presentation of "Anonymity in the web based on routing protocols" technical report developed for the Web Security course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
Link: https://www.slideshare.net/BiagioBotticelli/anonymity-in-the-web-based-on-routing-protocols
Technical report developed for the Web Security course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
The paper presents the techniques which allow the user to gain anonymity in the Internet by using Tor and I2P routing protocols.
There is also an introduction to Dark Web and Tor Hidden Services.
The internet contents an average person see on internet is not the whole web. So the remaining is called dark web. This presentation is about types of web and mainly on dark web.
Rugby has increasingly become a major focus of our business.
As a result of its inclusion in the Olympics and with this being a World Cup year, Red Door Events has invested in new equipment and ideas to further our involvement in the game.
Rugby is something that we have been involved with for some time:
• Hong Kong, Dubai, London and Gold Coast legs of the HSBC World Rugby Sevens Series
• ERC for the Heineken Cup
• Adidas for the Heineken and Amlin Challenge Cup
• Dove for their association with the Home Nations during the Autumn Internationals
• EMC for their partnership with Wasps Rugby
A Presentation by:
REMMY NWEKE, 2016 Fellow, Cyber Security Policy Defender
Secretary, Cyber Security Experts Association of Nigeria (CSEAN)
Lagos Branch
To mark the Cyber Security Awareness Campaign,
October 2016
This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.
Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open, then one of their employees can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner.
A free software implementation of second-generation onion routing that help the user to be anonymous while using the internet so it protect the user’s privacy from being monitored
Some people use it in the wrong way which lead to what is called now “The Darknet” : A black spot in the internet which involve all the criminal activities on the internet such as selling Drugs, fraud, copyright infringement and piracy and so on.
A free software implementation of second-generation onion routing that help the user to be anonymous while using the internet so it protect the user’s privacy from being monitored
Some people use it in the wrong way which lead to what is called now “The Darknet” : A black spot in the internet which involve all the criminal activities on the internet such as selling Drugs, fraud, copyright infringement and piracy and so on.
Free Net is a Distributed Anonymous Information Storage and Retrieval System. Which provides an effective means of anonymous information storage and retrieval.
This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability, and efficiency.
Similar to (130727) #fitalk anonymous network concepts and implementation (20)
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
3. forensicinsight.org Page 3
Overview
Attack Trends Summary
Modern attack mostly involves malware, which
Attempts to conceal attack itself
Makes it hard to trace themselves down from network perspective
Makes it difficult to find artifacts by wiping out themselves from system perspective
Employs many techniques to be hard for analysis including:
Anti-VM, Anti-disassembly, Anti-debugging and cryptography
Infects a target but do nothing harm until they achieve their goals
Imagine how future malware will evolve, which
Employs the combination of existing – even legitimate – tools/techniques in a malicious fashion
Emerges new variables targeting cloud computing
Focuses highly on target-oriented attack which does not affect others
Uses steganography technique in a wild more often
Forms private tor network with exploited zombie machines
4. forensicinsight.org Page 4
Overview
Malware/Crimeware
Key Loggers
Screenscrapers
Email, IM Redirectors
Session Hijackers
Web Trojans
Transaction Generators
Data Theft
Man-in-the-Middle
Rootkits
Attachment
Peer-to-Peer Networks
Piggybacking
Internet Worms, Virus
Web Browser Exploits
Server Compromise
Affiliate Marketing
Phishing
Pharming
Information Compromise
Spam Transmission
Denial-of-Service, DDoS
Click Fraud
Data Ransoming
Identity Stealing
Credit Card Abuse
Defamation
Embezzlement
Political Argument
Features
Distribution
Misuse
Let’s briefly take a look at what to have, how to spread and what to do.
5. forensicinsight.org Page 5
Background
Necessity / Motivation (1/2)
“Anonymity serves different interests for different user groups.”
by Roger Dingledine, the creator of the Tor
6. forensicinsight.org Page 6
Background
Necessity / Motivation (2/2)
Regular citizens do not want to be watched and tracked.
Businesses need to keep trade secrets.
Law enforcement needs anonymity to get the job done.
Government need anonymity for their security.
Journalists and activists need anonymity for their personal safety.
Hard to configure your own network though!!
Compromised botnets
Stolen mobile phones
Open wireless nets
Malware spread (trojans, virus, worms)
Spamming
Phishing
8. forensicinsight.org Page 8
Implemented Anonymous Network - Tor
The Tor (the Onion Routing) at a glance
TOR
NETWORK
When there is an evil user or server, then it could be blocked with ease.
Tor is designed for hiding where the communication comes from, and going to.
9. forensicinsight.org Page 9
Implemented Anonymous Network - Tor
The Tor (the Onion Routing) at a glance
Tor network consists of many relay and exit nodes.
TOR
RELAY
TOR
RELAY
TOR
RELAY
TOR
RELAY
TOR
RELAY
TOR
EXIT
TOR
EXIT
The idea comes from Chaum’s Mix-Net design at first.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms
(Communications of the ACM February 1981 Volume 24 Number 2)
10. forensicinsight.org Page 10
Implemented Anonymous Network - Tor
The Tor (the Onion Routing) Concept
Open source software
https://svn.torproject.org/cgi-bin/viewvc.cgi/Tor/
http://sourceforge.net/projects/advtor/
A distributed, anonymous Network
A Protocol
Tor provides online anonymity
11. forensicinsight.org Page 11
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): How it works
Alice’s Tor client obtains a list of Tor nodes from a directory server, Dave.
Alice’s Tor client picks a random destination server.
Alice’s Tor client selects a second random path.
https://www.torproject.org/about/overview.html.en
12. forensicinsight.org Page 12
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Diffie-Hellman Key Exchange Algorithm in TLS (1/2)
DH establishes a shared secret that can be
used for secret communications while
exchanging data over a public network
(Step A) Alice and Bob have common
information and secrets which belong to
one’s own.
(Step B) Each creates a value with a secret,
and transmit it to the other.
(Step C) Using a value by the other, each
creates common secret.
13. forensicinsight.org Page 13
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Diffie-Hellman Key Exchange Algorithm in TLS (2/2)
SSL / TLS (Secure Socket Layer / Transport Layer Security)
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
14. forensicinsight.org Page 14
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Entire Mechanism (1/3)
Circuit (Chain) establishment
Originator Entry Node
(OR1)
Web
Server
Exit Node
(OR2)
Directory Node
(Special node)
1. Provide
Node List
2. Choose nodes
(chain, circuit)
3. DH Key
Exchange
4. Session
Key (secret)
5. DH Key
Exchange
6. Session
Key (secret)
7. DH Key
Exchange
8. Session
Key (secret)
All communication between nodes over TLSv1
The originator and directory node actually involves with DH over TLS.
15. forensicinsight.org Page 15
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Entire Mechanism (2/3)
Sending HTTP data over the Internet anonymously
Originator Entry Node
(OR1)
Web
Server
Exit Node
(OR2)
RELAY C1
Local Proxy
(SOCKS)
RELAY C2 RELAY C3
C1 = {RELAY C1: [RELAY (Send HTTP request to Web-Server-IP)]}
C2 = {RELAY C2: ENCRYPTED CONTENT}
C3 = {Send HTTP request to Web-Server-IP}
OR1 (Entry Node) knows the origin which the packets come from.
OR2 (Exit Node) knows the destination which the incoming packets go to.
If any, all OR nodes between entry node and exit node only know the adjacent nodes.
16. forensicinsight.org Page 16
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Entire Mechanism (3/3)
Diagram about tor operation in details
https://svn.torproject.org/svn/projects/design-paper/tor-design.html
17. forensicinsight.org Page 17
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Statistics as of July, 2013 (1/2)
One of the largest deployed network
Almost 4,000 relays
Almost 2,000 bridges
Around 500,000 users per each day
http://tigerpa.ws/tor_metrics/
18. forensicinsight.org Page 18
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Statistics as of July, 2013 (2/2)
Some countries(ISPs) have a censorship to prevent users from getting access to certain sites.
Bridge Relays (almost 25,000)
Helps censored users access the Tor network
Are not listed in the same public directories
19. forensicinsight.org Page 19
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Official Record
Tor Relay IP Address in the Past
https://metrics.torproject.org/exonerator.html
Tor Relay IP Search
https://metrics.torproject.org/relay-search.html
20. forensicinsight.org Page 20
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Detection Technique Example (1/2)
Someone should talk to directory server (public) to join the tor network.
A series of unauthorized certificates in SSL/TLS communication before encryption.
Other than IP/Port (Layer 3), all TLS traffic are encrypted.
21. forensicinsight.org Page 21
Implemented Anonymous Network - Tor
The Tor (the Onion Routing): Detection Technique Example (2/2)
X.509 Certificate has an issuer/subject field.
Tor initiates a series of SSL/TLS connections with 3~5 hosts at the same time.
This requires behavior-based analysis if bridges are used for censorship bypass.
http://en.wikipedia.org/wiki/X.509
http://helpforsure.wordpress.com/tag/x-509-version-3-digital-certificates/
22. forensicinsight.org Page 22
Implemented Anonymous Network - Freenet
What is Freenet?
A separate network that runs over the internet
Only access Freenet content through Freenet including:
Freesites (websites on Freenet),
in-Freenet chat forums (FMS, Sone, etc),
files shared within Freenet,
in-Freenet email
Distributed Database
The more popular a file or page,
the more widely it will be cached,
the faster it will download.
https://freenetproject.org/faq.html
23. forensicinsight.org Page 23
Implemented Anonymous Network - Freenet
Properties
A large distributed storage device
When storing a file, you receive a key to retrieve the file.
With a key, Freenet returns the appropriate file.
Data Management
Location to store data: C:Users[UserID]AppDataLocalFreenetdatastore
Little or no control over what is stored in your datastore
Kept or deleted depending on how popular they are.
Routing
Initially, each node has no information about the performance of the other nodes. (Random Routing)
More documents same node; begin to cluster with data items (Cuz the same routing rules are used)
As a result, the network will self-organize into a distributed, clustered structure.
24. forensicinsight.org Page 24
Implemented Anonymous Network - Freenet
Properties
Keys
Each file that exists on Freenet has a key associated with it.
Fproxy http://localhost:8888/[Freenet Key]
CHK - Content Hash Keys
The decryption key is stored encrypted within the file.
SSK - Signed Subspace Keys
Usually for sites that are going to change over time
USK - Updateable Subspace Keys
Linking to the latest version of a Signed Subspace Key (SSK) site
KSK - Keyword Signed Keys
Allowing to save named pages in Freenet
CHK @ file hash , decryption key , crypto settings
SSK @ public key hash , decryption key , crypto settings / user selected name - version
USK @ public key hash , decryption key , crypto settings / user selected name - version
KSK @ myfile.txt
25. forensicinsight.org Page 25
Implemented Anonymous Network - Gnunet
What is Gnunet?
Started in late 2001
Implemented for secure peer-to-peer networking
Improved content encoding: ECRS, the encoding for censorship resistant sharing
A framework for secure peer-to-peer networking that does not use any centralized
Focus on anonymous censorship-resistant file-sharing
Provides anonymity by
. making messages originating from a peer indistinguishable from messages that the peer is routing
. acting as routers and use link-encrypted connections with stable bandwidth utilization
Similar to tor, but limited to share files anonymously, searching, swarming, and caching.
http://en.wikipedia.org/wiki/GNUnet
https://gnunet.org/
26. forensicinsight.org Page 26
Implemented Anonymous Network – I2P
What is I2P? (1/2)
Began in 2003
An anonymizing network, a low latency mix network
Goal:
producing a low latency, fully distributed, autonomous,
scalable, anonymous, resilient, and secure network
All data is wrapped with several layers of encryption. (End-to-End)
The network is both distributed and dynamic, with no trusted parties and no centralized resources.
http://www.i2p2.de/
27. forensicinsight.org Page 27
Implemented Anonymous Network – I2P
What is I2P? (2/2)
Made up of a set of nodes ("routers") with a number of unidirectional inbound and outbound
virtual paths (“tunnels”)
Has its own internal network database (using a modification of the Kademlia algorithm) for
distributing routing and contact information securely
Garlic Wrapped:
(Garlic Routing)
1. Layered Encryption
2. Bundling multiple
messages together
3. ElGamal/AES Encryption
Peer Profiling (Peer Collection)
Peer Selection (Peer Choosing)
http://www.i2p2.de/how_intro
29. forensicinsight.org Page 29
Circumvention Techniques against Censorships
How to circumvent censorships by DPI (deep packet inspections)
Even bridges could be blocked by DPI.
New techniques have been introduced to circumvent such censorships.
Core technology: pluggable transport transformation
Obfsproxy is a Python framework for implementing new pluggable transports. It uses Twisted for
its networking needs, and pyptlib for some pluggable transport-related features. It supports
the obfs2 and obfs3 pluggable transports. (by George Kadianakis)
Flashproxy turns ordinary web browsers into bridges using websockets, and has a little python
stub to hook Tor clients to the websocket connection. (by David Fifield)
ScrambleSuit is a pluggable transport that protects against follow-up probing attacks and is also
capable of changing its network fingerprint (packet length distribution, inter-arrival times, etc.).
It's part of the Obfsproxy framework. (by Philipp Winter)
StegoTorus is an Obfsproxy fork that extends it to a) split Tor streams across multiple
connections to avoid packet size signatures, and b) embed the traffic flows in traces that look
like html, javascript, or pdf. (by Zack Weinberg)
SkypeMorph transforms Tor traffic flows so they look like Skype Video. (by Ian Goldberg)
Dust aims to provide a packet-based (rather than connection-based) DPI-resistant protocol. (by
Brandon Wiley)
https://www.torproject.org/docs/pluggable-transports.html.en
30. forensicinsight.org Page 30
Circumvention Techniques against Censorships
How to circumvent censorships by DPI - Obfsproxy
Transforms the Tor traffic between the client and the bridge.
Supports multiple protocols, pluggable transports.
Get bridges in Bridge DB and then add them to tor
https://www.torproject.org/projects/obfsproxy.html.en
https://bridges.torproject.org/?transport=obfs2
31. forensicinsight.org Page 31
Circumvention Techniques against Censorships
How to circumvent censorships by DPI - flashproxy
Began as a project in Stanford's class in spring 2011
Works at tor version 0.2.3.2-alpha or later
This model have supposed that facilitator outside have been already blocked.
: Client does not communicate directly to facilitator, designed to be covert and very hard to block.
1. Makes TLS Connection
2. Sends encrypted email
from anonymous address
to a special facilitator addr.
1. Checks this mailbox
periodically
2. Decrypts the messages
3. Inserts the registrations
they contain.
https://crypto.stanford.edu/flashproxy/
https://crypto.stanford.edu/flashproxy/flashproxy.pdf