Presentation of "Anonymity in the web based on routing protocols" technical report developed for the Web Security course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
Link: https://www.slideshare.net/BiagioBotticelli/anonymity-in-the-web-based-on-routing-protocols
Presentation of "State of the Art of IoT Honeypots" technical report developed for the Seminar in Advanced Topics in Computer Science course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
Link: https://www.slideshare.net/secret/EfL8YbinRZjDPS
IoT Malware Detection through Threshold Random WalksBiagio Botticelli
Presentation of my Master Thesis Project in Engineering in Computer Science of University of Rome "La Sapienza".
The thesis applies the Threshold Random Walk probabilistic algorithm to make an online detection of IoT Malware Families.
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
Drew Moseley presented on Linux IoT botnets and the lack of security hardening. He discussed three major botnets - Mirai, Hajime, and BrickerBot - and how they exploited common security problems like default credentials and unpatched vulnerabilities. Moseley emphasized that developers can learn from past mistakes by reviewing vulnerabilities and implementing secure designs to avoid compromising products. Basic security measures like unique passwords, updates, and least privilege access could significantly increase the costs for attackers while lowering risks for IoT device manufacturers and users.
Detecting and Confronting Flash Attacks from IoT BotnetsFarjad Noor
This document discusses detecting and confronting flash attacks from IoT botnets. It begins by providing background on the Internet of Things and how IoT devices are increasingly being compromised to form botnets. It then describes the architecture of the Mirai malware, which uses a scanner to find vulnerable IoT devices and a command-and-control server to direct attacks. The document proposes using a sparse autoencoder neural network to detect IoT botnets by analyzing network traffic patterns. It also details methods to detect cryptojacking activities on infected devices by analyzing network protocols and abnormal resource usage. Finally, it discusses setting up a Mirai botnet on a virtual private server to further study flash attacks and confrontations.
Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open, then one of their employees can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner.
The document discusses various tools used in a hacker's toolkit. It describes network scanners like NetStumbler and Kismet that can detect wireless access points, their security settings, and connected devices. The document analyzes these scanners' abilities and limitations. It also mentions the importance of packet sniffers for analyzing network traffic in promiscuous mode and their uses for intrusion detection, information gathering, and monitoring network usage. The author provides examples of using these tools to probe their neighborhood wireless networks, finding an unsecured network they were able to access to control the router.
Security threats analysis in bluetooth enabled mobile devicesIJNSA Journal
Exponential growth of the volume of Bluetooth-enabled devices indicates that it has become a popular way of wireless interconnections for exchanging information. The main goal of this paper is to analyze the most critical Bluetooth attacks in real scenarios. In order to find out the major vulnerabilities in modern Bluetooth-enabled mobile devices several attacks have performed successfully such as Surveillance, Obfuscation, Sniffing, Unauthorized Direct Data Access (UDDA) and Man-in-the-Middle
Attack (MITM). To perform the testbed, several devices are used such as mobile phones, laptops,
notebooks, wireless headsets, etc. and all the tests are carried out by pen-testing software like hcittml, braudit, spoafiooph, hridump, bluesnarfer, bluebugger and carwhisperer.
Presentation of "State of the Art of IoT Honeypots" technical report developed for the Seminar in Advanced Topics in Computer Science course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
Link: https://www.slideshare.net/secret/EfL8YbinRZjDPS
IoT Malware Detection through Threshold Random WalksBiagio Botticelli
Presentation of my Master Thesis Project in Engineering in Computer Science of University of Rome "La Sapienza".
The thesis applies the Threshold Random Walk probabilistic algorithm to make an online detection of IoT Malware Families.
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
Drew Moseley presented on Linux IoT botnets and the lack of security hardening. He discussed three major botnets - Mirai, Hajime, and BrickerBot - and how they exploited common security problems like default credentials and unpatched vulnerabilities. Moseley emphasized that developers can learn from past mistakes by reviewing vulnerabilities and implementing secure designs to avoid compromising products. Basic security measures like unique passwords, updates, and least privilege access could significantly increase the costs for attackers while lowering risks for IoT device manufacturers and users.
Detecting and Confronting Flash Attacks from IoT BotnetsFarjad Noor
This document discusses detecting and confronting flash attacks from IoT botnets. It begins by providing background on the Internet of Things and how IoT devices are increasingly being compromised to form botnets. It then describes the architecture of the Mirai malware, which uses a scanner to find vulnerable IoT devices and a command-and-control server to direct attacks. The document proposes using a sparse autoencoder neural network to detect IoT botnets by analyzing network traffic patterns. It also details methods to detect cryptojacking activities on infected devices by analyzing network protocols and abnormal resource usage. Finally, it discusses setting up a Mirai botnet on a virtual private server to further study flash attacks and confrontations.
Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open, then one of their employees can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the right conditions and with the right protocols in place, an attacking party may be able to gather information that can be used for further attacks or to cause other issues for the network or system owner.
The document discusses various tools used in a hacker's toolkit. It describes network scanners like NetStumbler and Kismet that can detect wireless access points, their security settings, and connected devices. The document analyzes these scanners' abilities and limitations. It also mentions the importance of packet sniffers for analyzing network traffic in promiscuous mode and their uses for intrusion detection, information gathering, and monitoring network usage. The author provides examples of using these tools to probe their neighborhood wireless networks, finding an unsecured network they were able to access to control the router.
Security threats analysis in bluetooth enabled mobile devicesIJNSA Journal
Exponential growth of the volume of Bluetooth-enabled devices indicates that it has become a popular way of wireless interconnections for exchanging information. The main goal of this paper is to analyze the most critical Bluetooth attacks in real scenarios. In order to find out the major vulnerabilities in modern Bluetooth-enabled mobile devices several attacks have performed successfully such as Surveillance, Obfuscation, Sniffing, Unauthorized Direct Data Access (UDDA) and Man-in-the-Middle
Attack (MITM). To perform the testbed, several devices are used such as mobile phones, laptops,
notebooks, wireless headsets, etc. and all the tests are carried out by pen-testing software like hcittml, braudit, spoafiooph, hridump, bluesnarfer, bluebugger and carwhisperer.
IoT Vulnerability Analysis and IOT In security ControlsJay Nagar
1) The document discusses vulnerabilities found in IoT devices, including a lack of strong passwords, encryption of communications and updates, and other security issues.
2) The author analyzed 50 smart home devices and found major issues with all of them, such as none enforcing strong passwords or using mutual authentication.
3) The document provides examples of potential attacks on IoT devices when an attacker has access to the local network, such as intercepting unencrypted traffic or reprogramming devices by spoofing firmware updates.
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
Sniffing is one of the most prominent causes for most of the attacks in the digitized computing environment. Through various packet analyzers or sniffers available free of cost, the network packets can be captured and analyzed. The sensitive information of the victim like user credentials, passwords, a PIN which is of more considerable interest to the assailants’ can be stolen through sniffers. This is the primary reason for most of the variations of DDoS attacks in the network from a variety of its catalog of attacks. An effective and trusted framework for detecting and preventing these sniffing has greater significance in today’s computing. A counter hack method to avoid data theft is to encrypt sensitive information. This paper provides an analysis of the most prominent sniffing attacks. Moreover, this is one of the most important strides to guarantee system security. Also, a Lattice structure has been derived to prove that sniffing is the prominent activity for DoS or DDoS attacks.
This document summarizes a research paper that proposes a technique to detect IP spoofing attacks using router-based information. The technique scans incoming IP packets without cryptography to identify spoofed packets based on analyzing the route taken by each packet. IP spoofing is commonly used in denial of service attacks to conceal attacking sources. Existing host-based defenses are insufficient and filtering spoofed packets at the network layer is important to protect against DDoS attacks. The proposed technique aims to filter out bogus traffic with a low false positive rate by leveraging route information analyzed during packet processing.
Cyber security at the application level involves protecting applications from vulnerabilities through proper security measures implemented during the software development lifecycle. This includes securing applications from flaws introduced during design, development, deployment, upgrade or maintenance. Application security aims to prevent exceptions to the security policy by addressing vulnerabilities in the application or underlying system. Key aspects of application security include input validation, access controls, and output encoding.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIESIJNSA Journal
In this paper, we examined the effect on network performance of the various strategies an attacker could adopt to launch Man-In The Middle (MITM) attacks on the wireless network, such as fleet or random strategies. In particular, we're focusing on some of those goals for MITM attackers - message delay, message dropping. According to simulation data, these attacks have a significant effect on legitimate nodes in the network, causing vast amounts of infected packets, end-to-end delays, and significant packet loss.
The document discusses botnet detection using SSL encryption. It begins with an abstract discussing how botnets spread through distributed denial of service attacks and control large numbers of computers. The authors propose checking SSL traffic and features to detect malicious connections. It then discusses how botnets use peer-to-peer networks and protocols like HTTP and IRC, making detection challenging. The document outlines a framework for detecting P2P botnets using host-based and network-based methods. It describes applying the Apriori algorithm to find frequent itemsets in network data to identify systems likely to be infected. In conclusion, the authors present a detection system that can identify malicious connections over SSL and propose a graphical tool to detect future infected systems through data mining.
Introduction to Cyber security module - IIITAMBEMAHENDRA1
This document provides an overview of information and network detection topics including identification and authorization, intrusion detection systems, firewalls, VPN security, and cloud security. Identification means claiming an identity, authentication proves identity, and authorization determines access rights. Intrusion detection systems monitor for malicious activity via signature-based detection of known threats or anomaly-based detection of abnormal behavior. Firewalls control network traffic based on rules and establish barriers between trusted internal networks and other networks like the Internet. VPNs extend private networks securely across public networks using encryption. Cloud security focuses on identity management, physical security, personnel security, availability, application security, and privacy.
This document discusses various computer security risks and safeguards. It describes types of network attacks like viruses, worms, and Trojan horses. It also discusses unauthorized access and ways to prevent it through access controls, passwords, biometrics, and digital forensics. The document covers risks of hardware theft, software theft, and information theft. It discusses safeguards like encryption, digital signatures, and backups. Other topics include wireless security risks, health issues from computer use, and ethical issues around information accuracy, intellectual property, green computing, and privacy.
The document discusses ethical hacking and penetration testing. It defines ethical hacking as legal attempts to hack into a company's network to find vulnerabilities with the goal of improving security. It outlines the steps an ethical hacker may take including footprinting, scanning, enumeration, and penetration testing. The roles of both ethical and non-ethical hackers are contrasted.
Botnets are collections of internet-connected computers that are controlled by cybercriminals without the owners' knowledge. The document discusses how botnets work through command-and-control servers, the threats they pose such as distributed denial-of-service attacks and spam, and methods for detecting and preventing botnet infections and activity. It also analyzes the findings of a study on botnet technologies, including their propagation, exploits, evasion techniques, and implications for security research.
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
Practical requirements for securely demonstrating identities between two handheld
devices are an important concern. The adversary can inject a Man-In- The-Middle (MITM) attack to
intrude the protocol. Protocols that employ secret keys require the devices to share private
information in advance, in which it is not feasible in the above scenario. Apart from insecurely
typing passwords into handheld devices or comparing long hexadecimal keys displayed on the
devices’ screen, many other human-verifiable protocols have been proposed in the literature to solve
the problem. Unfortunately, most of these schemes are unsalable to more users. Even when there are
only three entities attempt to agree a session key, these protocols need to be rerun for three times.
So, in the existing method a bipartite and a tripartite authentication protocol is presented using a
temporary confidential channel. Besides, further extend the system into a transitive authentication
protocol that allows multiple handheld devices to establish a conference key securely and efficiently.
But this method detects only the outsider attacks. Method does not consider the insider attacks. So,
in the proposed method trust score based method is introduced which computes the trust values for
the nodes and provide the security. The trust score is computed has a positive influence on the
confidence with which an entity conducts transactions with that node. Network the behavior of the
node will be monitored periodically and its trust value is also updated .So depending on the behavior
of the node in the network trust relation will be established between two nodes.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
This document provides an overview of Android hacking. It begins by introducing Android and defining Android hacking as any technical effort to manipulate the normal behavior of an Android operating system. It then discusses some common Android hacking applications and threats, including data interception, third-party app vulnerabilities, and malware like viruses, SMS trojans, and rootkits. The document also covers hacking Bluetooth-enabled Android devices and outlines steps to better protect devices. Finally, it provides a brief introduction to India's Information Technology Act of 2000 and how cybercriminals operate.
The document discusses the WPA2 Hole196 vulnerability that allows a malicious insider on a WPA2 secured wireless network to decrypt and read private data from other authorized users on the network. It describes how the vulnerability works and exploits such as ARP poisoning that can be used. It then discusses potential mitigation strategies including client isolation, fixing the vulnerability in wireless infrastructure, and using a wireless intrusion prevention system.
Tor is an anonymity network that allows users to browse the web anonymously. It works by routing traffic through a series of volunteer servers, or relays, that encrypt and then randomly route data in an attempt to make it untraceable. The Tor browser bundles this routing technology to allow users to access the open web as well as "hidden services" anonymously. While Tor provides anonymity, it has some weaknesses including potential traffic analysis of autonomous systems and exit node eavesdropping. The presentation provides an overview of how Tor works and relays, how to use Tor safely, and some common services found on Tor.
Onion routing and tor: Fundamentals and Anonymityanurag singh
Onion Routing and Tor: Fundamentals and anonymity discusses anonymity on the internet and how Tor works to provide anonymity. It explains that traditional IP addresses and browser tracking can be linked to a user's identity. Tor creates circuits through multiple relay nodes to hide a user's location and communications. Key features of Tor include using volunteer-run relay nodes, protecting against traffic analysis, and enabling hidden services to host anonymous websites. While Tor enhances anonymity, it cannot prevent all timing attacks if the start and end of a user's traffic can be observed.
This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.
The document outlines the Tor network, including its history, design, components, and how it works. Tor allows for anonymous communication by routing traffic through a distributed network of relays run by volunteers. It improves on earlier designs like Chaum mixes by having no mixing, padding, or traffic shaping, and supports many TCP streams per circuit. The document discusses cells, circuit creation, congestion control, hidden services, advantages/disadvantages, and attacks/defenses.
IoT Vulnerability Analysis and IOT In security ControlsJay Nagar
1) The document discusses vulnerabilities found in IoT devices, including a lack of strong passwords, encryption of communications and updates, and other security issues.
2) The author analyzed 50 smart home devices and found major issues with all of them, such as none enforcing strong passwords or using mutual authentication.
3) The document provides examples of potential attacks on IoT devices when an attacker has access to the local network, such as intercepting unencrypted traffic or reprogramming devices by spoofing firmware updates.
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
Sniffing is one of the most prominent causes for most of the attacks in the digitized computing environment. Through various packet analyzers or sniffers available free of cost, the network packets can be captured and analyzed. The sensitive information of the victim like user credentials, passwords, a PIN which is of more considerable interest to the assailants’ can be stolen through sniffers. This is the primary reason for most of the variations of DDoS attacks in the network from a variety of its catalog of attacks. An effective and trusted framework for detecting and preventing these sniffing has greater significance in today’s computing. A counter hack method to avoid data theft is to encrypt sensitive information. This paper provides an analysis of the most prominent sniffing attacks. Moreover, this is one of the most important strides to guarantee system security. Also, a Lattice structure has been derived to prove that sniffing is the prominent activity for DoS or DDoS attacks.
This document summarizes a research paper that proposes a technique to detect IP spoofing attacks using router-based information. The technique scans incoming IP packets without cryptography to identify spoofed packets based on analyzing the route taken by each packet. IP spoofing is commonly used in denial of service attacks to conceal attacking sources. Existing host-based defenses are insufficient and filtering spoofed packets at the network layer is important to protect against DDoS attacks. The proposed technique aims to filter out bogus traffic with a low false positive rate by leveraging route information analyzed during packet processing.
Cyber security at the application level involves protecting applications from vulnerabilities through proper security measures implemented during the software development lifecycle. This includes securing applications from flaws introduced during design, development, deployment, upgrade or maintenance. Application security aims to prevent exceptions to the security policy by addressing vulnerabilities in the application or underlying system. Key aspects of application security include input validation, access controls, and output encoding.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIESIJNSA Journal
In this paper, we examined the effect on network performance of the various strategies an attacker could adopt to launch Man-In The Middle (MITM) attacks on the wireless network, such as fleet or random strategies. In particular, we're focusing on some of those goals for MITM attackers - message delay, message dropping. According to simulation data, these attacks have a significant effect on legitimate nodes in the network, causing vast amounts of infected packets, end-to-end delays, and significant packet loss.
The document discusses botnet detection using SSL encryption. It begins with an abstract discussing how botnets spread through distributed denial of service attacks and control large numbers of computers. The authors propose checking SSL traffic and features to detect malicious connections. It then discusses how botnets use peer-to-peer networks and protocols like HTTP and IRC, making detection challenging. The document outlines a framework for detecting P2P botnets using host-based and network-based methods. It describes applying the Apriori algorithm to find frequent itemsets in network data to identify systems likely to be infected. In conclusion, the authors present a detection system that can identify malicious connections over SSL and propose a graphical tool to detect future infected systems through data mining.
Introduction to Cyber security module - IIITAMBEMAHENDRA1
This document provides an overview of information and network detection topics including identification and authorization, intrusion detection systems, firewalls, VPN security, and cloud security. Identification means claiming an identity, authentication proves identity, and authorization determines access rights. Intrusion detection systems monitor for malicious activity via signature-based detection of known threats or anomaly-based detection of abnormal behavior. Firewalls control network traffic based on rules and establish barriers between trusted internal networks and other networks like the Internet. VPNs extend private networks securely across public networks using encryption. Cloud security focuses on identity management, physical security, personnel security, availability, application security, and privacy.
This document discusses various computer security risks and safeguards. It describes types of network attacks like viruses, worms, and Trojan horses. It also discusses unauthorized access and ways to prevent it through access controls, passwords, biometrics, and digital forensics. The document covers risks of hardware theft, software theft, and information theft. It discusses safeguards like encryption, digital signatures, and backups. Other topics include wireless security risks, health issues from computer use, and ethical issues around information accuracy, intellectual property, green computing, and privacy.
The document discusses ethical hacking and penetration testing. It defines ethical hacking as legal attempts to hack into a company's network to find vulnerabilities with the goal of improving security. It outlines the steps an ethical hacker may take including footprinting, scanning, enumeration, and penetration testing. The roles of both ethical and non-ethical hackers are contrasted.
Botnets are collections of internet-connected computers that are controlled by cybercriminals without the owners' knowledge. The document discusses how botnets work through command-and-control servers, the threats they pose such as distributed denial-of-service attacks and spam, and methods for detecting and preventing botnet infections and activity. It also analyzes the findings of a study on botnet technologies, including their propagation, exploits, evasion techniques, and implications for security research.
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
Practical requirements for securely demonstrating identities between two handheld
devices are an important concern. The adversary can inject a Man-In- The-Middle (MITM) attack to
intrude the protocol. Protocols that employ secret keys require the devices to share private
information in advance, in which it is not feasible in the above scenario. Apart from insecurely
typing passwords into handheld devices or comparing long hexadecimal keys displayed on the
devices’ screen, many other human-verifiable protocols have been proposed in the literature to solve
the problem. Unfortunately, most of these schemes are unsalable to more users. Even when there are
only three entities attempt to agree a session key, these protocols need to be rerun for three times.
So, in the existing method a bipartite and a tripartite authentication protocol is presented using a
temporary confidential channel. Besides, further extend the system into a transitive authentication
protocol that allows multiple handheld devices to establish a conference key securely and efficiently.
But this method detects only the outsider attacks. Method does not consider the insider attacks. So,
in the proposed method trust score based method is introduced which computes the trust values for
the nodes and provide the security. The trust score is computed has a positive influence on the
confidence with which an entity conducts transactions with that node. Network the behavior of the
node will be monitored periodically and its trust value is also updated .So depending on the behavior
of the node in the network trust relation will be established between two nodes.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
This document provides an overview of Android hacking. It begins by introducing Android and defining Android hacking as any technical effort to manipulate the normal behavior of an Android operating system. It then discusses some common Android hacking applications and threats, including data interception, third-party app vulnerabilities, and malware like viruses, SMS trojans, and rootkits. The document also covers hacking Bluetooth-enabled Android devices and outlines steps to better protect devices. Finally, it provides a brief introduction to India's Information Technology Act of 2000 and how cybercriminals operate.
The document discusses the WPA2 Hole196 vulnerability that allows a malicious insider on a WPA2 secured wireless network to decrypt and read private data from other authorized users on the network. It describes how the vulnerability works and exploits such as ARP poisoning that can be used. It then discusses potential mitigation strategies including client isolation, fixing the vulnerability in wireless infrastructure, and using a wireless intrusion prevention system.
Tor is an anonymity network that allows users to browse the web anonymously. It works by routing traffic through a series of volunteer servers, or relays, that encrypt and then randomly route data in an attempt to make it untraceable. The Tor browser bundles this routing technology to allow users to access the open web as well as "hidden services" anonymously. While Tor provides anonymity, it has some weaknesses including potential traffic analysis of autonomous systems and exit node eavesdropping. The presentation provides an overview of how Tor works and relays, how to use Tor safely, and some common services found on Tor.
Onion routing and tor: Fundamentals and Anonymityanurag singh
Onion Routing and Tor: Fundamentals and anonymity discusses anonymity on the internet and how Tor works to provide anonymity. It explains that traditional IP addresses and browser tracking can be linked to a user's identity. Tor creates circuits through multiple relay nodes to hide a user's location and communications. Key features of Tor include using volunteer-run relay nodes, protecting against traffic analysis, and enabling hidden services to host anonymous websites. While Tor enhances anonymity, it cannot prevent all timing attacks if the start and end of a user's traffic can be observed.
This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.
The document outlines the Tor network, including its history, design, components, and how it works. Tor allows for anonymous communication by routing traffic through a distributed network of relays run by volunteers. It improves on earlier designs like Chaum mixes by having no mixing, padding, or traffic shaping, and supports many TCP streams per circuit. The document discusses cells, circuit creation, congestion control, hidden services, advantages/disadvantages, and attacks/defenses.
The document discusses the Tor network, which provides anonymity online. It begins by explaining what Tor is - an open source project that routes traffic through multiple servers to hide a user's location and activities. It then discusses why anonymity is needed, such as to protect privacy from advertisers, employers, or governments. The document goes on to explain how normal internet connections work without anonymity compared to how Tor creates anonymous circuits through multiple servers to encrypt traffic. It also discusses who uses Tor, such as journalists and activists seeking privacy, as well as some dangers like traffic analysis. Finally, it concludes that Tor has become very widely used and effective at providing mutual anonymity online.
Tor is an anonymous communication network that allows users to securely communicate on the internet without revealing their location or identity. It works by routing a user's communications through a series of relay servers run by volunteers all around the world, making it difficult to trace the origin or destination of the communications. Tor protects users' privacy and anonymity through its onion routing technique which encrypts and then randomly bounces communications through multiple nodes. While Tor provides anonymity, it can also be used for illegal activities which presents challenges for its widespread adoption and use.
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is transmitted through a series of network nodes called onion routers, each of which "peels" away a single layer, uncovering the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.
Onion routing was developed in the mid-1990s at the U.S. Naval Research to protect U.S. intelligence communications online. It was further developed by the Defence Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998. Onion Routing is implemented The Onion Routing project or TOR project.
Overlay networks are virtual networks built on top of existing networks that add additional layers of indirection. There are several types of overlay networks including caching, routing, and security overlays. Two examples of anonymous communication networks are ACN and I2P. I2P uses "garlic routing" which involves layered encryption, bundling multiple messages together, and ElGamal/AES encryption. It has a distributed, self-organizing design and uses short-lived, unidirectional tunnels to provide anonymity through its network.
Technical report developed for the Web Security course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
The paper presents the techniques which allow the user to gain anonymity in the Internet by using Tor and I2P routing protocols.
There is also an introduction to Dark Web and Tor Hidden Services.
Onion routing is an anonymous communication technique that encrypts and routes traffic through multiple network nodes, making it difficult to trace. It works by having a client connect to a Tor network node, which encrypts the connection and passes it to another node, and so on through several nodes, with each node only knowing the previous and next hops. This creates an encrypted circuit through the network that separates identification of the user from message routing to provide anonymity.
The document provides an overview of the Tor Browser and how the Tor network functions to provide anonymity to users. It discusses how Tor uses onion routing to encrypt data and pass it through multiple nodes, or relays, so that no single point on the network can identify both the origin and destination of the data. It details how the Tor Browser is built on Firefox and includes extra privacy and security features. It also examines the technical aspects of how data is passed through the Tor network in cells and circuits to hide a user's location and activity.
Comparison of Anonymous Communication Networks-Tor, I2P, FreenetIRJET Journal
This document provides an overview and comparison of three anonymous communication networks: Tor, I2P, and Freenet. It describes the basic functionality of each network, including how they provide anonymity through encrypted routing of network traffic (Tor and I2P) or distributed data storage (Freenet). It then compares the networks in terms of anonymity provided, speed, available darknet sites, popularity, content, typical usage, and community support. The document concludes that while no single network is perfect, using a combination can provide effective anonymity, and the choice depends on one's specific needs and threat model.
Onion routing is an anonymous communication technique that encrypts and then bounces communications through multiple nodes, akin to peeling layers from an onion. It was developed in the late 1990s and patented by the US Navy. Tor is the predominant technology that uses onion routing today. It encrypts data in successive layers to hide the origin, destination, and contents of messages as they pass through intermediate nodes. This provides strong anonymity and unlinkability between senders and receivers.
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
This document provides an overview of anonymous networks and circumvention techniques. It discusses Tor, Freenet, Gnunet, and I2P as examples of implemented anonymous networks. Tor routes traffic through volunteer servers called nodes to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Circumvention techniques like Obfsproxy and Flashproxy are also summarized, which transform Tor traffic to bypass censorship methods like deep packet inspection.
DEF CON 27 - ROGER DINGLEDINE -tor censorship arms raceFelipe Prado
- Tor is an anonymity network used by millions daily that allows censorship resistance but faces active censorship attempts from governments like China and Iran (paragraphs 1-3, 17-18)
- Tor's safety depends on diversity of relays and users, and transparency of its open source design, but governments have blocked relays, bridges, and discovery methods over time (paragraphs 14-16, 21-23, 25-34)
- Tor has developed new techniques like pluggable transports and Snowflake to evade censorship, but censors also escalate with techniques like active probing, and an ongoing arms race continues (paragraphs 35-37, 43-45, 59-60)
This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability, and efficiency.
This document provides an overview of the Tor anonymity network. It discusses how Tor aims to conceal users' identities and online activity by routing data through at least three different routers, with encryption at each node except the beginning and end. The document outlines Tor's history and how it works, addressing its weaknesses, typical users, and licit and illicit uses. It also includes an agenda, abstract, timeline, and references.
Similar to Anonymity in the web based on routing protocols (20)
Control of Communication and Energy Networks Final Project - Service Function...Biagio Botticelli
Final Project of the Control of Communication and Energy Networks course of the Master Degree in Engineering in Computer Science at University of Rome "La Sapienza".
The technical report introduce the concepts of Service Function Chaining (SFC) and Network Function Virtualization (NFV) analyzing an approach to merge the two technologies.
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
The document discusses penetration testing and summarizes its key steps: information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. It outlines three types of penetration testing: black box with no system knowledge; grey box with some limited internal details; and white box with full access to source codes and network information, simulating an internal attack. The goal of penetration testing is to identify security vulnerabilities by simulating real attacks before malicious actors do.
The document describes a homework assignment to analyze the performance of a search engine on two datasets: Cranfield and Time. It involves building inverted indexes on the datasets using three different stemmers, running queries using three different scoring functions, and evaluating the results by calculating precision at different ranks. Python scripts are used to automatically create the collections and indexes, run the queries to obtain results files, and evaluate the results files against ground truths to analyze the performance of different configurations.
Technical report representing the State of the Art of IoT Honeypots developed for the Seminar in Advanced Topics in Computer Science course of the Master Degree in Engineering in Computer Science curriculum in Cyber Security at University of Rome "La Sapienza".
The paper presents which are the current technologies for honeypots systems together with an introduction to IoT Malware and Botnets & Distributed Denial of Service (DDoS) attacks.
Seminar of the Web Security and Privacy course of the Master Degree in Engineering in Computer Science (Cyber Security) of the University of Rome "La Sapienza".
The presentation is about a research project called "Smart Home" in which the Block Chain method is applied in a Smart Home environment to assure Privacy and Security in an IoT context.
Presentation of "Group Tracking", an Android application develop for the Pervasive Systems course of the Master Engineering in Computer Science of University of Rome "La Sapienza".
The target of the app is to track the position of friends obtained by Facebook inside a certain range. This position is obtained by Beacons inside buildings and by GPS outside.
Presentation of the ESP8266 WiFi module created for the course Pervasive Systems 2016 of the Master Degree in Engineering in Computer Science (DIAG, University of Rome "La Sapienza")
Pervasive Systems 2016 Web Site: http://ichatz.me/index.php/Site/PervasiveSystems2016
LinkedIn Profile: https://www.linkedin.com/in/biagio-botticelli-444b87105?trk=hp-identity-name
GitHub Repository: https://github.com/biagiobotticelli/ESP8266
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...University of Maribor
Slides from talk presenting:
Aleš Zamuda: Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapter and Networking.
Presentation at IcETRAN 2024 session:
"Inter-Society Networking Panel GRSS/MTT-S/CIS
Panel Session: Promoting Connection and Cooperation"
IEEE Slovenia GRSS
IEEE Serbia and Montenegro MTT-S
IEEE Slovenia CIS
11TH INTERNATIONAL CONFERENCE ON ELECTRICAL, ELECTRONIC AND COMPUTING ENGINEERING
3-6 June 2024, Niš, Serbia
International Conference on NLP, Artificial Intelligence, Machine Learning an...gerogepatton
International Conference on NLP, Artificial Intelligence, Machine Learning and Applications (NLAIM 2024) offers a premier global platform for exchanging insights and findings in the theory, methodology, and applications of NLP, Artificial Intelligence, Machine Learning, and their applications. The conference seeks substantial contributions across all key domains of NLP, Artificial Intelligence, Machine Learning, and their practical applications, aiming to foster both theoretical advancements and real-world implementations. With a focus on facilitating collaboration between researchers and practitioners from academia and industry, the conference serves as a nexus for sharing the latest developments in the field.
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
1. Master of Science in Engineering in Computer Science
Web Security and Privacy, a.y. 2016-17
Prof. D’Amore Fabrizio
Author: Botticelli Biagio - botticelli.1212666@studenti.uniroma1.it
Anonymity in the Web
based on
Routing Protocols
3. Anonymity in the Web based on Routing Protocols 3
Internet as a Public network
Internet: global network connecting the world designed to be PUBLIC.
The packets over the Web contain information about sender and destination
and routers exchanging the traffic can monitor and analyze them.
Encryption is used to secure the data: it hides
the payload, not the routing information.
Data Mining & Correlation: Traffic Analysis is became a huge business!
: 680 Billion US $
So, even the tunnel mode encryption reveals
at least the IP addresses of gateways.
4. ?
Anonymity in the Web based on Routing Protocols
NO Anonymity in Internet
Internet users may suffer violations of their right to PRIVACY since they have
NO ANONYMITY
4
ANONYMITY is the property which makes an user:
• NON-IDENTIFIABLE: user activities are hidden
among similar activities of other users;
• UNOBSERVABLE: system or protocol used by
the user cannot be established;
• UNTRACEABLE: user and the performed action
cannot be linked.
5. Anonymity in the Web based on Routing Protocols 5
TOR - The Onion Router
TOR - THE ONION ROUTER : the most popular free and distributed anonymity
network which uses an overlay network allowing people to improve their
PRIVACY and SECURITY by concealing their location and activity from anyone
conducting Network Surveillance or Traffic Analysis over the Internet.
Born as a research project of the U.S. Naval Research Laboratory in 1995 and
definitely deployed in 2003. Today, development and network management
is handled by the Tor Project Inc.
TOR NETWORK: TOR users want to prevent websites
from tracking them, or to connect to those internet
services blocked by their local Internet providers.
More than 7000 relays and 2.5 millions of users!
6. Anonymity in the Web based on Routing Protocols 6
Simple Internet Connection
TOR
HTTPS
All components of the
network can see all the
user information…
NOT SECURE & NOT ANONYMOUS!
7. Anonymity in the Web based on Routing Protocols 7
Connection using HTTPS
TOR
HTTPS
SECURE & NOT ANONYMOUS!
ENCRYPTION hides payload;
but, routing informations
are still visible…
8. Anonymity in the Web based on Routing Protocols 8
Connection using TOR
TOR
HTTPS
TOR NETWORK = Black Box
ENTRY POINT knows
only the source
EXIT POINT knows only
the destination
MIDDLE RELAY knows
neither the source
nor the destination
NOT SECURE & ANONYMOUS!
The attacker can see only that the
user is accessing TOR, but not the
content of the communication
The User IP is not seen!
9. Anonymity in the Web based on Routing Protocols 9
Connection with TOR & HTTPS
TOR
HTTPS
TOR used
together
with HTTPS:
SECURITY is
guaranteed
SECURE & ANONYMOUS!
10. Anonymity in the Web based on Routing Protocols 10
The Onion Routing
The encrypted message is sent over the
virtual circuit: each OR knows the next hop
only by decrypting its layer of encryption and
it forwards the remaining unencrypted data.
The last node (exit point) delivers the original
message (in clear) to the destination without
knowing the source.
TELESCOPIC ENCRYPTION: while generating the random path, the user uses AES
encryption algorithm to create shared keys with the selected ONION RELAYS.
The message is encrypted multiple times, creating a layer for each OR from
the farthest (exit point) to the nearest (entry point).
11. Anonymity in the Web based on Routing Protocols 11
TOR Network
Tor
Client
Encrypted by Tor
Not-Encrypted by Tor
Destination
Server
Directory
Server
Entry
Relay
OR1
Middle
Relay
OR2
Onion
Relay
OR3
Onion
Relay
OR4
Middle
Relay
OR5 Exit
Relay
OR6
The uses contacts the Directory
Server and builds the circuit:
OR1 , OR2 , OR5 , OR6
{{{{m}6}5}2}1
{{{m}6}5}2
{{m}6}5
{m}6
m
A Response must follow the
same path in reverse direction
r
{r}6
{{r}6}5
{{{r}6}5}2
{{{{r}6}5}2}1
12. Anonymity in the Web based on Routing Protocols 12
TOR: Pros & Cons
ADVANTAGES DISADVANTAGES
Anonimity Performances
Security End Node Decryption
Hidden IP Traffic Encryption
VPN Doubled Security Possibility to be Targeted
Hard to Attack 3rd Party Applications
Open Source User Purposes
Easy & Free
Well Supported
13. Anonymity in the Web based on Routing Protocols 13
Attacks against TOR
• Traffic Analysis Attack: Routing Attacks on Privacy in Tor (RAPTOR)
The attack is based on a known vulnerability: an adversary who can observe the traffic on both endpoints of the Tor
communication channel (i.e., the first link Client → Tor and the last link Tor → Server), he can correlate packet sizes
and packet timings to de-anonymize Tor users.
• Browser-based Attack: Torbutton Attack
The attack is delivered by a malicious exit node using a Man-In-The-Middle (MITM) attack on HTTP and it tricks the
user’s web browser into sending a distinctive signal over the Tor network which can be detected using traffic analysis.
• Anonymously De-Anonymizing/Disabling the Tor Network: SNIPER Attack
The attack is a Denial-of-Service (DoS) that exploits a vulnerability in the design of Tor’s flow control algorithm to
remotely crash a victim Tor relay by exhausting its memory resources.
• Passive De-Anonymization of Hidden Service: Circuit Fingerprinting Attacks
The attack emulates the Website Fingerprinting to discover and classify Tor hidden services circuits (breaking their
anonymity) and it’s based on the Cumulative Distribution Function (CDF) of different key factors which are related to
hidden services: the Duration Of Activity (DOA), Incoming Cells and Outgoing Cells.
• Exposing Malicious Tor Exit Relays: Spoiled Onions
The project focuses on finding and counter-attacking people who run malicious exit relays in order to tamper
connections and or deanonymize users. In order to do that, the researchers developed ExitMap (exit relay scanner)
for revealing the intent of malicious hidden services, HoneyConnector (framework to detect sniffing exit relays) and
a browser extension (Torbutton) patch which fetches and compares suspicious X.509 certificates.
15. Anonymity in the Web based on Routing Protocols 15
I2P: Garlic Routing
Garlic Routing is often used to refer to the Invisible Internet Project (I2P) which is a message-
oriented, peer-to-peer-based (P2P) and low latency anonymous communication network. Each user
runs the I2P router, which is the core part of the I2P software.
All messages are relayed through tunnels: a tunnel is a unidirectional encrypted virtual
connection between 2 or 3 peers (typically).Tunnels can only be used in one direction: tunnels for
outgoing and incoming traffic need to be built, namely outbound and inbound tunnels.
Messages sent through the I2P network are end-to-end encrypted using garlic encryption: a
variation of the Onion Routing design based on garlic messages which can contain multiple data
messages with additional routing instructions, called cloves.
The encryption used in I2P is a combination of symmetric and asymmetric encryption algorithms
which provide data confidentiality and integrity to garlic messages, called ElGamal /
AES+SessionTags.
A single garlic message may contain multiple data messages for different recipients.
16. Anonymity in the Web based on Routing Protocols 16
I2P vs TOR
TOR I2P
Bidirectional Circuit Unidirectional Tunnel
Proxy Server (SOCKS) Middleware (I2P API)
Entry Guards Entry Guards not needed
End-to-End Encryption not guaranteed Tunnel Encryption (End-to-End)
AES El Gamal/AES+SessionTags
Low computational power nodes Nodes with sufficient capacities
Possible Congestion No Congestion
Semi-Distributed Fully Distributed
Best Performances Worst Performances
More Visibility and Greater Community Less known
C-based Java-based
18. Anonymity in the Web based on Routing Protocols 18
Internet as Set of Subsets
Internet
Dark Web
(Restricted & Not-Indexed)Surface Web
(Accessible & Indexed)
Deep Web
(Accessible & Not-Indexed)
Tor hidden services
operates here!
19. Anonymity in the Web based on Routing Protocols 19
TOR Hidden Services
Hidden Services (identified by the top level domain .onion) are a particular
type of websites/servers located inside the Tor Network, which receive
inbound connection only through Tor: they allow a Tor user to offer a TCP
service without revealing his network identity (IP Address, thus location)
and providing encryption at every hop from a client to the hidden service.
They provide server anonymity in addition to
Tor-default client one.
Hidden Services can be reached by using particular
building blocks, called Rendezvous Points (RPs).
20. Anonymity in the Web based on Routing Protocols 20
Hidden Service: Setup 1
HS randomly chooses some relays as Introduction Points (IPs) that will be
used to receive inbound connections from clients, building Tor circuits to them.
Tor Client
Onion Proxy
Tor Onion
Server
DB
IP1
IP2
IP3
21. Anonymity in the Web based on Routing Protocols 21
Hidden Service: Setup 2
HS creates an HS Descriptor containing its Public Key and a summary of the chosen Introduction
Points, it signs the descriptor with HS’s PK and it sends it to the distributed Hash Table.
An onion address abc.onion (where abc is a name of 16 characters) is derived from the HS’s public key.
Tor Client
Onion Proxy
Tor Onion
Server
IP1-IP3
Public
DB
IP1
IP2
IP3
22. Anonymity in the Web based on Routing Protocols 22
Hidden Service: Setup 3
Tor Client
Onion Proxy
Tor Onion
Server
IP1-IP3
Public
DB
IP1
IP2
IP3
RP
auth
A Client can query the distributed Hash Table by using the onion address of the hidden service
abc.onion, obtaining the HS descriptor. The client creates a circuit to another randomly chosen Tor relay
which will act as Rendezvous Point by telling it a One-Time Secret (auth cookie).
23. Anonymity in the Web based on Routing Protocols 23
Hidden Service: Setup 4
Tor Client
Onion Proxy
Tor Onion
Server
DB
IP1
IP2
IP3
RP
RP
Public auth
Client establishes a circuit to one of the IPs and sends it an Introduce Message signed with
HS’s public key, containing: RP address and the One-Time Secret (auth cookie), asking to
forward it to the HS.
24. Anonymity in the Web based on Routing Protocols 24
Hidden Service: Setup 5
Tor Client
Onion Proxy
Tor Onion
Server
Public
DB
IP1
IP2IP3RP
RP
auth
HS receives the introduce message: it decrypts the message finding the RP address and the one-time
secret; then, HS builds a circuit to the RP providing the auth cookie in the Rendezvous Message.
25. Anonymity in the Web based on Routing Protocols 25
Hidden Service: Setup 6
Tor Client
Onion Proxy
Tor Onion
Server
DB
IP1
IP2IP3RP
RP receives and verifies the one-time secret checking if it is the same as the one previously received
from the client.The it notifies the eventual success of connection establishment.
Client and HS can use their circuits to RP communicating one with each other and RP simply forwards
encrypted messages between them.
27. Anonymity in the Web based on Routing Protocols 27
Hidden Service in practice…
The steps to setup an hidden service on a Debian-based VM with SSH and nginx web
server currently installed are:
• Install Tor through the official repositories (official tutorial);
• Configure Tor by editing the configuration file /etc/tor/torrc: the values to modify are
HiddenServiceDir and HiddenServicePort which are relative to the path and the port
on which the HS will be set up.
• Update the Tor configuration by service tor reload: some new files are created in the Tor directory; the one called hostname
in the directory /var/lib/tor/hidden_service/ specifies the address .onion .
• Configure nginx to not reveal sensitive informations: edit the configuration file nginx.conf (in the directory /etc/nginx/ ),
hiding the version and disabling the logs, by setting server tokens to off, the error log in /dev/null to crit and by
commenting the rows access log and error log.
• Create the web page: an index.html web page should be created in the nginx default directory /var/www/html/ to display
the SHA512 hash value of my email address (obtained by hashlib Python library).
• Configure nginx to offer the web page on Tor: edit web page’s configuration file in the nginx default directory
/etc/nginx/sites-available/default with the values specified in the previous steps (localhost, port number:8080).
• Restart the web server by service nginx restart.
If all the steps are correctly executed…
The hidden service is online in the Tor Network!
28. Anonymity in the Web based on Routing Protocols 28
References
• F. D’Amore - Lecture of Web Security and Privacy (2017) - A simple introduction to Tor
• R. Dingledine, N. Mathewson, P. Syverson - Tor: The Second-Generation Onion Router
• A. Davidsson - Tor: The Onion Routing network
• D. McCoy, K. Bauer, D. Grunwald,T. Kohno, D. Sicker - Shining Light in Dark Places: Understanding the Tor Network
• M.G. Reed, P.F. Syverson, D.M. Goldschlag - Anonymous Connections and Onion Routing
• Y. Sun,A. Edmundson, L.Vanbever, O. Li - RAPTOR: Routing Attacks on Privacy in Tor
• T.Abbott, K. Lai, M. Lieberman, E. Price - Browser-Based Attacks on Tor
• R. Jansen, F.Tschorsch,A. Johnson, B. Scheuermann - The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network
• P. Winter, R. Kower, M. Mulazzani, M. Huber, S. Schrittwieser, S. Lindskog, E. Weippl - Spoiled Onions: Exposing Malicious Tor Exit Relays
• A. Kwon, M.AlSabah, D. Lazar, M. Dacier, S. Devadas - Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services
• T. Wang, X. Cai, R. Nithyanand, R. Johnson, I. Goldberg - Effective Attacks and Provable Defenses for Website Fingerprinting
• The Invisible Internet Project: web page
• Infosec Institute: Introduction to Anonymizing Networks - Tor vs I2P
• B. Conrad, F. Shirazi - A Survey on Tor and I2P
• M. Ehlert - I2P vs.Tor usability a bandwidth and latency comparison
• Tor: Hidden Service Protocol webpage.
• Installing Tor on Debian/Ubuntu tutorial