Anonymity in the web based on routing protocols

Master of Science in Engineering in Computer Science
Web Security and Privacy, a.y. 2016-17
Prof. D’Amore Fabrizio
Author: Botticelli Biagio - botticelli.1212666@studenti.uniroma1.it
Anonymity in the Web
based on
Routing Protocols

Anonymity in the Web based on Routing Protocols 3
Internet as a Public network
Internet: global network connecting the world designed to be PUBLIC.
The packets over the Web contain information about sender and destination
and routers exchanging the trafﬁc can monitor and analyze them.
Encryption is used to secure the data: it hides
the payload, not the routing information.
Data Mining & Correlation: Trafﬁc Analysis is became a huge business!
: 680 Billion US $
So, even the tunnel mode encryption reveals
at least the IP addresses of gateways.

?
Anonymity in the Web based on Routing Protocols
NO Anonymity in Internet
Internet users may suffer violations of their right to PRIVACY since they have
NO ANONYMITY
4
ANONYMITY is the property which makes an user:
• NON-IDENTIFIABLE: user activities are hidden
among similar activities of other users;
• UNOBSERVABLE: system or protocol used by
the user cannot be established;
• UNTRACEABLE: user and the performed action
cannot be linked.

TOR - The Onion Router
TOR - THE ONION ROUTER : the most popular free and distributed anonymity
network which uses an overlay network allowing people to improve their
PRIVACY and SECURITY by concealing their location and activity from anyone
conducting Network Surveillance or Trafﬁc Analysis over the Internet.
Born as a research project of the U.S. Naval Research Laboratory in 1995 and
deﬁnitely deployed in 2003. Today, development and network management
is handled by the Tor Project Inc.
TOR NETWORK: TOR users want to prevent websites
from tracking them, or to connect to those internet
services blocked by their local Internet providers.
More than 7000 relays and 2.5 millions of users!

Simple Internet Connection
TOR
HTTPS
All components of the
network can see all the
user information…
NOT SECURE & NOT ANONYMOUS!

Connection using HTTPS
TOR
HTTPS
SECURE & NOT ANONYMOUS!
ENCRYPTION hides payload;
but, routing informations
are still visible…

Connection using TOR
TOR
HTTPS
TOR NETWORK = Black Box
ENTRY POINT knows
only the source
EXIT POINT knows only
the destination
MIDDLE RELAY knows
neither the source
nor the destination
NOT SECURE & ANONYMOUS!
The attacker can see only that the
user is accessing TOR, but not the
content of the communication
The User IP is not seen!

Connection with TOR & HTTPS
TOR
HTTPS
TOR used
together
with HTTPS:
SECURITY is
guaranteed
SECURE & ANONYMOUS!

The Onion Routing
The encrypted message is sent over the
virtual circuit: each OR knows the next hop
only by decrypting its layer of encryption and
it forwards the remaining unencrypted data.
The last node (exit point) delivers the original
message (in clear) to the destination without
knowing the source.
TELESCOPIC ENCRYPTION: while generating the random path, the user uses AES
encryption algorithm to create shared keys with the selected ONION RELAYS.
The message is encrypted multiple times, creating a layer for each OR from
the farthest (exit point) to the nearest (entry point).

TOR Network
Tor
Client
Encrypted by Tor
Not-Encrypted by Tor
Destination
Server
Directory
Server
Entry
Relay
OR1
Middle
Relay
OR2
Onion
Relay
OR3
Onion
Relay
OR4
Middle
Relay
OR5 Exit
Relay
OR6
The uses contacts the Directory
Server and builds the circuit:
OR1 , OR2 , OR5 , OR6
{{{{m}6}5}2}1
{{{m}6}5}2
{{m}6}5
{m}6
m
A Response must follow the
same path in reverse direction
r
{r}6
{{r}6}5
{{{r}6}5}2
{{{{r}6}5}2}1

TOR: Pros & Cons
ADVANTAGES DISADVANTAGES
Anonimity Performances
Security End Node Decryption
Hidden IP Trafﬁc Encryption
VPN Doubled Security Possibility to be Targeted
Hard to Attack 3rd Party Applications
Open Source User Purposes
Easy & Free
Well Supported

Attacks against TOR
• Traffic Analysis Attack: Routing Attacks on Privacy in Tor (RAPTOR)
The attack is based on a known vulnerability: an adversary who can observe the traffic on both endpoints of the Tor
communication channel (i.e., the first link Client → Tor and the last link Tor → Server), he can correlate packet sizes
and packet timings to de-anonymize Tor users.
• Browser-based Attack: Torbutton Attack
The attack is delivered by a malicious exit node using a Man-In-The-Middle (MITM) attack on HTTP and it tricks the
user’s web browser into sending a distinctive signal over the Tor network which can be detected using traffic analysis.
• Anonymously De-Anonymizing/Disabling the Tor Network: SNIPER Attack
The attack is a Denial-of-Service (DoS) that exploits a vulnerability in the design of Tor’s flow control algorithm to
remotely crash a victim Tor relay by exhausting its memory resources.
• Passive De-Anonymization of Hidden Service: Circuit Fingerprinting Attacks
The attack emulates the Website Fingerprinting to discover and classify Tor hidden services circuits (breaking their
anonymity) and it’s based on the Cumulative Distribution Function (CDF) of different key factors which are related to
hidden services: the Duration Of Activity (DOA), Incoming Cells and Outgoing Cells.
• Exposing Malicious Tor Exit Relays: Spoiled Onions
The project focuses on finding and counter-attacking people who run malicious exit relays in order to tamper
connections and or deanonymize users. In order to do that, the researchers developed ExitMap (exit relay scanner)
for revealing the intent of malicious hidden services, HoneyConnector (framework to detect sniffing exit relays) and
a browser extension (Torbutton) patch which fetches and compares suspicious X.509 certificates.

I2P:
Invisible Internet
Project
2

I2P: Garlic Routing
Garlic Routing is often used to refer to the Invisible Internet Project (I2P) which is a message-
oriented, peer-to-peer-based (P2P) and low latency anonymous communication network. Each user
runs the I2P router, which is the core part of the I2P software.
All messages are relayed through tunnels: a tunnel is a unidirectional encrypted virtual
connection between 2 or 3 peers (typically).Tunnels can only be used in one direction: tunnels for
outgoing and incoming trafﬁc need to be built, namely outbound and inbound tunnels.
Messages sent through the I2P network are end-to-end encrypted using garlic encryption: a
variation of the Onion Routing design based on garlic messages which can contain multiple data
messages with additional routing instructions, called cloves.
The encryption used in I2P is a combination of symmetric and asymmetric encryption algorithms
which provide data conﬁdentiality and integrity to garlic messages, called ElGamal /
AES+SessionTags.
A single garlic message may contain multiple data messages for different recipients.

I2P vs TOR
TOR I2P
Bidirectional Circuit Unidirectional Tunnel
Proxy Server (SOCKS) Middleware (I2P API)
Entry Guards Entry Guards not needed
End-to-End Encryption not guaranteed Tunnel Encryption (End-to-End)
AES El Gamal/AES+SessionTags
Low computational power nodes Nodes with sufﬁcient capacities
Possible Congestion No Congestion
Semi-Distributed Fully Distributed
Best Performances Worst Performances
More Visibility and Greater Community Less known
C-based Java-based

Internet as Set of Subsets
Internet
Dark Web
(Restricted & Not-Indexed)Surface Web
(Accessible & Indexed)
Deep Web
(Accessible & Not-Indexed)
Tor hidden services

operates here!

TOR Hidden Services
Hidden Services (identiﬁed by the top level domain .onion) are a particular
type of websites/servers located inside the Tor Network, which receive
inbound connection only through Tor: they allow a Tor user to offer a TCP
service without revealing his network identity (IP Address, thus location)
and providing encryption at every hop from a client to the hidden service.
They provide server anonymity in addition to
Tor-default client one.
Hidden Services can be reached by using particular
building blocks, called Rendezvous Points (RPs).

Hidden Service: Setup 1
HS randomly chooses some relays as Introduction Points (IPs) that will be
used to receive inbound connections from clients, building Tor circuits to them.
Tor Client
Onion Proxy
Tor Onion
Server
DB
IP1
IP2
IP3

HS creates an HS Descriptor containing its Public Key and a summary of the chosen Introduction
Points, it signs the descriptor with HS’s PK and it sends it to the distributed Hash Table.
An onion address abc.onion (where abc is a name of 16 characters) is derived from the HS’s public key.
Tor Client
Onion Proxy
Tor Onion
Server
IP1-IP3
Public
DB
IP1
IP2
IP3

Tor Client
Onion Proxy
Tor Onion
Server
IP1-IP3
Public
DB
IP1
IP2
IP3
RP
auth
A Client can query the distributed Hash Table by using the onion address of the hidden service
abc.onion, obtaining the HS descriptor. The client creates a circuit to another randomly chosen Tor relay
which will act as Rendezvous Point by telling it a One-Time Secret (auth cookie).

Tor Client
Onion Proxy
Tor Onion
Server
DB
IP1
IP2
IP3
RP
RP
Public auth
Client establishes a circuit to one of the IPs and sends it an Introduce Message signed with
HS’s public key, containing: RP address and the One-Time Secret (auth cookie), asking to
forward it to the HS.

Tor Client
Onion Proxy
Tor Onion
Server
Public
DB
IP1
IP2IP3RP
RP
auth
HS receives the introduce message: it decrypts the message ﬁnding the RP address and the one-time
secret; then, HS builds a circuit to the RP providing the auth cookie in the Rendezvous Message.

Tor Client
Onion Proxy
Tor Onion
Server
DB
IP1
IP2IP3RP
RP receives and veriﬁes the one-time secret checking if it is the same as the one previously received
from the client.The it notiﬁes the eventual success of connection establishment.
Client and HS can use their circuits to RP communicating one with each other and RP simply forwards
encrypted messages between them.

Hidden Service in practice…
The steps to setup an hidden service on a Debian-based VM with SSH and nginx web
server currently installed are:
• Install Tor through the official repositories (official tutorial);
• Configure Tor by editing the configuration file /etc/tor/torrc: the values to modify are
HiddenServiceDir and HiddenServicePort which are relative to the path and the port
on which the HS will be set up.
• Update the Tor configuration by service tor reload: some new files are created in the Tor directory; the one called hostname
in the directory /var/lib/tor/hidden_service/ specifies the address .onion .
• Configure nginx to not reveal sensitive informations: edit the configuration file nginx.conf (in the directory /etc/nginx/ ),
hiding the version and disabling the logs, by setting server tokens to off, the error log in /dev/null to crit and by
commenting the rows access log and error log.
• Create the web page: an index.html web page should be created in the nginx default directory /var/www/html/ to display
the SHA512 hash value of my email address (obtained by hashlib Python library).
• Configure nginx to offer the web page on Tor: edit web page’s configuration file in the nginx default directory
/etc/nginx/sites-available/default with the values specified in the previous steps (localhost, port number:8080).
• Restart the web server by service nginx restart.
If all the steps are correctly executed…
The hidden service is online in the Tor Network!

References
• F. D’Amore - Lecture of Web Security and Privacy (2017) - A simple introduction to Tor

• R. Dingledine, N. Mathewson, P. Syverson - Tor: The Second-Generation Onion Router

• A. Davidsson - Tor: The Onion Routing network

• D. McCoy, K. Bauer, D. Grunwald,T. Kohno, D. Sicker - Shining Light in Dark Places: Understanding the Tor Network

• M.G. Reed, P.F. Syverson, D.M. Goldschlag - Anonymous Connections and Onion Routing

• Y. Sun,A. Edmundson, L.Vanbever, O. Li - RAPTOR: Routing Attacks on Privacy in Tor

• T.Abbott, K. Lai, M. Lieberman, E. Price - Browser-Based Attacks on Tor

• R. Jansen, F.Tschorsch,A. Johnson, B. Scheuermann - The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

• P. Winter, R. Kower, M. Mulazzani, M. Huber, S. Schrittwieser, S. Lindskog, E. Weippl - Spoiled Onions: Exposing Malicious Tor Exit Relays

• A. Kwon, M.AlSabah, D. Lazar, M. Dacier, S. Devadas - Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services

• T. Wang, X. Cai, R. Nithyanand, R. Johnson, I. Goldberg - Effective Attacks and Provable Defenses for Website Fingerprinting

• The Invisible Internet Project: web page

• Infosec Institute: Introduction to Anonymizing Networks - Tor vs I2P

• B. Conrad, F. Shirazi - A Survey on Tor and I2P

• M. Ehlert - I2P vs.Tor usability a bandwidth and latency comparison

• Tor: Hidden Service Protocol webpage.

• Installing Tor on Debian/Ubuntu tutorial

Contacts
anonymous
Biagio Botticelli - 1212666
botticelli.1212666@studenti.uniroma1.it
biagiobotticelli@yahoo.it
LinkedIn

Anonymity in the web based on routing protocols

More Related Content

What's hot

Similar to Anonymity in the web based on routing protocols

More from Biagio Botticelli

Recently uploaded

Anonymity in the web based on routing protocols