More Related Content
What's hot
What's hot (18)
Viewers also liked
Viewers also liked (20)
Similar to How TOR works?
Similar to How TOR works? (20)
Recently uploaded
Recently uploaded (20)
How TOR works?
- 1. The Onion Router How Works? BMS College of Engineering, Bangalore By :- ONKAR BADIGER
- 2. Overview How TOR works? • Why use TOR? • Places of attack • Anonymity network(TOR design) • Chain of relays • Encryption • Bridges • Extensions • https everywhere • Tor button • Noscript
- 3. Why use TOR? • Compromised ISP • Monitoring ISP • Monitored website • Monitored network • Filtered website(blocked)
- 4. ISP Destination (website) This is how we connect to internet
- 5. ISP Destination (website) Anonymity network Anonymity network must be between ISP and our destination
- 6. ISP Destination (website) Anonymity network Places of attack Compromised ISP(untrusted ISP) Monitored ISP
- 7. ISP Destination (website) Anonymity network Places of attack Control parts of anonymity network may attack
- 8. ISP Destination (website) Anonymity network Places of attack Website is monitoring to advertise, collect data etc.
- 9. Anonymity network Proxy? VPN? RELAY
- 10. Anonymity network Proxy? VPN? RELAY TRUST ? A T T A C K E R A T T A C K E R
- 11. RELAY 1 RELAY 2 RELAY 3 ISP TOR network
- 12. Can we trust relays?
- 13. RELAY 1 RELAY 2 RELAY 3 ISP TOR network What if entry/guard relay is corrupt?
- 14. RELAY 1 RELAY 2 RELAY 3 ISP TOR network What if exit relay is corrupt?
- 15. RELAY 1 RELAY 2 RELAY 3 ISP TOR network What if both entry & exit relay are corrupt?
- 16. Solution? RELAY 1 RELAY 5 RELAY 2 RELAY 4 RELAY 3 ISP TOR network RELAY 7 RELAY 6 RELAY 8
- 17. RELAY 1 RELAY 5 RELAY 2 RELAY 4 RELAY 3 ISP TOR network KEY KEY KEY Solution? ENCRYPTION
- 18. RELAY 1 RELAY 5 RELAY 2 RELAY 4 RELAY 3 ISP TOR network KEY KEY KEY unencrypted
- 19. https everywhere RELAY 1 RELAY 5 RELAY 2 RELAY 4 RELAY 3 IS P TOR networkKE Y KE Y KE Y unencrypte d
- 20. How TOR manages relaying?
- 21. Tor button
- 22. Tor button
- 23. New tor circuit
- 24. Tor button is not all about relaying!
- 25. Tor button Not just relaying! Security
- 26. Tor button Not just relaying! Security
- 27. Bridges ? • Entry relays • Not listed in main TOR directory
- 28. Why use Bridges ? • ISP blocks TOR • You don’t want ISP to know that you are using TOR
- 29. Types of Bridges ? Preconfigured bridge Custom bridge
- 30. Tor button Not just relaying! Network settings
- 31. Tor button Not just relaying! Network settings https://bridges.torproject.org/ bridges@torproject.org
- 32. No script Blocks JavaScript Blocks java Blacks flash Blocks other plugins Protects against clickjacking
- 33. How TOR works? • Why use TOR? • Places of attack • Anonymity network(TOR design) • Chain of relays • Encryption • Bridges • Extensions • https everywhere • Tor button • Noscript
- 34. Check these out… • How to setup tor relay? • How to setup non exit tor relay? • ORBOT (TOR for android) • TAILS (live OS routed through TOR) • Pluggable transports(fakes innocent traffic) • Unblock TOR in college!
- 35. The Onion Router Source : https://www.torproject.org/docs/documentation.html.en ONKAR BADIGER
Editor's Notes
- Tor is an anonymity tool used by those who want to stay private and uncensored when browsing the Internet. Based on Firefox
- In this presentation we will learn why there is need to use TOR(to be anonymous , but what really being anonymous means?) To know how TOR works we should know how it was designed based on the places where an attacker can attack Designing tor includes relay chain, encryption, bridges and use of extensions to carry out these operations Lastly we will into .onion websites(accessing deep websites)
- 1 ISP may steal your traffic and sell to others 2 Govt. may have asked ISP to monitor your network 3 Website you visit analysis data(your choices) to advertise 4 Your whole network may be monitored by some agency 5 Website you want to visit maybe blocked by national firewall
- Server logs everything Even if data is encrypted they can determine which pc is connecting to which website by data time analysis Data flows through single sever
- Server logs everything Even if data is encrypted they can determine which pc is connecting to which website by data time analysis Data flows through single sever
- Relay knows my pc is connecting to website Even if any other data analyzer watches data coming in and going out he can determine that which data is coming from which pc and going to which website
- Tor uses three relays R1 guard relay – are stable , have high bandwidth R2 middle relay –middle nodes used to transport traffic from the guard relay to the exit relay. This prevents the guard and exit relay from knowing each other. R3 exit relay-send traffic to the final destination intended by the client.
- Corrupt R1 can see data is coming from my pc but cant tell where it is going(it knows data is going to R2 but R2 is not destination of my pc)
- Corrupt R3 can see data is going to a website but cant tell where it is coming from
- If R1 and R3 collaborate then we are screwed R1 knows that my pc is connected to it R3 knows that it is connecting to website Both know they are connected to R2
- One possible solution is that there must be large number of relays so that the possibility of two corrupt relays to be through same network is very low And TOR has it!
- Tor browser on my pc encrypts data thrice which have three keys to decrypt R1 gets session key 1 decrypts it and sends to R2 Similarly this happens for R2 and R3 Since the data entering and leaving a relay is different , full circuit analysis is not possible
- Now we know that tor button does the relaying part. But what about the data leaving from exit relay? Its unencrypted Exit relay can determine the content of data
- To make the data leaving from exit relay to be secured tor uses https everywhere extension https everywhere automatically uses https security on many sites
- Tor button configures how tor connects to web Relay connections Security Allows to configure connection settings
- Tor button forms a tor circuit , connects you to random relays present in its directory 1)New tor circuit for this site provides a new set of relays but with the same guard/entry relay 2)New identity restarts tor browser and gives a new set of all three relays
- Its found that you are connected to the same guard/entry relay on a web browsing session Tor will reuse the same circuit for new TCP streams for 10 minutes, as long as the circuit is working fine. (If the circuit fails, Tor will switch to a new circuit immediately.)
- Security Allows to configure connection settings
- Security Allows to configure connection settings
- Bridges are entry relays that are not listed in the main TOR directory
- Bridges are entry relays that are not listed in the main TOR directory 1)Useful if ISP is filtering TOR relays 2)By comparing the IP address you are connecting to(entry relay) in the relay list they can determine that you are using TOR Since bridges are not listed in relay list they cant tell that you are using TOR
- Bridges which are preconfigured and provided with Tor Browser Custom bridges
- ISP may have blocked your access to tor by adding all the available relay list to their block list Option 1)Use bridges-provided bridges or custom bridges Option 2)If ISP got list of all publically available bridges then use proxy before TOR network
- The NoScript Firefox extension provides extra protection for Mozilla-based browsers: this free, open source add-on allows JavaScript, java, flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
- What we learnt
- Thankyou