Tor: The Second-Era Onion Switch - PowerPoint PPT Presentation

presenter luhua ye student id 218 47 181 mar 23 2010 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Tor: The Second-Era Onion Switch PowerPoint Presentation
Tor: The Second-Era Onion Switch

play fullscreen
1 / 48
Download
Download Presentation

Tor: The Second-Era Onion Switch

Presentation Transcript

  1. Presenter: Luhua Ye Student ID: 218-47-181 Mar 23, 2010 Tor: The Second-Generation Onion Router

  2. Problem • Internet censorship around the world. • Internet surveillance like traffic analysis reveals users privacy. • Encryption does not work, since packet headers still reveals a great deal about users. • Source IP and destination IP. • IP packet size, sending and receiving timing.

  3. Consequence • Violation of the user’s privacy, security, and freedom on the Internet.

  4. A solution Tor – The Onion Router • Protect privacy and security on the Internet by keeping anonymity of user. • Allows users to bypass Internet censorship through its volunteer-based distributed infrastructure.

  5. What is Tor? • A free software implementation of second-generation onion routing. • A distributed anonymous communication service that allows people and groups to improve their privacy and security on the Internet. • A network of multi-hop proxies. • Communication is encrypted in multiple layers and routed via multiple hops through the Tor network to the final receiver.

  6. Tor VS. One-hop proxies • Commercial one-hop proxies: Hotspot Shield, Anonymizer, Anonymouse Client Server Proxy provider Client Server

  7. Tor VS. One-hop proxies • Tor Tor Relay Tor Relay Tor Relay Server Client Tor Relay Tor Relay Tor Relay Client Server Tor Relay Tor Relay Tor Relay

  8. Background • Originally sponsored by the US Naval Research Laboratory • From 2004 to 2006 was supported by EFF(Electronic Frontier Foundation) • Tor software is now developed by the Tor Project, which since December 2006 is a 501(c)(3) research/education non-profit organization that receives a diverse base of financial support. • Tor is an open source software released under BSD license.

  9. Tor on Client Side App Privoxy/ polipo Tor HTTP SOCKS App SOCKS App Linux, BSD or OSX TCP TCP+address

  10. Tor on Client Side - Features • Tor runs as a normal user-level process and does not require OS kernel patches or network stack support. • Tor only works for TCP streams and can be used by any application with SOCKS support. • Tor uses the standard SOCKS proxy which support most TCP-based programs without modification. • Tor now relies on the filtering features of privacy-enhancing application-level proxies such as Privoxy and Polipo, thus no need to build proxies for every application.

  11. Tor on Client Side - Tor Bundle A typical tor installation Bundle includes: • Tor: command line interface. • Vidalia: GUI for tor. (built using Qt framwork) • Polipo: a web proxy. • Torbutton: Firefox add-on.

  12. Tor on Client Side - Vidalia

  13. Tor on Client Side - Vidalia From here we can see tor supported applications: • Websites • IM • SSL • IRC • POP, IMAP • Other (TCP)

  14. How Tor Works? • Get address list from centralized directory server • Tor nodes are connected via TLS(ssl). Image courtesy https://www.torproject.org

  15. How Tor Works? • Clients build circuits through a network of decrypting relays. • One circuit can be used to relay multiple TCP streams. Image courtesy https://www.torproject.org

  16. How Tor Works? • Entry node changed every ten minutes if needed • Alice can run as a tor node to benefit others. Image courtesy https://www.torproject.org

  17. Related Tor Client Settings

  18. Tor Network Map

  19. Onion Routing • Onion routing is a technique for anonymous communication over a computer network. • Messages are repeatedly encrypted and then sent through several network nodes called onion routers.  • Each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. 

  20. Onion Routing - Example “Onion" • Routing onions are multiply encrypted data structure used to create paths through which many messages can be transmitted • AES.  Image courtesy http://en.wikipedia.org/wiki/File:Onion_diagram.svg

  21. Tor Design • Onion Routers (OR) route traffic • Onion Proxy (OP) fetches directories and creates virtual circuits on the network on behalf of users. • Overlay network on the user level • Uses TCP with TLS

  22. Tor Design - Cells • It’s similar to cells in ATM • All data is sent in fixed size (bytes) cells • Control cells: are interpreted by node • Relay cells: carry end-to-end stream data. • Control cell commands: • Padding, create, destroy From “Tor: The Second-Generation Onion Router” by Dingledine, Mathewson, Syverson

  23. Tor Design – Circuits and Streams • Circuits describes the Onion Routers on the path. • Circuit is built incrementally • A use’s OP negotiates a symmetric key with each OR on the circuit, one hop a time. • Peers communicate with relay cells after the circuit is established. • The initiator sends a destroy control cell to tear down a circuit. • Each circuit can be shared by many TCP streams.

  24. Circuits - Setup Image courtesy http://www.torproject.org/documentation.html.en

  25. Circuits - Setup Image courtesy http://www.torproject.org/documentation.html.en

  26. Circuits - Setup Image courtesy http://www.torproject.org/documentation.html.en

  27. Circuits - Usage Image courtesy http://www.torproject.org/documentation.html.en

  28. Circuits - Interaction

  29. Some Features • Perfect forward secrecy • Many TCP streams can share one circuit • Congestion control • Circuit-level throttling • Stream-level throttling

  30. Some Features - Directory Servers • Maintain list of which onion routers are up, their locations, current keys, exit policies, etc. • Directory server keys ship with the code • Control which nodes can join network • These directories are cached and served by other servers, to reduce bottlenecks • Need to decentralize, get humans out of the loop, without letting attackers sign up too much nodes.

  31. Some Features - Directory Servers • Filtering programs (may ran by government, ISP or website administrators) look for unencrypted Tor directory requests to recognize that someone is using Tor, but Tor version 0.2.0.23-rc and later use encrypted directory queries by default. This change means that most filtering programs are now unable to recognize Tor connections. 

  32. Tor Network Map

  33. Some Features - Bridge relays • Are non-public Tor relays that aren't listed in the main Tor directory • Since there is no complete public list of them, even if your ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges

  34. China Blocking Tor From https://blog.torproject.org/blog/china-blocking-tor-round-two

  35. China Blocking Tor From https://blog.torproject.org/blog/china-blocking-tor-round-two

  36. Some Features - Bridge relays • Example: bridge 141.201.27.48:443 4352e58420e68f5e40bf7c74faddccd9d1349413 IP address port fingerprint (optional)

  37. Some Features - Hidden Service • Location-hidden services allow User to offer a TCP service without revealing his IP address. • hidden services are accessed through Tor-specific .onion pseudo top-level domain (TLD), or pseudomain

  38. Hidden Service - Example

  39. Hidden Service – Example

  40. Weakness 1 • DNS leaks DNS Tor “Where is aaa.com” “1.2.3.4” App SOCKS Get “1.2.3.4”

  41. Weakness 1 • New solution for DNS leaks: • Tor acts as a DNS server DNS “Where is aaa.com” Tor “1.2.3.4” App SOCKS Get “1.2.3.4”

  42. Weakness 2 • Traffic analysis • Tor is vulnerable to traffic analysis from observers who can watch both ends of a user's connection • Observer can correlate traffic patterns and link the sender and receiver.

  43. Weakness 3 • Eavesdropping by exit nodes • Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server • Malicious exit node can observe traffic, send the wrong page, or even send embedded Java applets disguised as trusted domains.

  44. Weaknesses 4 • Tor is slow •  Traffic is bouncing through volunteers' computers in various parts of the world, and some bottlenecks and network latency will always be present.  • The current Tor network is quite small compared to the number of people trying to use it, and Tor can't currently handle file-sharing traffic load

  45. Relays in the Tor network From http://metrics.torproject.org/graphs.html

  46. Questions?

  47. Thank You!

  48. Reference • http://en.wikipedia.org/wiki/Tor_(anonymity_network) • https://www.torproject.org/documentation.html.en • Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The Second-Generation Onion Router. May 2004. <https://svn.torproject.org/svn/projects/design-paper/tor-design.html> • http://en.wikipedia.org/wiki/Onion_routing • https://blog.torproject.org/