and how to break it nicholas c weaver
play

(and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router - PowerPoint PPT Presentation

Oct 13, 2023 •128 likes •599 views

CS161 Computer Security Weaver and Popa (and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161 Computer Security Weaver and Popa Tor actually encompasses many di ff erent components The Tor

  1. CS161 Computer Security Weaver and Popa (and How To Break It) Nicholas C Weaver 1

  2. Tor: The Onion Router 
 Anonymous Websurfing CS 161 Computer Security Weaver and Popa • Tor actually encompasses many di ff erent components • The Tor network: • Provides a means for anonymous Internet connections with low(ish) latency by relaying connections through multiple Onion Router systems • The Tor Browser bundle: • A copy of FireFox extended release with privacy optimizations, configured to only use the Tor network • Tor Hidden Services: • Services only reachable though the Tor network • Tor bridges with pluggable transports: • Systems to reach the Tor network using encapsulation to evade censorship 2

  3. The Tor Threat Model: 
 Anonymity of content against local adversaries CS 161 Computer Security Weaver and Popa • The goal is to enable users to connect to other systems “anonymously” but with low latency • The remote system should have no way of knowing the IP address originating tra ffi c • The local network should have no way of knowing the remote IP address the local user is contacting • Important what is excluded: 
 The global adversary • Tor does not even attempt to counter 
 someone who can see all network tra ffi c 3

  4. The High Level Approach: 
 Onion Routing CS 161 Computer Security Weaver and Popa • The Tor network consists of thousands of independent Tor nodes, or “Onion Routers” • Each node has a distinct public key and communicates with other nodes over TLS connections • A Tor circuit encrypts the data in a series of layers • Each hop away from the client removes a layer of encryption • Each hop towards the client adds a layer of encryption • During circuit establishment, the client establishes a session key with the first hop… • And then with the second hop through the first hop 4

  5. Tor Routing 
 In Action CS 161 Computer Security Weaver and Popa 5

  6. Tor Routing 
 In Action CS 161 Computer Security Weaver and Popa 6

  7. Creating the Circuit Layers… CS 161 Computer Security Weaver and Popa • The client starts out by using an authenticated DHE key exchange with the first node… • Creating a session key to talk to OR1 • This first hop is commonly referred to as the “guard node” • It then tells OR1 to extend this circuit to OR2 • Creating a session key for the client to talk to OR2 that OR1 does not know • And OR2 doesn't know what the client is, just that it is somebody talking to OR1 requesting to extend the connection... • It then tells OR2 to extend to OR3… • And OR1 won’t know where the client is extending the circuit to, only OR2 will 7

  8. Unwrapping the Onion CS 161 Computer Security Weaver and Popa • Now the client sends some data… • E(K or1 ,E(K or2 ,E(K or3 , Data))) • OR1 decrypts it and passes on to OR2 • E(K or2 , E(K or3 , Data)) • OR2 then passes it on… • Generally go through at least 3 hops… • Why 3? So that OR1 can’t call up OR2 and link everything trivially 8

  9. The Tor Browser… CS 161 Computer Security Weaver and Popa • Surfing “anonymously” doesn’t simply depend on hiding your connection… • But also configuring the browser to make sure it resists tracking • No persistent cookies or other data stores • No deviations from other people running the same browser • Anonymity only works in a crowd… • So it really tries to make it all the same • But by default it makes it easy to say “this person is using Tor” 9

  10. But You Are Relying 
 On Honest Exit Nodes… CS 161 Computer Security Weaver and Popa • The exit node, where your tra ffi c goes to the general Internet, is a man-in-the- middle… • Who can see and modify all non- encrypted tra ffi c • The exit node also does the DNS lookups • Exit nodes have not always been honest… 10

  11. Anonymity Invites Abuse… (Stolen from Penny Arcade) CS 161 Computer Security Weaver and Popa 11

  12. This Makes Using Tor Browser 
 Painful… CS 161 Computer Security Weaver and Popa 12

  13. And Also Makes 
 Running Exit Nodes Painful… CS 161 Computer Security Weaver and Popa • If you want to receive abuse complaints… • Run a Tor Exit Node • Assuming your ISP even allows it… • Since they don’t like complaints either • Serves as a large limit on Tor in practice: • Internal bandwidth is plentiful, but exit node bandwidth is restricted 13

  14. One Example of Abuse: 
 The Harvard Bomb Threat… CS 161 Computer Security Weaver and Popa • On December 16th, 2013, a Harvard student didn’t want to take his final in “Politics of American Education”… • So he emailed a bomb threat using Guerrilla Mail • But he was “smart” and used Tor and Tor Browser to access Guerrilla Mail • Proved easy to track • “Hmm, this bomb threat was sent through Tor…” • “So who was using Tor on the Harvard campus…” (look in Netflow logs..) • “So who is this person…” (look in authentication logs) • “Hey FBI agent, wanna go knock on this guy’s door?!” • There is no magic Operational Security (OPSEC) sauce… • And again, anonymity only works if there is a crowd 14

  15. Censorship Resistance: 
 Pluggable Transports CS 161 Computer Security Weaver and Popa • Tor is really used by two separate communities • Anonymity types who want anonymity in their communication • Censorship-resistant types who want to communicate despite government action • Vanilla Tor fails the latter completely • So there is a framework to deploy bridges that encapsulate Tor over some other protocol • So if you are in a hostile network... 15

  16. OBS3 Blocking: 
 China Style CS 161 Computer Security Weaver and Popa • Its pretty easy to recognize something is probably the Tor obs3 obfuscation protocol • But there may be false positives... • And if you are scanning all internet tra ffi c in China the base rate problem is going to get you • So they scan all Internet tra ffi c looking for obs3... • And then try to connect to any server that looks like obs3 • If it is verified as an obs3 proxy... • China then blocks that IP/port for 24 hours 16

  17. Meek: Collateral Freedom CS 161 Computer Security Weaver and Popa • Meek is another pluggable transport • It uses Google App engine and other cloud services • Does a TLS connection to the cloud service • And then encapsulates the Tor frames in requests laundered through the cloud service • Goal is "Too important to block" • The TLS handshake is to a legitimate, should not be blocked service • And tra ffi c analysis to tell the di ff erence between Meek and the TLS service is going to be hard/have false positives 17

  18. Tor Browser is also used to access 
 Tor Hidden Services aka .onion sites CS 161 Computer Security Weaver and Popa • Services that only exist in the Tor network • So the service, not just the client, has possible anonymity protection • The “Dark Web” • A hash of the hidden service's public key • http://pwoah7foa6au2pul.onion • AlphaBay, one of many dark markets • https://facebookcorewwwi.onion • In this case, Facebook spent a lot of CPU time to create something distinctive • Using this key hash, can query to set up a circuit to create a hidden service at a rendezvous point 18

  19. Tor Hidden Service: 
 Setting Up Introduction Point CS 161 Computer Security Weaver and Popa 19

  20. Tor Hidden Service: 
 Query for Introduction, Arrange Rendevous CS 161 Computer Security Weaver and Popa 20

  21. Tor Hidden Service: 
 Rendevous and Data CS 161 Computer Security Weaver and Popa 21

  22. CS 161 Computer Security Weaver and Popa 22

  23. Remarks… CS 161 Computer Security Weaver and Popa • Want to keep your guard node constant for a long period of time… • Since the creation of new circuits is far easier to notice than any other activity • Want to use a di ff erent node for the rendezvous point and introduction • Don’t want the rendezvous point to know who you are connecting to • These are slow! • Going through 6+ hops in the Tor network! 23

  24. Non-Hidden Tor Hidden Service: 
 Connect Directly to Rendezvous CS 161 Computer Security Weaver and Popa 24

  25. Non-Hidden Hidden Services 
 Improve Performance CS 161 Computer Security Weaver and Popa • No longer rely on exit nodes being honest • No longer rely on exit node bandwidth either • Reduces the number of hops to be the same as a not hidden service • Result: Huge performance win! • Not slow like a hidden service • Not limited by exit node bandwidth 25

  26. Real use for true hidden 
 hidden services CS 161 Computer Security Weaver and Popa • "Non-arbitrageable criminal activity" • Some crime which is universally attacked and targeted • So can't use "bulletproof hosting”, CDNs like CloudFlare, or suitable “foreign” machine rooms • Dark Markets • Marketplaces based on Bitcoin or other alternate currency • Cybercrime Forums • Hoping to protect users/administrators from the fate of earlier markets • Child Exploitation 26

Recommend

ICSI Updates: Netalyzr Nicholas Weaver International Computer Science Institute 1

ICSI Updates: Netalyzr Nicholas Weaver International Computer Science Institute 1

Netalyzr Weaver ICSI Updates: Netalyzr Nicholas Weaver International Computer Science Institute 1 Acknowledgements Where do I donate -User Feedback Netalyzr Weaver Joint Work with Christian Kreibich (ICSI), Martin Dam (Aalborg

417 views • 10 slides
The Golden Age of Bulk Surveillance Nicholas C Weaver About Me... The Golden Age of Internet

The Golden Age of Bulk Surveillance Nicholas C Weaver About Me... The Golden Age of Internet

The Golden Age of Bulk Surveillance Nicholas C Weaver About Me... The Golden Age of Internet Surveillance Nicholas Weaver LITE TOP SECRET//SI//REL TO USA, FVEY 2 Not NOBUS (Nobody But Us) The Golden Age of Internet Surveillance Nicholas

369 views • 34 slides
Injection Attacks and Memory Safety Nicholas Weaver based on David Wagners slides from Sp

Injection Attacks and Memory Safety Nicholas Weaver based on David Wagners slides from Sp

Computer Science 161 Fall 2016 Nicholas Weaver Injection Attacks and Memory Safety Nicholas Weaver based on David Wagners slides from Sp 2016 1 Administrivia Computer Science 161 Fall 2016 Nicholas Weaver You really really really

944 views • 50 slides
"Secure" Coding Practices Nicholas Weaver based on David Wagners slides from Sp 2016

"Secure" Coding Practices Nicholas Weaver based on David Wagners slides from Sp 2016

Computer Science 161 Fall 2016 Nicholas Weaver "Secure" Coding Practices Nicholas Weaver based on David Wagners slides from Sp 2016 1 Administrivia Computer Science 161 Fall 2016 Nicholas Weaver 2 Computer Science 161 Fall

732 views • 61 slides
Netalyzr for Android: Challenges and opportunities Narseo Vallina-Rodriguez Nicholas Weaver

Netalyzr for Android: Challenges and opportunities Narseo Vallina-Rodriguez Nicholas Weaver

Netalyzr for Android: Challenges and opportunities Narseo Vallina-Rodriguez Nicholas Weaver Christian Kreibich Vern Paxson ICSI-UC Berkeley AIMS CAIDA, San Diego 03/26/2014 The problem: People care about their

562 views • 14 slides
Sho Show Me the Money w Me the Money Characterizing Spam-advertised Revenue Nicholas Weaver

Sho Show Me the Money w Me the Money Characterizing Spam-advertised Revenue Nicholas Weaver

Sho Show Me the Money w Me the Money Characterizing Spam-advertised Revenue Nicholas Weaver Damon McCoy Chris Kanich Tristan Halvorson Christian Kreibich Kirill Levchenko Vern Paxson Geoffrey M. Voelker Stefan Savage UC San Diego

1.07k views • 22 slides
and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max

and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max

The Case for a General and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max Planck Institute for Software Systems (MPI-SWS) 2 ICSI & UC Berkeley Sample Web Page Content Optimized with Ad web

855 views • 28 slides
Securing Web Content Joakim Koskela, Nicholas Weaver, Andrei Gurtov and Mark Allman ReArch'09

Securing Web Content Joakim Koskela, Nicholas Weaver, Andrei Gurtov and Mark Allman ReArch'09

Securing Web Content Joakim Koskela, Nicholas Weaver, Andrei Gurtov and Mark Allman ReArch'09 Rome, December 1 s t 2009 2009-12-01 2009-12-01 How do we protect the user without dwarfing the web experience? Nature of the web has changed

464 views • 30 slides
Edge Caches and Localization Nicholas Weaver International Computer Science Institute

Edge Caches and Localization Nicholas Weaver International Computer Science Institute

Edge Caches and Localization Nicholas Weaver International Computer Science Institute (Apologies for my absence) Bulk data P2P shifts costs By default, bulk-data P2P shifts the deliver costs from the content provider to the retail ISPs

302 views • 6 slides
Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver Prof. Raluca Ada Popa Nicholas Weaver http://inst.eecs.berkeley.edu/~cs161/ 1 And a team of talented TAs Computer Science 161 Fall 2016 Popa and

866 views • 42 slides
Immunoglobulin Supplementation in Clinical Studies Eric Weaver, PhD Eric Weaver, PhD Proliant

Immunoglobulin Supplementation in Clinical Studies Eric Weaver, PhD Eric Weaver, PhD Proliant

Immunoglobulin Supplementation in Clinical Studies Eric Weaver, PhD Eric Weaver, PhD Proliant Health and Biologicals Proliant Health and Biologicals Ankeny, IA Ankeny, IA Summary McMaster University (Canada): Safety in healthy adults

1.1k views • 87 slides
Identify the Break-Even Point 1 What does it mean to break-even? 2

Identify the Break-Even Point 1 What does it mean to break-even? 2

Identify the Break-Even Point 1 What does it mean to break-even? 2 What is a break-even point? 3 Calculating the Break-Even Point (BEP) in number of units (items) 4 Calculating Break-Even point for a Lemonade

234 views • 8 slides
Observations from Just Beyond TSP: One I mplementation Presenter: Susan Weaver Cobra 3 Block

Observations from Just Beyond TSP: One I mplementation Presenter: Susan Weaver Cobra 3 Block

H-1 Weapons System Support Activity (WSSA) Observations from Just Beyond TSP: One I mplementation Presenter: Susan Weaver Cobra 3 Block Manager susan.weaver@navy.mil Company Context LOGO The H-1 WSSA at China Lake, California develops

762 views • 26 slides
A tentative Summary mon$1 tue$2 wed$3 thu$4 fri$5 Morning 8:15$9:009 registration

A tentative Summary mon$1 tue$2 wed$3 thu$4 fri$5 Morning 8:15$9:009 registration

A tentative Summary mon$1 tue$2 wed$3 thu$4 fri$5 Morning 8:15$9:009 registration 9:00$9:15 welcome 9:15$10:15 Stecker 9:00$10:00 Keating Granot Miller Kelley 10:15$10:45 BREAK 10:00$10:30 BREAK BREAK BREAK BREAK 10:45$11:30

224 views • 8 slides
Apps, Widgets and APIs: Tap into existing tech to streamline your programs Marian Weaver, FMC Dar

Apps, Widgets and APIs: Tap into existing tech to streamline your programs Marian Weaver, FMC Dar

Apps, Widgets and APIs: Tap into existing tech to streamline your programs Marian Weaver, FMC Dar Knipe, Market Maker Chris Seeger, Iowa State University Who We Are: Marian Weaver Metrics Program Manager Two priorities for FMC are to: 1)

486 views • 22 slides
Using Hierarchical Change Mining to Manage Network Security Policy Evolution Gabriel A. Weaver,

Using Hierarchical Change Mining to Manage Network Security Policy Evolution Gabriel A. Weaver,

Using Hierarchical Change Mining to Manage Network Security Policy Evolution Gabriel A. Weaver, Nick Foti, Sergey Bratus, Dan Rockmore, and Sean W. Smith Presented by Gabriel A. Weaver Dartmouth College Network services change and evolve.

463 views • 43 slides
Self-Advocate Coffee Break FRIDAY, APRIL 24 TH 3:00 EST Coffee- Break Agenda Introduction

Self-Advocate Coffee Break FRIDAY, APRIL 24 TH 3:00 EST Coffee- Break Agenda Introduction

Self-Advocate Coffee Break FRIDAY, APRIL 24 TH 3:00 EST Coffee- Break Agenda Introduction What is your dream vacation and who would you take with you? In break out rooms discuss the questions for about 5 - 10 minutes Make

210 views • 7 slides
Build it, Break it, Fix it Break it Today Build It Presentations Theoretical Part:

Build it, Break it, Fix it Break it Today Build It Presentations Theoretical Part:

Build it, Break it, Fix it Break it Today Build It Presentations Theoretical Part: How to Approach Vulnerability Finding Hints for Break It Prof. Eric Bodden Build It, Break It, Fix It SS 17 2 How to Approach Vulnerability

573 views • 56 slides
EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 4 out session no. 4 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 4 out session no. 4 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 4 out session no. 4 Break Longitudinal model-based test as primary analysis in phase III B. Bieth*, D. Renard*, I. Demin*, B. Hamrn*, G. Heimann*, Sigrid Balser** *

402 views • 15 slides
pyramid model of F2P design N Nicholas Lovell GDC Next Nicholas Lovell, GAMESbrief Author:

pyramid model of F2P design N Nicholas Lovell GDC Next Nicholas Lovell, GAMESbrief Author:

Where the Whales live: the pyramid model of F2P design N Nicholas Lovell GDC Next Nicholas Lovell, GAMESbrief Author: The Curve , How to Publish a Game, Design Rules for Free-to- Play Games Director, GAMESbrief Clients have

800 views • 55 slides
NICHOLAS M BIANCO & FRANZ T LITZ NICHOLAS M. BIANCO & FRANZ T. LITZ with contributions from

NICHOLAS M BIANCO & FRANZ T LITZ NICHOLAS M. BIANCO & FRANZ T. LITZ with contributions from

NICHOLAS M BIANCO & FRANZ T LITZ NICHOLAS M. BIANCO & FRANZ T. LITZ with contributions from MADELINE GOTTLIEB & THOMAS DAMASSA Agriculture 7% Other 1% Other Industrial 5% Natural Gas Systems 2% 2% Electric Generating Units (Coal) Coal

397 views • 17 slides
Build it, Break it, Fix it Fix it Today Break It Presentations Theoretical Part: How

Build it, Break it, Fix it Fix it Today Break It Presentations Theoretical Part: How

Build it, Break it, Fix it Fix it Today Break It Presentations Theoretical Part: How to Approach Vulnerability Fixing Hints for Fix It Prof. Eric Bodden Build It, Break It, Fix It SS 17 2 How to Approach Vulnerability

723 views • 37 slides
Macquarie Capital Nicholas Moore Nicholas Moore Group Head Group Head Macquarie

Macquarie Capital Nicholas Moore Nicholas Moore Group Head Group Head Macquarie

Macquarie Capital Nicholas Moore Nicholas Moore Group Head Group Head Macquarie Group Limited Operational Briefing 6 February 2008 Presentation to Investors and Analysts Our structure MACQUARIE CAPITAL Nicholas Moore

380 views • 24 slides
Multi-unit Auctions With Asymmetric Bidders Ioannis A. Vetsikas Nicholas R. Jennings Nicholas

Multi-unit Auctions With Asymmetric Bidders Ioannis A. Vetsikas Nicholas R. Jennings Nicholas

Multi-unit Auctions With Asymmetric Bidders Ioannis A. Vetsikas Nicholas R. Jennings Nicholas R. Jennings School of Electronics and Computer Science University of Southampton IAT4EB Workshop, ECAI 2010 Lisbon 17/8/2010 Introduction

926 views • 55 slides

More recommend