genuine onion simple fast flexible and cheap website
play

Genuine onion: Simple, Fast, Flexible, and Cheap Website - PowerPoint PPT Presentation

Feb 07, 2023 •183 likes •540 views

Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication Paul Syverson a U.S. Naval Research Laboratory f joint work with Griffin Boyce Open Internet Tools Project IEEE Web 2.0 Security and

  1. Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication Paul Syverson a U.S. Naval Research Laboratory f joint work with Griffin Boyce Open Internet Tools Project IEEE Web 2.0 Security and Privacy Workshop May 21, 2015

  2. Onionsites: Not just for confidentiality of server network location ● Also useful for site integrity and authentication 2

  3. 3

  4. Why didn’t they use SSL Certs? 4

  5. What is Tor? Tor is a system for traffic-secure communication. 5

  6. Background: Onion Routing Users Onion Routers Destinations 6

  7. Background: Onion Routing Users Onion Routers Destinations 7

  8. Background: Onion Routing Users Onion Routers Destinations 8

  9. Background: Onion Routing Users Onion Routers Destinations 9

  10. Background: Onion Routing Users Onion Routers Destinations 10

  11. Onionsites 1. Server Bob creates onion routes to Introduction Points (IP) (All routes in these pictures are onion routed through Tor) The image cannot be displayed. Your 1 computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. 1 Bob's Server 1 Introduction Points 11

  12. Onionsites 1. Server Bob creates onion routes to Introduction Points (IPo) 2. Bob publishes his xyz.onion address and puts Service Descriptor incl. Intro Pt. and public key listed under xyz.onion 1 1 Bob's Server 1 Alice's Client Introduction Service Points XYZ Service Lookup 2 Server 12

  13. Onionsites 2'. Alice uses xyz.onion to get Service Descriptor (including Intro Pt. address and Publlic Key) at Lookup Server Alice checks XYZ = H( PK( )) 1 1 Bob's Server 1 Alice's 2' Client Introduction Service Points XYZ Service Lookup 2 Server 13

  14. .onions are Self-Authenticating 2'. Alice uses xyz.onion to get Service Descriptor (including Intro Pt. address and Publlic Key) at Lookup Server Alice checks XYZ = H( PK( )) 1 T h e i m a g e c a n n o 1 t Bob's Server 1 Alice's 2' Client Introduction Service Points XYZ Service Lookup 2 Server 14

  15. Onionsites 3. Client Alice creates onion route to Rendezvous Point (RP) Rendezvous Point 1 T h e i m a 3 g e c a n n o 1 t Bob's Server 1 Alice's 2' Client Introduction Service Points Lookup 2 Server 15

  16. Onionsites 3. Client Alice creates onion route to Rendezvous Point (RP) 4. Alice sends RP address and any authorization through IPo to Bob Rendezvous Point 1 T h e i m a 3 g e c a n n o 1 t 4 Bob's Server 1 Alice's 2' Client Introduction Service Points Lookup 2 Server 16

  17. Onionsites 5. If Bob chooses to talk to Alice, connects to Rendezvous Point 6. Rendezvous Point mates the circuits from Alice and Bob Rendezvous 6 Point 5 1 T h e i m a 3 g e c a n n 1 o t 4 Bob's 1 Server Alice's 2' Client Introduction Service Points Lookup 2 Server 17

  18. Onionsites Final resulting communication channel Rendezvous Point The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have The image cannot be been corrupted. displayed. Your Restart your computer may not computer, and then have enough memory open the file again. If to open the image, or the red x still the image may have appears, you may been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may Bob's Server Alice's Client 18

  19. .onions are not Human Meaningful 3g2upl4pq6kufc4m.onion 19

  20. .onions are not Human Meaningful 3g2upl4pq6kufc4m.onion 20

  21. Zooko’s Triangle for Names Human Meaningful Secure Decentralized ● Can generally obtain any two out of three 21

  22. Zooko’s Triangle for Names Human Meaningful Duck DuckGo 3g2upl4pq6kufc4m.onion Secure Decentralized ● Can generally obtain any two out of three 22

  23. Zooko’s Triangle for Names Human Meaningful Duck DuckGo 3g2upl4pq6kufc4m.onion Secure Decentralized TLS Certificate 23

  24. Problems with TLS Certs Can be: ● Costly ● Time consuming ● Hard to set up ● Not typically available for .onion (EV only) 24

  25. Problems with TLS Certs Can be: ● Costly ● Time consuming ● Hard to set up ● Not typically available for .onion (EV only) ● Let’s Encrypt: Free, Easy, Fast CA w/ backing of Mozilla, EFF, Akamai, Cisco, etc. 25

  26. Problems with TLS Certs Can be: ● Costly ● Time consuming ● Hard to set up ● Not typically available for .onion (EV only) ● Let’s Encrypt: Free, Easy, Fast CA w/ backing of Mozilla, EFF, Akamai, Cisco, etc. ● Not available for a few months yet 26

  27. More problems with TLS Certs ● Subject to hijacking ● HTTPS Observatory, Certificate Transparency, Perspectives, reveal shenanigans 27

  28. More problems with TLS Certs ● Subject to hijacking ● Trust relations opaque to users ● HTTPS Observatory, Certificate Transparency, Perspectives, reveal shenanigans 28

  29. Our solution ● Set up onionsite corresponding to clearnet website – Might or might not be identical site or even on single web service instance ● Place GPG signature binding onionsite and clearnet website 29

  30. 30

  31. 31

  32. Advantages of PGP/GPG binding of onionsites to ordinary URL sites ● Can be done by anyone right now using existing software ● Site trust is based on known established trust relations (web of trust) – Seymour’s Bay Chamber of Commerce signs Bob’s Burgers website cert ● Not subject to MitM or hijacking ● Can be used instead of/until various proposals for web of trust with novel name system or TLS cert infrastructure grow 32

  33. Current Limitations of PGP/GPG binding of onionsites to ordinary URL sites ● Not currently automated – should be straightforward to do so (Monkeysphere) – Ahmia (onionsite search engine) suggests providing results linking clearnet to onion sites and signature validation. Simple plugin could check. ● Not as widely familiar as TLS and not integrated with traditional browser TLS encryption and authentication – could support both X.509 certs and GPG certs (Monkeysphere) 33

  34. More advantages of using onionsites for authentication ● Don’t need to register a domain name at all to have recognizable, secure, webpage – post signed onion address on Facebook Page, Wordpress Blog, etc. – Facebook’s Cert not much use here for personal content assurance ● Route security & server hiding still useful for – personal (or minimally shared) cloud services – Integrity protection for personal RSS feeds (especially from non-TLS feed sources) 34

  35. Questions? Talk Points ● Onionsites are self-authenticating but not human meaningful ● GPG binding of plain domain names and onions permits authentication that is – to a meaningful name – backed by existing human trust relations – avoids problems of existing TLS Cert infrastructure – available to use right now ● Readily automatable ● Complements rather than replaces existing mechanisms 35

Recommend

Cheap Orthogonal Constraints in Neural Networks: A Simple Parametrization of the Orthogonal and

Cheap Orthogonal Constraints in Neural Networks: A Simple Parametrization of the Orthogonal and

Cheap Orthogonal Constraints in Neural Networks: A Simple Parametrization of the Orthogonal and Unitary Group Mario Lezcano-Casado David Martnez-Rubio Mathematical Institute Department of Computer Science June 12, 2019 Cheap Orthogonal

3.28k views • 17 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Be Fast, Cheap and in Control with SwitchKV Xiaozhou Li Raghav Sethi Michael Kaminsky David G.

Be Fast, Cheap and in Control with SwitchKV Xiaozhou Li Raghav Sethi Michael Kaminsky David G.

Be Fast, Cheap and in Control with SwitchKV Xiaozhou Li Raghav Sethi Michael Kaminsky David G. Andersen Michael J. Freedman Goal: fast and cost-effective key-value store Target: cluster-level storage for modern cloud services Massive

757 views • 16 slides
FASTER @andy_pavlo Yale University Columbia University April 2012 Fast + Cheap Legacy

FASTER @andy_pavlo Yale University Columbia University April 2012 Fast + Cheap Legacy

Making Fast Databases FASTER @andy_pavlo Yale University Columbia University April 2012 Fast + Cheap Legacy Systems TPC-C NewOrder 100% 12.3% Real Work 80% 29.6% Buffer Pool 60% Latching 10.2% CPU Cycles Locking 18.7% 40%

841 views • 32 slides
Operating System Implications of Fast, Cheap, Non-Volatile Memory Adam Morawski MIMUW

Operating System Implications of Fast, Cheap, Non-Volatile Memory Adam Morawski MIMUW

Today memories NVRAM NVRAM and operating systems Summary Bibliography Operating System Implications of Fast, Cheap, Non-Volatile Memory Adam Morawski MIMUW 2012-01-16 Adam Morawski Operating System Implications of Fast, Cheap,

454 views • 23 slides
The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in

The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in

The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in Finse, May 2019 2 Tor: The Second-Generation Onion Router Dingledine, Mathewson, Syverson (Usenix04) What is Tor Tor is a tool to advance

1.01k views • 88 slides
Cheap, Fast, and Good You can have it all with Ruby on Rails Brian McCallister

Cheap, Fast, and Good You can have it all with Ruby on Rails Brian McCallister

Cheap, Fast, and Good You can have it all with Ruby on Rails Brian McCallister brianm@ninginc.com http://www.ning.com/ (c) 2005, Brian McCallister What is Ruby? Dynamic and Interpreted Strong support for OO programming Everything

933 views • 61 slides
Health & Safety Protocols Summer Season 2020 Enjoy the Simple Things in Life Genuine

Health & Safety Protocols Summer Season 2020 Enjoy the Simple Things in Life Genuine

Health & Safety Protocols Summer Season 2020 Enjoy the Simple Things in Life Genuine Hospitality meets High Health & Safety Standards Your stay at a glance Food & Beverage Arrival Guests Rooms All food is served by staff wearing

350 views • 17 slides
scoot Introducing Fast, Cheap, Personal Transportation Free, But Slow (<10 MPH, $0/trip)

scoot Introducing Fast, Cheap, Personal Transportation Free, But Slow (<10 MPH, $0/trip)

scoot Introducing Fast, Cheap, Personal Transportation Free, But Slow (<10 MPH, $0/trip) Cheap, But Slow (<10 MPH, <$4/trip) Fast, But Expensive (>15 MPH, >$5/trip) Fastest, But Most Expensive (>20 MPH, >$10/trip)

566 views • 12 slides
Q&A 1 19/12/2013 9 Simple Steps To an Effective and (Profitable) Website TWITTER Use tag:

Q&A 1 19/12/2013 9 Simple Steps To an Effective and (Profitable) Website TWITTER Use tag:

19/12/2013 9 Simple Steps to an Effective (and Profitable) Website 9 Simple Steps To an Effective and (Profitable) Website Suzi Dafnis Australian Businesswomen s Network 9 Simple Steps To an Effective and (Profitable) Website Q&A 1

198 views • 15 slides
CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and

CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and

CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and Todd Austin Presented by Dan Amelang Background Rise of the Internet created demand for fast and efficient cryptographic processing

309 views • 14 slides
Operating System Implications of Fast, Cheap, Non-Volatile Memory Katelin Bailey , Luis Ceze,

Operating System Implications of Fast, Cheap, Non-Volatile Memory Katelin Bailey , Luis Ceze,

HotOS - XIII Napa, California May 9-11, 2011 Operating System Implications of Fast, Cheap, Non-Volatile Memory Katelin Bailey , Luis Ceze, Steven D. Gribble, Henry M. Levy Department of Computer Science University of Washington NVRAM: a

458 views • 18 slides
Make-up Lab: Osmosis in an Onion Cell This microscope slide is of red onion cells sitting in

Make-up Lab: Osmosis in an Onion Cell This microscope slide is of red onion cells sitting in

Make-up Lab: Osmosis in an Onion Cell This microscope slide is of red onion cells sitting in a bath of distilled water. It is viewed at medium power (100x). Draw these cells in the first circle on your lab paper. Label the cell walls

391 views • 4 slides
Tirgul 6 Primary memory (RAM) : very fast, but costly Secondary storage (disk) : very cheap,

Tirgul 6 Primary memory (RAM) : very fast, but costly Secondary storage (disk) : very cheap,

Motivation Tirgul 6 Primary memory (RAM) : very fast, but costly Secondary storage (disk) : very cheap, but slow Problem: a large D.B. must reside partially on disk. But disk operations are very slow. B-Trees Another kind of

263 views • 4 slides
Fast and Flexible Difference Constraint Propagation for DPLL(T) Scott Cotton Oded Maler

Fast and Flexible Difference Constraint Propagation for DPLL(T) Scott Cotton Oded Maler

Fast and Flexible Difference Constraint Propagation for DPLL(T) Scott Cotton Oded Maler Verimag Centre Equation Grenoble, France SAT, 2006 Outline Introduction Flexible Propagation Motivation Constraint Labels and Theory Interface

274 views • 25 slides
{ Incremental Reasoning A B A B ITC Algorithm Conflict Extraction -l STN Distance

{ Incremental Reasoning A B A B ITC Algorithm Conflict Extraction -l STN Distance

Massachusetts Institute of Technology We Need Fast, Flexible, and Reliable Planning Enabling Fast Flexible Planning through Incremental Temporal Reasoning with ATRV Rover Testbed Robonaut Simulator Conflict Extraction Ishiang Shu,

2.34k views • 5 slides
A Fast, Cheap, High-Entropy Source for IoT Devices Ben Lampert, Riad Wahby, Shane Leonard,Phil

A Fast, Cheap, High-Entropy Source for IoT Devices Ben Lampert, Riad Wahby, Shane Leonard,Phil

A Fast, Cheap, High-Entropy Source for IoT Devices Ben Lampert, Riad Wahby, Shane Leonard,Phil Levis Introduction - How do you evaluate random number generators (RNG) Entropy is a measure of an adversarial information on a sequence of bits given

797 views • 28 slides
DSV XPress fast, flexible, efficient and on time Air & Sea DSV XPress From documents to

DSV XPress fast, flexible, efficient and on time Air & Sea DSV XPress From documents to

DSV XPress fast, flexible, efficient and on time Air & Sea DSV XPress From documents to heavy weight cargo we ship it worldwide at express speed. Whether by special courier or direct delivery, with DSV XPress your shipment is

444 views • 11 slides
Blazing Fast CIS 541 Numerical Methods Computers are extremely fast at performing simple

Blazing Fast CIS 541 Numerical Methods Computers are extremely fast at performing simple

Blazing Fast CIS 541 Numerical Methods Computers are extremely fast at performing simple arithmetic. Machine Representation of Numbers Count from one to 1,000,000,000,000 by one - or - Execute on a Pentium-4 2GHz machine:

247 views • 11 slides
Fast and simple qubit-based synchronization for quantum key distribution merged with Simple and

Fast and simple qubit-based synchronization for quantum key distribution merged with Simple and

Fast and simple qubit-based synchronization for quantum key distribution merged with Simple and robust QKD system with Qubit4Sync temporal synchronization and the POGNAC polarization encoder Index Introduction Qubits4Sync Temporal

609 views • 32 slides
Cheap, Fast and Good! Voting Games with a Purpose Karn Fort , Mathieu Lafourcade, Nathalie Le

Cheap, Fast and Good! Voting Games with a Purpose Karn Fort , Mathieu Lafourcade, Nathalie Le

Cheap, Fast and Good! Voting Games with a Purpose Karn Fort , Mathieu Lafourcade, Nathalie Le Brun karen.fort@paris-sorbonne.fr 7 mai 2018 1 / 28 A central game: JeuxDeMots Developing voting games The voting games Conclusions and

542 views • 31 slides
Using ElasticSearch as a fast, flexible, and scalable solution to search occurrence records and

Using ElasticSearch as a fast, flexible, and scalable solution to search occurrence records and

Using ElasticSearch as a fast, flexible, and scalable solution to search occurrence records and checklists Christian Gendreau, Canadensys Marie-Elise Lecoq, GBIF France Introduction ElasticSearch is an open source, document oriented, distributed

612 views • 20 slides
Fast and Flexible Inference of Joint Distributions from their Marginals Charlie Frogner and

Fast and Flexible Inference of Joint Distributions from their Marginals Charlie Frogner and

Fast and Flexible Inference of Joint Distributions from their Marginals Charlie Frogner and Tomaso Poggio known ? unknown wikipedia Existing work : Limited to Bernoulli marginals, or relaxes the problem, or relies on approximate

283 views • 5 slides

More recommend