how do tor users interact with onion services
play

How Do Tor Users Interact With Onion Services? Philipp Winter, Annie - PowerPoint PPT Presentation

How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson , Laura Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster USENIX Security Symposium 15 August 2018 1 Tor is a Decentralized Anonymity Network The


  1. How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson , Laura Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster USENIX Security Symposium 15 August 2018 1

  2. Tor is a Decentralized Anonymity Network The Tor network 2

  3. Onion Services Provide Server Anonymity The Tor network 3

  4. How Do Users Interact with Onion Services? ● What are users’ mental models of onion services? ● How do users use and manage onion services? ● What are the challenges of using onion services? 4

  5. Main Findings Despite extra security and privacy properties of onion services, many users are confronted with usability issues ● Discovering the existence of onion services ● Managing and remembering onion domains ● Susceptibility to phishing attacks We can learn from the issues users have encountered to implement design improvements 5

  6. Overview 1. Onion Services Background + Features 2. Methods 3. Results a. Onion Sites Discovery b. Vanity Domains c. Verifying Onion Sites 4. Future Directions & Conclusions 6

  7. http://expyuzz4wqqyqhjn.onion 7

  8. Special-use domain http://expyuzz4wqqyqhjn.onion 8

  9. Truncated, base 32-encoded hash over RSA public key http://expyuzz4wqqyqhjn.onion 9

  10. Not limited to HTTP(S) http://expyuzz4wqqyqhjn.onion 10

  11. Onion Service UI is Designed to be Seamless 11

  12. Onion Service UI is Designed to be Seamless 12

  13. Onion Service UI is Designed to be Seamless 13

  14. Onion Service UI is Designed to be Seamless 14

  15. Onion Services are Self-authenticating The Tor network 3wcwjjnuvjyazeza.onion 3wcwjjnuvjyazeza 15

  16. Onion Services are Self-authenticating The Tor network 3wcwjjnuvjyazeza.onion 3wcwjjnuvjyazeza Public key 16

  17. Onion Services are Self-authenticating The Tor network 3wcwjjnuvjyazeza.onion 3wcwjjnuvjyazeza SHA-1 Public key 17

  18. Onion Services are End-to-end Encrypted The Tor network 3wcwjjnuvjyazeza 18

  19. Onion Services are End-to-end Encrypted The Tor network 3wcwjjnuvjyazeza 19

  20. Both Client and Server are Anonymous The Tor network 3wcwjjnuvjyazeza 20

  21. Both Client and Server are Anonymous I talk to the client The Tor network through relay R2 I have no idea who I’m talking to I talk to the onion service through relay R2 3wcwjjnuvjyazeza 21

  22. While onion services provide anonymity benefits, they are not perfect. ● Susceptible to traffic analysis attacks ● Configuration errors ● Usability issues 22

  23. Overview 1. Onion Services Background + Features 2. Methods 3. Results a. Onion Sites Discovery b. Vanity Domains c. Verifying Onion Sites 4. Future Directions & Conclusions 23

  24. How Do Users Interact with Onion Services? ● What are users’ mental models of onion services? ● How do users use and manage onion services? ● What are the challenges of using onion services? 24

  25. How Do Users Interact with Onion Services? Mixed-method user study Interviews Survey DNS B Root Data 25

  26. How Do Users Interact with Onion Services? Mixed-method user study Interviews Survey DNS B Root Data ● N=17 ● Diverse backgrounds ● Exploratory 26

  27. How Do Users Interact with Onion Services? Mixed-method user study Interviews Survey DNS B Root Data ● N=17 ● N=517 ● Diverse ● 49 questions (mix backgrounds of open-ended and closed-ended) ● Exploratory ● 4 attention checks 27

  28. How Do Users Interact with Onion Services? Mixed-method user study Interviews Survey DNS B Root Data ● N=17 ● N=517 ● ~2 days of data ● Diverse ● 49 questions (mix ● Filtered correctly backgrounds of open-ended and formatted .onion closed-ended domains ● Exploratory ● 4 attention checks ● 15,471 leaked onion domains 28

  29. Overview 1. Onion Services Background + Features 2. Methods 3. Results a. Onion Sites Discovery b. Vanity Domains c. Verifying Onion Sites 4. Future Directions & Conclusions 29

  30. Makeshift Solutions Ease Onion Discovery 30

  31. Makeshift Solutions Ease Onion Discovery 31

  32. Makeshift Solutions Ease Onion Discovery 32

  33. Makeshift Solutions Ease Onion Discovery 33

  34. 34

  35. 35

  36. 36

  37. I wasn't aware that onion site search engines exist. It's been near impossible for me to find them so far. Survey Respondent (S195) 37

  38. Onion Domain Management is Chaotic 38

  39. Onion Domain Management is Chaotic 39

  40. Onion Domains are Difficult to Remember 40

  41. Onion Domains are Difficult to Remember Meaningful prefixes appear to make remembering easier 41

  42. Phonetic pronunciation plays a large part in how I remember onions. Survey Respondent (S46) 42

  43. Vanity Onion Domains propub3r6espa33w.onion nytimes3xbfgragh.onion facebookcorewwwi.onion protonirockerxow.onion 43

  44. Vanity Onion Domains ● Generate onion domains until hash resembles desired string propub3r6espa33w.onion ● The good: nytimes3xbfgragh.onion ○ Hints at onion service content facebookcorewwwi.onion ● The bad: protonirockerxow.onion ○ Breeds false sense of security ○ Economically unfair 44

  45. I only memorize the first part of the domain. Survey Respondent (S96) 45

  46. I understand vanity onion domains are a sign of the weakness of the hash algorithm used by Tor. Survey Respondent (S454) 46

  47. These people who created their onion name using scallion or other tools should notice that other people can make [the] same private key. Survey Respondent (S552) 47

  48. Onion Lookups Suggest Typos or Phishing hydraruzxpnew4af.onion hydraruzxpnew3af.onion 48

  49. Onion Lookups Suggest Typos or Phishing 529 occurrences in hydraruzxpnew4af.onion DNS dataset 2 occurrences in hydraruzxpnew3af.onion DNS dataset 49

  50. Onion Lookups Suggest Typos or Phishing 529 occurrences in hydraruzxpnew4af.onion DNS dataset 2 occurrences in hydraruzxpnew3af.onion DNS dataset Unique, correctly-formatted Jaro-Winkler Weight results by onion domains similarity score frequency 50

  51. Onion Lookups Suggest Typos or Phishing 51

  52. Onion Lookups Suggest Typos or Phishing Russian Market DuckDuckGo The Hidden Wiki 52

  53. Onion Sites are Hard to Verify as Authentic 53

  54. Onion Sites are Hard to Verify as Authentic 54

  55. Onion Sites are Hard to Verify as Authentic 55

  56. Summary of Findings ● Discovering onion services is challenging because they are private by default ● Vanity domains are more memorable but provide a false sense of security ● Users are lacking a way to verify the authenticity of onion domains 56

  57. Overview 1. Onion Services Background + Features 2. Methods 3. Results a. Onion Sites Discovery b. Vanity Domains c. Verifying Onion Sites 4. Future Directions & Conclusions 57

  58. Making Onion Domains More Usable ● Make it easier for site foo.com to announce its onion service ● Allow onion service operators to opt-in to publishing mechanism ● Have Tor Browser help with encrypted bookmarks ● Better documentation and education 58

  59. Conclusion Despite extra security and privacy properties of onion services, many users are confronted with usability issues ● Susceptibility of onion services to phishing attacks ● Discovering the existence of onion services ● Managing and remembering onion domains 59

  60. Conclusion Despite extra security and privacy properties of onion services, many users are confronted with usability issues ● Susceptibility of onion services to phishing attacks ● Discovering the existence of onion services ● Managing and remembering onion domains We can learn from the issues users have encountered to implement design improvements ● Better discovery mechanisms ● Better verification mechanisms 60

  61. Questions? More info at: https://nymity.ch/onion-services/ https://hci.princeton.edu https://citp.princeton.edu/ Sponsored by: 61

Recommend


More recommend