overview of tor issues
play

Overview of Tor issues Roger Dingledine The Tor Project - PowerPoint PPT Presentation

Jan 25, 2024 •138 likes •854 views

Overview of Tor issues Roger Dingledine The Tor Project https://torproject.org/ 1 Today's plan 0) Crash course on Tor 1) History of Tor censorship attempts 2) Attacks on low-latency anonymity 3) Tor performance issues 4)

  1. Overview of Tor issues Roger Dingledine The Tor Project https://torproject.org/ 1

  2. Today's plan ● 0) Crash course on Tor ● 1) History of Tor censorship attempts ● 2) Attacks on low-latency anonymity ● 3) Tor performance issues ● 4) Next research questions 2

  3. What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, ... 3

  4. The Tor Project, Inc. 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy 4

  5. Estimated 400,000? daily Tor users 5

  6. Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 6

  7. Anonymity serves different interests for different user groups. “It's reachability!” Human rights “It's traffic-analysis activists resistance!” Businesses Governments Anonymity “It's network security!” Private citizens “It's privacy!” 7

  8. The simplest designs use a single relay to hide connections. Bob1 Alice1 E(Bob3,“X”) “Y” Relay Alice2 “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 (example: some commercial proxy providers) 8

  9. But a single relay (or eavesdropper!) is a single point of failure. Bob1 Alice1 E(Bob3,“X”) “Y” Evil Alice2 Relay “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 9

  10. ... or a single point of bypass. Bob1 Alice1 E(Bob3,“X”) “Y” Irrelevant Alice2 Relay “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 Timing analysis bridges all connections ⇒ An attractive fat target through relay 10

  11. So, add multiple relays so that no single one can betray Alice. Bob Alice R1 R3 R5 R4 R2 11

  12. A corrupt first hop can tell that Alice is talking, but not to whom. Bob Alice R1 R3 R5 R4 R2 12

  13. A corrupt final hop can tell that somebody is talking to Bob, but not who. Bob Alice R1 R3 R5 R4 R2 13

  14. Alice makes a session key with R1 ...And then tunnels to R2...and to R3 Bob Alice R1 R3 Bob2 R5 R4 R2 14

  15. Today's plan ● 0) Crash course on Tor ● 1) History of Tor censorship attempts ● 2) Attacks on low-latency anonymity ● 3) Tor performance issues ● 4) Next research questions 15

  16. Smartfilter/Websense (2006) ● Tor used TLS for its encrypted connection, and HTTP for fetching directory info. ● Smartfilter just cut all HTTP GET requests for “/tor/...” 16

  17. Iran/Saudi Arabia/etc (2007) ● Picked up these Smartfilter/Websense rules by pulling an update ● The fix was to tunnel directory fetches inside the encrypted connection ● When Iran kicked out Smartfilter in early 2009, Tor's old (non-TLS) directory fetches worked again! 17

  18. Iran throttles SSL (June 2009) ● We made Tor's TLS handshake look like Firefox+Apache. ● So when Iran freaked out and throttled SSL bandwidth by DPI in summer 2009, they got Tor for free 18

  19. Tunisia (summer 2009) ● As of the summer of 2009, Tunisia used Smartfilter to filter every port but 80 and 443 ● And if they didn't like you, they could block 443 just for you ● You could use a Tor bridge on port 80, but couldn't bootstrap into the main network ● So we set up a Tor directory authority doing TLS on port 80 19

  20. China (September 2009) ● China grabbed the list of public relays and blocked them ● They also enumerated one of the three bridge buckets (the ones available via https://bridges.torproject.org/) ● But they missed the other bridge buckets. 20

  21. Relay versus Discovery There are two pieces to all these “proxying” schemes: a relay component: building circuits, sending traffic over them, getting the crypto right a discovery component: learning what relays are available 21

  22. The basic Tor design uses a simple centralized directory protocol. cache S1 Trusted directory Alice S2 Alice downloads consensus and Trusted directory cache descriptors from anywhere Authorities S3 publish a consensus Servers publish list of all descriptors self-signed descriptors. 22

  23. Attackers can block users from connecting to the Tor network By blocking the directory authorities By blocking all the relay IP addresses in the directory By filtering based on Tor's network fingerprint By preventing users from finding the Tor software 23

  24. Alice Alice Alice Blocked Alice Alice User R3 Alice Blocked R4 Bob User Alice Alice R2 Blocked User Alice R1 Alice Blocked Alice User Alice Blocked Alice User Alice Alice 24

  25. How do you find a bridge? 1) https://bridges.torproject.org/ will tell you a few based on time and your IP address 2) Mail bridges@torproject.org from a gmail address and we'll send you a few 3) I mail some to a friend in Shanghai who distributes them via his social network 4) You can set up your own private bridge and tell your target users directly 25

  26. 26

  27. 27

  28. China (March 2010) ● China enumerated the second of our three bridge buckets (the ones available at bridges@torproject.org via Gmail) ● We were down to the social network distribution strategy, and the private bridges 28

  29. 29

  30. Iran (January 2011) ● Iran blocked Tor by DPI for SSL and filtering our Diffie-Hellman parameter. ● Socks proxy worked fine the whole time (the DPI didn't pick it up) ● DH p is a server-side parameter, so the relays and bridges had to upgrade, but not the clients 30

  31. 31

  32. Egypt (January 2011) ● When Egypt unplugged its Internet, no more Tor either. 32

  33. 33

  34. Libya (March-July 2011) ● Libya might as well have unplugged its Internet. ● But they did it through throttling, so nobody cared. 34

  35. 35

  36. Syria (June 2011) ● One ISP briefly DPIed for Tor's TLS renegotiation and killed the connections. ● A week later, that ISP went offline. When it came back, no more Tor filters. ● Who was testing what? 36

  37. 37

  38. Iran (September 2011) ● This time, DPI for SSL and look at our TLS certificate lifetime. ● (Tor rotated its TLS certificates every 2 hours, because key rotation is good, right?) ● Now our certificates last for a year ● These are all low-hanging fruit. How do we want the arms race to go? 38

  39. 39

  40. October 2011 advances? ● Iran DPIs for SSL, recognizes Tor, and throttles rather than blocks? ● China DPIs for SSL, does active follow-up probing to see what sort of SSL it is? 40

  41. Today's plan ● 0) Crash course on Tor ● 1) History of Tor censorship attempts ● 2) Attacks on low-latency anonymity ● 3) Tor performance issues ● 4) Next research questions 41

  42. Operational attacks ● You need to use https – correctly. ● Don't use Flash. ● Who runs the relays? ● What local traces does Tor leave on the system? ● ...Different talk. 42

  43. Traffic confirmation ● If you can see the flow into Tor and the flow out of Tor, simple math lets you correlate them. ● Feamster's AS-level attack (2004), Edman's followup (2009), Murdoch's sampled traffic analysis attack (2007). 43

  44. Countermeasures? ● Defensive dropping (2004)? Adaptive padding (2006)? ● Traffic morphing (2009), Johnson (2010) ● Tagging attack, traffic watermarking 44

  45. Tor gives three anonymity properties ● #1 : A local network attacker can't learn, or influence, your destination. – Clearly useful for blocking resistance. ● #2 : No single router can link you to your destination. – The attacker can't sign up relays to trace users. ● #3 : The destination, or somebody watching it, can't learn your location. – So they can't reveal you; or treat you differently. 45

  46. Tor's safety comes from diversity ● #1: Diversity of relays. The more relays we have and the more diverse they, the fewer attackers are in a position to do traffic confirmation. (Research problem: measuring diversity over time) ● #2: Diversity of users and reasons to use it. 60000 users in Iran means almost all of them are normal citizens. 46

  47. Website fingerprinting ● If you can see an SSL-encrypted link, you can guess what web page is inside it based on size. ● Does this attack work on Tor? “maybe” ● Considering multiple pages (e.g. via hidden Markov models) would probably make the attack even more effective. 47

  48. Low-resource routing attacks ● Bauer et al (WPES 2009) ● Clients use the bandwidth as reported by the relay ● So you can sign up tiny relays, claim huge bandwidth, and get lots of traffic ● Fix is active measurement. 48

  49. Long-term passive attacks ● Matt Wright's predecessor attack ● Øverlier and Syverson, Oakland 2006 ● The more circuits you make, the more likely one of them is bad ● The fix: guard relays 49

  50. Denial of service as denial of anonymity ● Borisov et al, CCS 2007 ● If you can't win against a circuit, kill it and see if you win the next one ● Guard relays also a good answer here. 50

Recommend

HRS HRS Overview Overview Workplace Workplace Issues Issues Presented by: Human Resource

HRS HRS Overview Overview Workplace Workplace Issues Issues Presented by: Human Resource

HRS HRS Overview Overview Workplace Workplace Issues Issues Presented by: Human Resource Services August 2015 Workplace place V Viole olence ce and and Bully llying ing WSU Business U Business Polic Policy and y and Proc

339 views • 13 slides
Overview Course overview and administrative issues 15-441/641: Computer Networks

Overview Course overview and administrative issues 15-441/641: Computer Networks

8/26/2019 Overview Course overview and administrative issues 15-441/641: Computer Networks Packet-switched networking fundamentals Introduction The Web as a motivating application (P1 preview) How to build an Internet: the

993 views • 19 slides
Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues Related to Puerto Ricos Debt Restructuring by Sergio M. Marxuach Center for a New Economy February 25, 2020 CNE Puerto Ricos Think Tank

347 views • 13 slides
COVID-19 Back to Work Location Strategies and Check List Outline of Issues Overview of Key

COVID-19 Back to Work Location Strategies and Check List Outline of Issues Overview of Key

COVID-19 Back to Work Location Strategies and Check List Outline of Issues Overview of Key issues Plan for Common Sense Scheduling Building and Facilities Testing HR Issues In-Floor Areas Other Considerations

157 views • 12 slides
.fr BCP Plan overview Major risks and threats Corrupted data Datacenter issues HR issues

.fr BCP Plan overview Major risks and threats Corrupted data Datacenter issues HR issues

ICANN 62 Rgis Mass .fr BCP Plan overview Major risks and threats Corrupted data Datacenter issues HR issues Corrupted master zonefile. Loss of one of the Datacenters. Impossibility for the team to access to Modified data linked to

245 views • 5 slides
Issues Report overview I 1. Issues of relevance for selection criteria 1.1 Does the operation of

Issues Report overview I 1. Issues of relevance for selection criteria 1.1 Does the operation of

Issues Report overview I 1. Issues of relevance for selection criteria 1.1 Does the operation of an IDN TLD registry require particular additional competences that should be reflected in selection criteria? 1.2 How far is it essential to

477 views • 4 slides
12/17/2014 Overview Legal Issues in Sign Unique Considerations More than advertising

12/17/2014 Overview Legal Issues in Sign Unique Considerations More than advertising

12/17/2014 Overview Legal Issues in Sign Unique Considerations More than advertising Constitutional Issues Regulation Time, Place and Manner Judicial Review: Rational Basis, Scrutiny Prior Restraint

430 views • 5 slides
CURRENT ISSUES IN FLORIDA LAND USE LAW ISSUES IN FLORIDA LAND USE LAW Florida Land Use Law

CURRENT ISSUES IN FLORIDA LAND USE LAW ISSUES IN FLORIDA LAND USE LAW Florida Land Use Law

CURRENT ISSUES IN FLORIDA LAND USE LAW ISSUES IN FLORIDA LAND USE LAW Florida Land Use Law Overview Issues related to Developments of Regional Impact (DRIs) Issues related to Comprehensive Land Use Planning Issues related to

495 views • 31 slides
Frequency Response Frequency Response Standard Standard Technical Issues Technical Issues

Frequency Response Frequency Response Standard Standard Technical Issues Technical Issues

Frequency Response Frequency Response Standard Standard Technical Issues Technical Issues Howard F. Illian, President Energy Mark, Inc. November 15, 2006 Overview Overview Frequency Response Measurement Central vs. Local

381 views • 15 slides
Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
1 PREVENT ISSUES ANALYZE ISSUES WWi Corrective Action Graphs and Reports Improved

1 PREVENT ISSUES ANALYZE ISSUES WWi Corrective Action Graphs and Reports Improved

Wir ireless Inn Innovations Im Impr proving Pro roductivity 2 CORRECT ISSUES DISPLAY ISSUES Immediate Communications Visual Display Software VT3000 Innovative Wireless System For the Production Floor 1 PREVENT ISSUES ANALYZE ISSUES

575 views • 24 slides
1 PREVENT ISSUES ANALYZE ISSUES WWi Corrective Action Graphs and Reports Improved

1 PREVENT ISSUES ANALYZE ISSUES WWi Corrective Action Graphs and Reports Improved

Wir ireless Inn Innovations Im Impr proving Pro roductivity 2 CORRECT ISSUES DISPLAY ISSUES Immediate Communications Visual Display Software VT3000 Innovative Wireless System For the Production Floor 1 PREVENT ISSUES ANALYZE ISSUES

675 views • 26 slides
CMS 101 For questions or issues: go.pacific.edu/WebRequest Overview Introductions What

CMS 101 For questions or issues: go.pacific.edu/WebRequest Overview Introductions What

CMS 101 For questions or issues: go.pacific.edu/WebRequest Overview Introductions What is a CMS? What is Workflow? Logging into the CMS and overview of CMS interface Creating a folder Creating a Detail Page Text

140 views • 13 slides
Grid Authentication and Authorisation Issues kos Frohner at CERN Overview Setting the

Grid Authentication and Authorisation Issues kos Frohner at CERN Overview Setting the

Grid Authentication and Authorisation Issues kos Frohner at CERN Overview Setting the scene: requirements Old style authorisation: DN based gridmap-files Overview of the EDG components VO user management: VOMS

384 views • 21 slides
Human Rights Due Diligence Overview of issues related to migrant workers protection and

Human Rights Due Diligence Overview of issues related to migrant workers protection and

Human Rights Due Diligence Overview of issues related to migrant workers protection and ethical supply chain management Ms. Anna Platonova Senior Programme Manager IOM Thailand IOM overview Established in 1951, IOM is the UN

344 views • 11 slides
Policy Overview for identification and discussion of issues associated with the Alachua County

Policy Overview for identification and discussion of issues associated with the Alachua County

Policy Overview for identification and discussion of issues associated with the Alachua County Comprehensive Plan Evaluation & Appraisal and Update Environmental Protection Advisory Committee: August 1, 2017 Conservation and Open Space

697 views • 24 slides
Ac Accommoda commodating ng Wo Workplace Issues Issues Re Related to to Me Mental al Health

Ac Accommoda commodating ng Wo Workplace Issues Issues Re Related to to Me Mental al Health

Ac Accommoda commodating ng Wo Workplace Issues Issues Re Related to to Me Mental al Health Health Vicky Satta Kevin MacNeill www.ehlaw.ca December 2, 2015 Session Session Over Overview view Violence and Mental Health Balancing OHS

289 views • 16 slides
An Overview of Hamlet Issues The Sanitary Sewage Plant Upgrade and The Extension of Sewer and

An Overview of Hamlet Issues The Sanitary Sewage Plant Upgrade and The Extension of Sewer and

An Overview of Hamlet Issues The Sanitary Sewage Plant Upgrade and The Extension of Sewer and Water to West Hamlet Industrial Park April 2015 1 Introduction There are two separate issues associated with Hamlet . . . the sanitary sewage

624 views • 24 slides
Pulmonary adenocarcinoma Issues, Issues and more issues. Why the headache? Alain Borczuk In

Pulmonary adenocarcinoma Issues, Issues and more issues. Why the headache? Alain Borczuk In

Pulmonary adenocarcinoma Issues, Issues and more issues. Why the headache? Alain Borczuk In this talk, I will try to focus on three issues in pulmonary adenocarcinoma classification, multiple nodules, and invasive size determination.

171 views • 3 slides
Big Data overview, issues, challenges and opportunities C. Onime (onime@ictp.it) 1 Outline

Big Data overview, issues, challenges and opportunities C. Onime (onime@ictp.it) 1 Outline

Big Data overview, issues, challenges and opportunities C. Onime (onime@ictp.it) 1 Outline Interactive session Introduction to Big-Data Issues/challenges Taxonomy classifications Conclusion Opportunities and future 2

833 views • 42 slides
Overview of Issues Relating to the Institutional Structure for Sustainable Development World

Overview of Issues Relating to the Institutional Structure for Sustainable Development World

Overview of Issues Relating to the Institutional Structure for Sustainable Development World Leadership Conference: Asia-Pacific Towards Rio+20, Singapore 15 July 2011 Mark Elder Principal Researcher Director, Governance & Capacity Group

488 views • 21 slides
Some Technical/Architectural Issues Overview Update and discussion of some ongoing work

Some Technical/Architectural Issues Overview Update and discussion of some ongoing work

Some Technical/Architectural Issues Overview Update and discussion of some ongoing work Packet format, system design, tech memos. LINK, ENCAP, NACK Routing scalability Name discovery, selectors. Variable-length header

278 views • 23 slides
Meals-on-Wheels for Older People in Ireland: Overview and Operational Issues Virpi Timonen

Meals-on-Wheels for Older People in Ireland: Overview and Operational Issues Virpi Timonen

Meals-on-Wheels for Older People in Ireland: Overview and Operational Issues Virpi Timonen Trinity College Dublin Overview of presentation Short introduction to the study How we conducted the study Central characteristics of MOW

210 views • 17 slides
Overview of Key U.S. Compliance Issues for International Banks U.S. Regulatory/Compliance

Overview of Key U.S. Compliance Issues for International Banks U.S. Regulatory/Compliance

Overview of Key U.S. Compliance Issues for International Banks U.S. Regulatory/Compliance Orientation for Head Office and Recently Arrived Officers of International Banks Scott A. Anenberg July 20, 2010 Partner 202-263-3303

790 views • 24 slides

More recommend