Recent Changes and Advances in Tor Tran, Tuan Tu Technische - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Recent Changes and Advances in Tor Tran, Tuan Tu Technische Universität München Seminar Future Internet SS2018 Departments of Informatics München, 06. April 2018

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Imagine a dystopia … A oppressive regime … A world where …

Chair of Network Architectures and Services Department of Informatics Technical University of Munich …CAT PICTURES ARE BANNED Intro joke do not take seriously CAT But there is hope: The Tor Network

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Overview Tor network: Basic structure and function • communicating through circuit • hidden service Threats/Attack taxonomy • fingerprinting • correlation (In particular: Asymmetric Traffic Analysis) • censorship Countermeasures Some unsolved issues of the Tor network

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Tor Network: Basic structure and function Client/ Server Onion proxy TLS Connection TLS Connection Onion router Onion router Onion router

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Basic structure and function The data is transported in cells through the circuit Client/ Server Onion proxy Entry node Exits node Middle node

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Circuits construction: Key negotiation Client Entry node n1 C. choose secret x1 (E (object, key) = Encrypted) Create cell: E(g^x1, n1 onion key) n1 choose secret y1 Compute: (g^x1)^y1 Created cell: g^y1; H((g^x1)^y1) Compute: (g^y1)^x1 Common key k1: (g^y1)^x1 = (g^x1)^y1 = g^(x1*y2)

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Circuits construction: Extending circuit Entry node n1 Client Middle node n2 E(Extend cell: E(g^x2, o.key n2), k1 ) Repackage Extend Cell in a Create cell Created cell: g^y2; H((g^x2)^y2) Repackage Created Cell Extended cell Only client and n2 now knows common key k2

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Circuits construction: relaying data Exit node n3 Entry node n1 Client K1 K2 K2 K3 K3 Pay Server …. Pay Pay Load Load Load Encrypted with k1

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Circuits construction: relaying data Exit node n3 Entry node n1 Client K1 K2 K3 Pay K3 Pay Server …. Pay Load Load Load

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Basic structure and function Directory Server Descriptor: Information about the node like the public identity key, addresses Client Server Onion router Onion router Onion router

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Basic structure and function Directory Server Information about the network like addresses of the nodes Client Server Onion router Onion router Onion router

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Hidden service Distributed Distributed Hash table Hash table Server Client Introduction Point Onion router Onion router

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Hidden service Distributed Distributed Hash table Hash table Descriptor: Introduction point , public key Server Client Introduction Point Onion router Onion router

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Hidden service Distributed Distributed Hash table Hash table Out of Band : .onion address of Service Server retrieve descriptor Client Introduction Point Onion router Onion router

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Hidden service Distributed Distributed Hash table Hash table Server Connect to introduction point Client Introduction Point Choose rendezvous point rendezvous point Onion router

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Hidden service Distributed Distributed Hash table Hash table Server Client Introduction Point rendezvous point Onion router

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Threats/Attack taxonomy Different type of attacks against the Tor network: • Fingerprinting Attacks Website Fingerprinting − Keyword Fingerprinting − • Asymmetric Traffic Analysis • Attacks against censorship circumvention

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Website Fingerprinting Adversary Analysing traffic pattern, like number of packets send/receive Client Entry node Tor TLS encrypted connection

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Website Fingerprinting: Pattern Webpage Html file Client Image 1 Image file of webpage send in a specific number of packets …

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Website Fingerprinting Adversary Samples Analysing Client Server Tor Packets

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Website Fingerprinting: Test Results ( according to Analysis of Fingerprinting Techniques for Tor Hidden Service ) Do not scale well to increasing number of websites With the growing numbers of hidden services, attack may be less effective

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Keyword Fingerprinting Search engine like Google are an essential part of Internet Search queries also contain a lot of information about us Adversary maintains list of monitored phrases (keywords) Finding the Tor connections carry the search result traces The goal of this attack is to learn about the search queries of a user

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Keyword Fingerprinting: Attack Scenario Adversary Client Search Engine Tor TLS encrypted connection

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Keyword Fingerprinting Monitored Keyword List Adversary Cat picture Cat video … Analysing Client Tor Search Engine Searching cat video

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Keyword fingerprinting: Test Result ( according to Fingerprinting Keywords in Search Queries over Tor ) Precision decreased with the increase of possible unwanted search queries Incremental search (JavaScript enabled) carries more information for the adversary Keyword fingerprinting attacks in all his variants showed reasonable result and resemble a new threat against Tor

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Asymmetric Traffic Analysis Conventional attacks often only assume: • the adversary can monitor the traffic entering Tor and existing Tor in the same direction New attack : • identify the correlation traffic, if adversary is able to monitor any direction of the traffic Possible adversary: Autonomous Systems (ISP,…)

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Asymmetric Traffic Analysis: Attack Scenario

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Asymmetric Traffic Analysis: Test Results Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal. RAPTOR: Routing attacks on privacy in Tor. In Proceedings of the 24th USENIX Security Symposium August 2015

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Attacks against censorship circumvention Prevent clients to use Tor is to block access to Tor network entirely Directory Server Address Blocking Client Tor

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Attacks against censorship circumvention Alternatively the adversary can block any Tor traffic regardless of source or destination Possible through easy distinguishable Tor certificate used for the TLS connection • SubjectCN=www.[random].com • IssuerCN=www.[random].net • [random] : random string with a length of 8 to 20 characters Client ….

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Possible countermeasures Defences against Traffic analysis • Application Layer Padding Concerns Adversaries (ALPaCA) • Lightweight application-Layer Masquerading Add-on (LLaMA) Measure against hindrance of censorship circumvention • Bridges • Pluggable Transports