the onion router tor onion encryption served three ways
play

The Onion Router (Tor): Onion Encryption Served Three Ways Martijn - PowerPoint PPT Presentation

Sep 01, 2023 •115 likes •1.01k views

The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in Finse, May 2019 2 Tor: The Second-Generation Onion Router Dingledine, Mathewson, Syverson (Usenix04) What is Tor Tor is a tool to advance

  1. The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in Finse, May 2019

  2. 2 Tor: The Second-Generation Onion Router Dingledine, Mathewson, Syverson (Usenix’04) What is Tor Tor is a tool to advance anonymity on the Internet. Designers’ Aim of Tor Tor seeks to frustrate attackers from linking communication part- ners, or from linking multiple communications to or from a single user. Tor has since grown into a project incl. a browser etc.

  3. Outline First half 1 Aspects of Anonymity How Tor works 2 High Level Low Level Threats to Tor 3 Traffic Analysis Tagging Attacks

  4. Outline Second half 4 Why Model Tor PETS Model 5 Rogaway and Zhang, 2018 6 Eurocrypt Model Degabriele and Stam, 2018 Conclusion 7 Comparison and Future Challenges

  5. Aspects of Anonymity 5 Aims of Anonymity User-Centric A X B Y C Z User’s Perspective Prevent websites from tracking me Access web services that are otherwise blocked Hide which websites I’m visiting Publish a websites without revealing my location etc.

  6. Aspects of Anonymity 6 Tracking Users Prevent websites from tracking me Fingerprinting Websites Adversary is the website being visited Goals could be identifying or linking users This talk: Out of scope TOR-browser can help protect you

  7. Aspects of Anonymity 7 Censoring Access web services that are otherwise blocked Fingerprinting Websites Adversary might be your ISP Goals is to filter out “bad” traffic This talk: Out of scope Format Transforming Encryption can help

  8. Aspects of Anonymity 8 Deanonymization Hide which websites I’m visiting Different Goals Deanonymize as much traffic as possible Determine users of a specific website Determine which websites a specific user visits Link users across time and space

  9. Aspects of Anonymity 8 Deanonymization Hide which websites I’m visiting Adversarial Capabilities Seeing incoming and outgoing traffic Observing part of the network Controlling part of the network Plus possible some endpoints

  10. Aspects of Anonymity 8 Deanonymization Hide which websites I’m visiting User Expectations (Hypothetical) Noone can see who I am Noone can see what I am doing Noone can profile me

  11. How Tor works High Level 9 Tor: The Second-Generation Onion Router Dingledine, Mathewson, Syverson (Usenix’04) What is Tor Tor is a tool to advance anonymity on the Internet. Designers’ Aim of Tor Tor seeks to frustrate attackers from linking communication part- ners, or from linking multiple communications to or from a single user. The main principle behind Tor is that of routing internet traffic through mul- tiple hops

  12. How Tor works High Level 10 Onion Routing Proxies, Routers, Circuits, and Streams Involved Parties Yellow these are the onion routers comprising the Tor network Purple the onion proxy , run by the client to connect to the network Green my favourite destination or website, which doesn’t run Tor

  13. How Tor works High Level 10 Onion Routing Proxies, Routers, Circuits, and Streams Circuits and Streams 1 The purple proxy knows the yellow routers comprising the Tor network 2 It selects some routers for its blue circuit 3 It runs a TCP stream over the circuit to the destination

  14. How Tor works High Level 10 Onion Routing Proxies, Routers, Circuits, and Streams Principle Idea Each hop, or onion router, mixes all the traffic that goes through it Ideally, you are hiding amongst the masses: if there are enough users and honest routers, you are “safe”

  15. How Tor works High Level 11 Tor: The Second-Generation Onion Router Original design decisions Efficiency 1 Directory servers Describing known routers and their current state 2 Congestion control Detect and deal with traffic bottlenecks 3 Variable exit policies Routers advertise which destinations and ports it supports

  16. How Tor works High Level 11 Tor: The Second-Generation Onion Router Original design decisions Functional 1 Separation of “protocol cleaning” from anonymity You can use e.g. Privoxy for the “cleaning” instead 2 Rendezvous points and hidden services Enables anonymously hosted .onion websites 3 Many TCP streams can share one circuit Improves both efficiency and security

  17. How Tor works High Level 11 Tor: The Second-Generation Onion Router Original design decisions Security Related 1 No mixing, padding, or traffic shaping (yet) Traffic shaping or low-latency mixing that work are hard to come by 2 Perfect forward secrecy Compromising a router does not reveal anything related to past communication 3 Leaky-pipe circuit topology The exit node need not be the last one in a circuit 4 End-to-end integrity checking Prevents “external” tagging attacks

  18. How Tor works High Level 12 Tor: The Second-Generation Onion Router Protocol Design Cryptographic components Tor has four core protocols 1 Link protocol 2 Circuit Extend protocol 3 Relay protocol 4 Stream protocol Ignored non-cryptographic components How information about the network is distributed How onion proxies decide which circuits to build.

  19. How Tor works Low Level 13 Core Tor Specification Link Protocol (TLS) Link protocol Agree on Tor version/configuration Use TLS to establish secure OR-to-OR channels Establish a link from proxy to entry router

  20. How Tor works Low Level 13 Core Tor Specification Link Protocol (TLS) Link protocol Agree on Tor version/configuration Use TLS to establish secure OR-to-OR channels Establish a link from proxy to entry router

  21. How Tor works Low Level 14 Core Tor Specification Circuit Extend Protocol Circuit extend protocol Used by the onion proxy to create a circuit Uses a telescopic concept Results in the proxy sharing a key with each of its routers

  22. How Tor works Low Level 14 Core Tor Specification Circuit Extend Protocol Circuit extend protocol Used by the onion proxy to create a circuit Uses a telescopic concept Results in the proxy sharing a key with each of its routers

  23. How Tor works Low Level 14 Core Tor Specification Circuit Extend Protocol Circuit extend protocol Used by the onion proxy to create a circuit Uses a telescopic concept Results in the proxy sharing a key with each of its routers

  24. How Tor works Low Level 14 Core Tor Specification Circuit Extend Protocol Circuit extend protocol Used by the onion proxy to create a circuit Uses a telescopic concept Results in the proxy sharing a key with each of its routers

  25. How Tor works Low Level 14 Core Tor Specification Circuit Extend Protocol Circuit identifiers For any given circuit, a router only knows: 1 the key it shares with the anonymous proxy 2 the router preceding and following it on the circuit 3 an incoming and an outgoing circuit identifier

  26. How Tor works Low Level 15 Core Tor Specification Relay Protocol Cells are 514 bytes (v4+) Route CircID Circuit Identifier CMD Cell type (3 or 9) RELAY (3) or RELAY_EARLY

  27. How Tor works Low Level 15 Core Tor Specification Relay Protocol Payloads are 509 bytes (v4+) Encode CircID Circuit Identifier CMD Cell type Rec Recognised field (0x0000) Digest seeded running hash (truncated SHA-1) Used for e2e authentication

  28. How Tor works Low Level 15 Core Tor Specification Relay Protocol Encrypt Repeated CTR mode in AES Should provide confidentiality unlinkability

  29. How Tor works Low Level 15 Core Tor Specification Relay Protocol Cell Decryption Performed by Onion Routers 1 Use CircID to identify circuit 2 Undo one AES-CTR layer 3 Check integrity: forward output message reject

  30. How Tor works Low Level 15 Core Tor Specification Relay Protocol Summary The core cryptographic component is authenticated encryption implemented by 1 encode (Rec and Digest) 2 encrypt (AES-CTR, repeated) Dodgy mode-of-operation for ordinary AE, but maybe ok here?

  31. How Tor works Low Level 16 Core Tor Specification Stream Protocol Stream Protocol Used to serve a TCP connection to host xyz.com Ideally uses https -connection between proxy and host

  32. Threats to Tor Traffic Analysis 17 Traffic Analysis Just a flavour Source: Chakravarty et al. / PAM 2014

  33. Threats to Tor Tagging Attacks 18 Tagging Attacks High Level Concept Aim of Tagging Attack Assume the adversary controls some onion routers. Goal is for OR1 and OR3 to link their circuits Similar to traffic correlation attacks, where linking is achieved by matching traffic patterns between input and output edges

  34. Threats to Tor Tagging Attacks 18 Tagging Attacks High Level Concept How to Tag 1 OR1 receives a legitimate cell from the proxy 2 OR1 processes then modifies the cell before forwarding to OR2 3 OR2 behaves honestly 4 OR3 detects and undoes OR1 ’s modification

  35. Threats to Tor Tagging Attacks 19 Tagging Attacks Low Level Details How to tag 1 OR1 receives a legitimate cell from the proxy 2 OR1 processes then modifies the cell before forwarding to OR2 3 OR2 behaves honestly 4 OR3 detects and undoes OR1 ’s modification The adversary can confirm whether two edges belong to the same circuit.

  36. Threats to Tor Tagging Attacks 19 Tagging Attacks Low Level Details How to tag 1 OR1 receives a legitimate cell from the proxy 2 OR1 flips a bit in a cell and forwards it over. 3 OR2 behaves honestly 4 OR3 flips that bit back and tests if decryption succeeds. Attack works as CTR mode is malleable

Recommend

Untagging Tor: A Formal Treatment of Onion Encryption Jean Paul Degabriele Martijn Stam 1

Untagging Tor: A Formal Treatment of Onion Encryption Jean Paul Degabriele Martijn Stam 1

Untagging Tor: A Formal Treatment of Onion Encryption Jean Paul Degabriele Martijn Stam 1 Outline of this talk Overview of Tor Tagging Attacks and Their Severity Modelling Onion Encryption Tor Proposal 261 and Security Analysis

731 views • 21 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Make-up Lab: Osmosis in an Onion Cell This microscope slide is of red onion cells sitting in

Make-up Lab: Osmosis in an Onion Cell This microscope slide is of red onion cells sitting in

Make-up Lab: Osmosis in an Onion Cell This microscope slide is of red onion cells sitting in a bath of distilled water. It is viewed at medium power (100x). Draw these cells in the first circle on your lab paper. Label the cell walls

391 views • 4 slides
Tor: The Onion Router 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router

Tor: The Onion Router 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router

Tor: The Onion Router 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13 Tor: The Onion Router www.cbc.ca 2 / 13

376 views • 15 slides
(and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161

(and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161

CS161 Computer Security Weaver and Popa (and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161 Computer Security Weaver and Popa Tor actually encompasses many di ff erent components The Tor

599 views • 46 slides
Shear-induced onion formation of complex bilayer lamellar phase Nagaoka University of Technology

Shear-induced onion formation of complex bilayer lamellar phase Nagaoka University of Technology

Shear-induced onion formation of complex bilayer lamellar phase Nagaoka University of Technology S. Fujii Shear induced onion phase Cylinder L Onion Buckled L SDS / Dodecane / Pentanol / Water System O. Diat, D. Roux, F. Nallet,

697 views • 17 slides
The First All Natural Onion Topping Made with 100% Real Onions Just the Facts Maam ONION

The First All Natural Onion Topping Made with 100% Real Onions Just the Facts Maam ONION

The First All Natural Onion Topping Made with 100% Real Onions Just the Facts Maam ONION CRUNCH. is the only ALL NATURAL crispy crunch topping in America. Made from 100% real onions they are peeled, washed, cut and battered. Then we use

390 views • 9 slides
http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion

http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion

http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion http://expyuzz4wqqyqhjn.onion 3wcwjjnuvjyazeza.onion 3wcwjjnu vjyazeza 3wcwjjnuvjyazeza.onion 3wcwjjnu vjyazeza 3wcwjjnuvjyazeza.onion 3wcwjjnu

457 views • 34 slides
Tesco Walkers Tesco Finest Co-op Irresistible Cheese & Onion Cheese & Onion Cheese

Tesco Walkers Tesco Finest Co-op Irresistible Cheese & Onion Cheese & Onion Cheese

Tesco Walkers Tesco Finest Co-op Irresistible Cheese & Onion Cheese & Onion Cheese & Onion Cheese & Onion 0.85 1.00 1.65 1.76 150g 150g 150g 150g 100g = 57p 100g = 67p 100g = 1.10 100g = 1.17

533 views • 9 slides
guard sets for onion routing Jamie Hayes - joint work with George Danezis University College

guard sets for onion routing Jamie Hayes - joint work with George Danezis University College

guard sets for onion routing Jamie Hayes - joint work with George Danezis University College London j.hayes@cs.ucl.ac.uk why does tor exist? Encryption conceals the data - not the metadata. Tor attempts to hide this metadata by

682 views • 36 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 18ss 1 / 36 Outline Introduction Trust architecture Protocols Attacks

663 views • 45 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 16ss 1 / 38 Outline Introduction Trust architecture Protocols Attacks

879 views • 47 slides
The Art, Science, and Craft of Nutrition & Flavor Profitable Onion Production While

The Art, Science, and Craft of Nutrition & Flavor Profitable Onion Production While

8/11/2017 The Art, Science, and Craft of Nutrition & Flavor Profitable Onion Production While considered by some a commodity onions are a kitchen staple in many cultures and demand for local production, while clearly not matching the

276 views • 6 slides
Improving Onion Notation Richard Clayton

Improving Onion Notation Richard Clayton

Improving Onion Notation Richard Clayton Why does notation matter? In signs one observes an advantage

523 views • 23 slides
Safeguarding Your Information The Onion Take a layered-approach to protecting your information

Safeguarding Your Information The Onion Take a layered-approach to protecting your information

Safeguarding Your Information The Onion Take a layered-approach to protecting your information Know what fraud and scams looks like Opt-out of sharing your information Protect how its accessed Limit what can happen if it is

414 views • 10 slides
Borexino detector overview Graded shielding (onion structure) Situated in LNGS, 3400 mwe

Borexino detector overview Graded shielding (onion structure) Situated in LNGS, 3400 mwe

Borexino: from solar to source s (and geo!) IPA 2013 (Madison, WI, USA) David Bravo Berguo (Virginia Tech) May 12th, 2013 on behalf of the Borexino collaboration Borexino detector overview Graded shielding (onion structure)

824 views • 34 slides
Onion Pi Turning a Raspberry Pi into a Tor Access Point Disclaimer Any opinions presented in

Onion Pi Turning a Raspberry Pi into a Tor Access Point Disclaimer Any opinions presented in

Onion Pi Turning a Raspberry Pi into a Tor Access Point Disclaimer Any opinions presented in this talk by the presenter do not in any way represent an official endorsement of these opinions by Freeside Technology Spaces, Inc., nor is intended

418 views • 8 slides
How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson , Laura Roberts,

How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson , Laura Roberts,

How Do Tor Users Interact With Onion Services? Philipp Winter, Annie Edmundson , Laura Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster USENIX Security Symposium 15 August 2018 1 Tor is a Decentralized Anonymity Network The

1.43k views • 61 slides
Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication Paul Syverson

Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication Paul Syverson

Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication Paul Syverson a U.S. Naval Research Laboratory f joint work with Griffin Boyce Open Internet Tools Project IEEE Web 2.0 Security and

540 views • 35 slides
Satire Humor Presentation By: Elayna Parkhust Major Influence: The Onion I told you the

Satire Humor Presentation By: Elayna Parkhust Major Influence: The Onion I told you the

Satire Humor Presentation By: Elayna Parkhust Major Influence: The Onion I told you the couches were a fire hazard, says fire marshall after dousing them in gasoline. Student is confident in their ability to fit 500,025,600 minutes of

586 views • 10 slides
ANDaNA: Onion Routing for NDN Steve DiBenedetto Colorado State University ANDaNA: Anonymous

ANDaNA: Onion Routing for NDN Steve DiBenedetto Colorado State University ANDaNA: Anonymous

ANDaNA: Onion Routing for NDN Steve DiBenedetto Colorado State University ANDaNA: Anonymous Named Data Networking Application NDSS 12 Steven DiBenedetto, Paolo Gasti, Gene Tsudik, Ersin Uzun Information Linkage & Leakage I:

820 views • 52 slides
Snow Valley Nordic Ski Club Onion Lake Ski trails located halfway between Terrace and Kitimat BC

Snow Valley Nordic Ski Club Onion Lake Ski trails located halfway between Terrace and Kitimat BC

Snow Valley Nordic Ski Club Onion Lake Ski trails located halfway between Terrace and Kitimat BC http://snowvalleynordics.com Grooming Equipment Renewal The project to replace our aging Piston Bulley 200 was started in 2011. Replaced in

426 views • 27 slides
Peeling Google Public DNS Onion ANALYZING CACHE COHERENCY AND LOCALITY OF GOOGLE PUBLIC DNS

Peeling Google Public DNS Onion ANALYZING CACHE COHERENCY AND LOCALITY OF GOOGLE PUBLIC DNS

Research Project 1 Peeling Google Public DNS Onion ANALYZING CACHE COHERENCY AND LOCALITY OF GOOGLE PUBLIC DNS Tarcan Turgut & Rohprimardho Under supervision of Roland M. van Rijswijk-Deij from SURFnet 4 February 2015 Research Questions

282 views • 24 slides
Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hbner PETs PhD course

Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hbner PETs PhD course

Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hbner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28 (10), October 1985 Who paid for the Dinner (anonymously)? (I) n Equal

857 views • 37 slides

More recommend