the tor project inc
play

The Tor Project, Inc. Our mission is to be the global resource for - PowerPoint PPT Presentation

Aug 14, 2023 •163 likes •881 views

The Tor Project, Inc. Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention. 1 What is Tor? Online anonymity

  1. The Tor Project, Inc. Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention. 1

  2. What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, Knight Foundation, ... 2

  3. The Tor Project, Inc. U.S. 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy 3

  4. Estimated ~800,000? daily Tor users 4

  5. Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 5

  6. Anonymity isn't encryption: Encryption just protects contents. “Hi, Bob!” “Hi, Bob!” <gibberish> Alice attacker Bob 6

  7. Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 7

  8. Anonymity serves different interests for different user groups. Anonymity Private citizens “It's privacy!” 8

  9. Anonymity serves different interests for different user groups. Businesses Anonymity “It's network security!” Private citizens “It's privacy!” 9

  10. Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Businesses Governments Anonymity “It's network security!” Private citizens “It's privacy!” 10

  11. Anonymity serves different interests for different user groups. “It's reachability!” Human rights “It's traffic-analysis activists resistance!” Businesses Governments Anonymity “It's network security!” Private citizens “It's privacy!” 11

  12. The simplest designs use a single relay to hide connections. Bob1 Alice1 E(Bob3,“X”) “Y” Relay Alice2 “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 (example: some commercial proxy providers) 12

  13. But a single relay (or eavesdropper!) is a single point of failure. Bob1 Alice1 E(Bob3,“X”) “Y” Evil Alice2 Relay “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 13

  14. ... or a single point of bypass. Bob1 Alice1 E(Bob3,“X”) “Y” Irrelevant Alice2 Relay “Z” Bob2 E(Bob1, “Y”) ) “X” ” Z “ , 2 b o B ( E Bob3 Alice3 Timing analysis bridges all connections ⇒ An attractive fat target through relay 14

  15. So, add multiple relays so that no single one can betray Alice. Bob Alice R1 R3 R5 R4 R2 15

  16. Alice makes a session key with R1 ...And then tunnels to R2...and to R3 Bob Alice R1 R3 Bob2 R5 R4 R2 16

  17. 17

  18. 18

  19. 19

  20. Tor Controller Interface ● stem ● pytorctl ● jtorctl ● txtorcon 20

  21. Tor specs 21

  22. freehaven.net/anonbib/ 22

  23. Tor network simulators ● Shadow ● ExperimenTor ● Chutney ● Puppetor 23

  24. 24

  25. 25

  26. 26

  27. Attackers can block users from connecting to the Tor network 1) By blocking the directory authorities 2) By blocking all the relay IP addresses in the directory, or the addresses of other Tor services 3) By filtering based on Tor's network fingerprint 4) By preventing users from finding the Tor software (usually by blocking website) 27

  28. Relay versus Discovery There are two pieces to all these “proxying” schemes: a relay component: building circuits, sending traffic over them, getting the crypto right a discovery component: learning what relays are available 28

  29. Alice Alice Alice Blocked Alice Alice User R3 Alice Blocked R4 Bob User Alice Alice R2 Blocked User Alice R1 Alice Blocked Alice User Alice Blocked Alice User Alice Alice 29

  30. 30

  31. 31

  32. 32

  33. 33

  34. 34

  35. 35

  36. 36

  37. 37

  38. 38

  39. 39

  40. 40

  41. 41

  42. 42

  43. What we're up against Govt firewalls used to be stateless. Now they're buying fancier hardware. Burma vs Iran vs China New filtering techniques spread by commercial (American) companies :( 43

  44. 44

  45. 45

  46. Modularity 46

  47. Pluggable transports ● Flashproxy (Stanford), websocket ● FTEProxy (Portland St), http via regex ● Stegotorus (SRI/CMU), http ● Skypemorph (Waterloo), Skype video ● uProxy (Google), webrtc ● Lantern (BNS), social network based ● ScrambleSuit (Karlstad), obfs-based ● Telex (Michigan/Waterloo), traffic divert 47

  48. Tor's safety comes from diversity ● #1: Diversity of relays. The more relays we have and the more diverse they are, the fewer attackers are in a position to do traffic confirmation. (Research problem: measuring diversity over time) ● #2: Diversity of users and reasons to use it. 50000 users in Iran means almost all of them are normal citizens. 48

  49. Tor's anonymity comes from... ● The first 100,000 users (user diversity) ● The last 1,000,000 users (end-to-end correlation resistance) ● The first 1,000 relays (location diversity) 49

  50. Only a piece of the puzzle Assume the users aren't attacked by their hardware and software No spyware installed, no cameras watching their screens, etc Users can fetch a genuine copy of Tor? 50

  51. 51

  52. 52

  53. “Still the King of high secure, low latency Internet Anonymity” Contenders for the throne: ● None 53

  54. NSA/GCHQ programs that affect Tor ● Quick Ant (QFD), Quantum Insert, Foxacid ● Quantum for cookie tests (good thing we moved away from Torbutton's “toggle”) ● Remember, they can do these things even more easily to non-Tor users ● At least they can't target specific Tor users (until they identify themselves) ● “Don't worry, we never attack Americans” (!) 54

  55. Perception ● DoJ's aborted study finding 3% bad content on the Tor network ● How do you compare one Snowden leak to ten true reviews on Yelp? ● BBC's Silk Road articles telling people how to buy drugs safely 55

  56. 56

  57. 57

  58. 58

  59. High-profile hidden services The media has promoted a few hot topics: ● WikiLeaks (~2010) ● Farmer's market (pre-2013) ● Freedom Hosting (2013) ● Silk Road (2013) There are many more (eg: many GlobaLeaks deployments, etc) which aren't well known by the media (yet). 59

  60. So what should Tor's role in the world be? ● Can't be solely technical (anymore, if it ever could have been) ● But technical is what we're best at (at least, historically) ● Remember how important diversity of users is 60

  61. Three ways to destroy Tor ● 1) Legal / policy attacks ● 2) Make ISPs hate hosting exit relays ● 3) Make services hate Tor connections – Yelp, Wikipedia, Google, Skype, … 61

  62. 62

  63. Botnet ● Some jerk in the Ukraine signed up 5 million bots as Tor clients (not relays) ● Our scalability work paid off! ● Good thing it wasn't malicious. ● Ultimately it didn't work: everybody noticed, and Microsoft has been cleaning up the bots 63

  64. Number of daily Tor users 64

  65. So what's next? ● “Tor: endorsed by Egyptian activists, Wikileaks, NSA, GCHQ, Chelsea Manning, Snowden, ...” ● Different communities like Tor for different reasons. 65

  66. 66

  67. Tor Browser Bundle 3.x ● Deterministic Builds ● “Tor launcher” extension, no Vidalia ● Asks if you want bridges first ● Local homepage, so much faster startup ● Security slider (for e.g. JavaScript) ● Privacy fixes, e.g. font enumeration 67

  68. 68

  69. Orbot 69

  70. Tails LiveCD 70

  71. “Core” Tor tasks ● Core Tor (specs, design, hidden services) ● Tor Browser Bundle, deterministic builds ● Metrics and measurements ● Bridges and pluggable transports ● Helping the research community ● Outreach and education 71

Recommend

Project Project Project Evolution of project Structured Collaborative Project Unstructured

Project Project Project Evolution of project Structured Collaborative Project Unstructured

Alain Fournier Presentation: Project Management Tools for Increasing Project Success! Alain is a Project and Portfolio Management Solutions Executive with Microsoft Canada specializing in Cloud Productivity Solutions Have over 20 years of

428 views • 21 slides
evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A

evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A

Effective post project evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A successful project? Agenda for today Who are LCMB? The context for post project evaluation The project lifecycle Post project

476 views • 32 slides
BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title:

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title:

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title: Business Process Re-engineering and functional toolkit for GDPR compliance Contract number: 787149 Funded under the H2020 call DS-08-2017

421 views • 22 slides
HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT

HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT

HHS // IHS HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT Modernization Project is sponsored by the U.S. Department of Health and Human Services Office of the Chief Technology Officer (HHS OCTO)

712 views • 13 slides
NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization

NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization

2 nd Annual Rural Community Development Initiative Capacity Building and Wood Utilization Workshop NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization Major Milestones Accomplishments

631 views • 12 slides
2013 Project Excellence Awards Project Requirements In-house design project Project

2013 Project Excellence Awards Project Requirements In-house design project Project

2013 Project Excellence Awards Project Requirements In-house design project Project constructed or near completion Judging Criteria Unique design considerations Constructability Post-construction performance Stakeholder

682 views • 29 slides
This project goes under eight different steps. This project goes under eight different steps.

This project goes under eight different steps. This project goes under eight different steps.

This project goes under eight different steps. This project goes under eight different steps. Chapter One: The first step is about narrating some facts, by which my project and research were based on. Egypt is located in north east africa,

690 views • 46 slides
Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE

Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE

Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE Drainage Alternatives 6. Project Benefits 7. Open Forum 8. Adjourn Project Location Project Background ASCG Inc. completed a Project Development

321 views • 15 slides
Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project

Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project

Minimum Spanning Data Structures and Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project 4 Assigned Today - Same partners as project 3 - We will re-run project 3 grading on project 4, just like the

704 views • 59 slides
Presentation Agenda Project History/Background Project Overview Current Project Status

Presentation Agenda Project History/Background Project Overview Current Project Status

Presentation Agenda Project History/Background Project Overview Current Project Status Project Opportunities 1 1 Pre-Solicitation Conference June 2018 www.newnicebridge.com 2 Welcome and Introductions Project Team MDTA

776 views • 38 slides
1 We will begin with some background information on the project. We will then talk about why we

1 We will begin with some background information on the project. We will then talk about why we

Welcome. My name is Mark Frechette. I am the project director for the New York State Department of Transportations (NYSDOT) I 81 Viaduct Project. Thank you for being here tonight. The project team has been working hard and we are excited to

548 views • 39 slides
I-84 Danbury Project Project Advisory Committee (PAC) Meeting No. 3 September 24, 2019 0

I-84 Danbury Project Project Advisory Committee (PAC) Meeting No. 3 September 24, 2019 0

I-84 Danbury Project Project Advisory Committee (PAC) Meeting No. 3 September 24, 2019 0 Agenda PAC Membership and Recap of Outreach Efforts Perspective Gathering Exercise Project Need Project Need Check-in Project Purpose

940 views • 54 slides
PROJECT INFORMATION SESSION May 14, 2020 TOPICS TO COVER Project Purpose Project

PROJECT INFORMATION SESSION May 14, 2020 TOPICS TO COVER Project Purpose Project

WETLAND &amp; RIPARIAN INVENTORIES FOR UGB EXPANSION AREAS PROJECT INFORMATION SESSION May 14, 2020 TOPICS TO COVER Project Purpose Project Approach Who is Involved What is Needed to Make it Happen How the Project Will

581 views • 46 slides
ORMONDE MINING BARRUECOPARDO TUNGSTEN PROJECT Project Permitted Project Funded Project

ORMONDE MINING BARRUECOPARDO TUNGSTEN PROJECT Project Permitted Project Funded Project

ORMONDE MINING BARRUECOPARDO TUNGSTEN PROJECT Project Permitted Project Funded Project Upside Mar 2017 1 ORMONDE MINING Disclaimer The content of this document has not been approved by an authorised person within the meaning of the

712 views • 21 slides
Unit 10 The World of Project Management and The Role of Project Manager The Role of Project

Unit 10 The World of Project Management and The Role of Project Manager The Role of Project

Unit 10 The World of Project Management and The Role of Project Manager The Role of Project Manager Source: Project Management in Practice, 4th Edition, Mantel, Meredith, Shafer, Sutton, Wiley, 2011. Project Management: A Systems Approach to

712 views • 32 slides
Project Management Project Management A project is a temporary endeavour to produce a unique

Project Management Project Management A project is a temporary endeavour to produce a unique

Project Management Project Management A project is a temporary endeavour to produce a unique product, service, or result (PMI 2004). Project management (PM) techniques were originally developed Dr. James A. Bednar for waterfall-type

226 views • 4 slides
Project manager Dr Francesca Bampa Project administrator This project has received funding from

Project manager Dr Francesca Bampa Project administrator This project has received funding from

Prof Rachel Creamer Project Coordinator Prof Rogier Schulte Project manager Dr Francesca Bampa Project administrator This project has received funding from the European Unions Horizon 2020 research and innovation programme under grant

136 views • 11 slides
The ICARUS Project The ICARUS Project The ICARUS Project The ICARUS Project A. Bueno

The ICARUS Project The ICARUS Project The ICARUS Project The ICARUS Project A. Bueno

The ICARUS Project The ICARUS Project The ICARUS Project The ICARUS Project A. Bueno University of Granada XXIst International Conference on Neutrino Physics and Astrophysics NEUTRINO 2004 The ICARUS Collaboration The ICARUS Collaboration

384 views • 19 slides
h t t p : / / w w w . e u m e d g r i d . o r g The project in brief The EUMEDGRID project

h t t p : / / w w w . e u m e d g r i d . o r g The project in brief The EUMEDGRID project

h t t p : / / w w w . e u m e d g r i d . o r g The project in brief The EUMEDGRID project aims to assist the participation of the researchers of the Meditirranean Region to enter an extended European Research Area (ERA) Start date:

252 views • 4 slides
Unpacking the Major Design Project Project Proposal &amp; Project Management Some basics! The

Unpacking the Major Design Project Project Proposal &amp; Project Management Some basics! The

Unpacking the Major Design Project Project Proposal &amp; Project Management Some basics! The Board of Studies Teaching and Educational Standards NSW (BOSTES) has specifjed that the folio for the MDP must contain the following: Project

550 views • 42 slides
Project management Project Management A project is a temporary endeavour to produce a unique

Project management Project Management A project is a temporary endeavour to produce a unique

Project management Project Management A project is a temporary endeavour to produce a unique product, service, or result (PMI 2004). Project management (PM) techniques were originally developed Dr. James A. Bednar for engineering

222 views • 5 slides
Unit 5 The World of Project Management and The Role of Project Manager Source: Project

Unit 5 The World of Project Management and The Role of Project Manager Source: Project

Unit 5 The World of Project Management and The Role of Project Manager Source: Project Management in Practice, 5th Edition, Mantel, Meredith, Shafer, Sutton, Wiley, 2014. Project Management: A Systems Approach to Planning, Scheduling, and

860 views • 48 slides
IDN Variant Issues Project (VIP) Project Update and Next

IDN Variant Issues Project (VIP) Project Update and Next

IDN Variant Issues Project (VIP) Project Update and Next Steps ccNSO mee4ng on 13 March 2012 Why this project Long-standing request from a number of IDN user

604 views • 21 slides
The Royal London Longstayers Project Project lead: Rikke Albert Project team: Shona McDonald,

The Royal London Longstayers Project Project lead: Rikke Albert Project team: Shona McDonald,

The Royal London Longstayers Project Project lead: Rikke Albert Project team: Shona McDonald, Hannah Osborne &amp; Dr Rosie Smyth Project sponsor: Dr Jan Falkowski Background Why we chose the project The long stay patients are at

247 views • 8 slides

More recommend