Tor, a quick overview Linus Nordberg <linus@torproject.org> The Tor Project https://torproject.org/ 1
What is Tor ● Online anonymity: 1. software, 2. network, 3. protocol ● Open source, freely available ● Community of researchers, developers, users and relay operators ● Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch and more 2
The Tor Project, Inc. ● 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy 3
Estimated 400,000 daily tor users 4
Anonymity serves different interests for different user groups Anonymity? “It's privacy” Private citizens 5
Anonymity serves different interests for different user groups Businesses Anonymity? “It's network security” “It's privacy” Private citizens 6
Anonymity serves different interests for different user groups “It's traffic-analysis resistance!” Businesses Anonymity? Governments “It's network security” “It's privacy” Private citizens 7
Anonymity serves different interests for different user groups “It's reachability!” Blocked “It's traffic-analysis users resistance!” Businesses Anonymity? Governments “It's network security” “It's privacy” Private citizens 8
Encryption alone doesn't protect against traffic-analysis Alice Bob 9
Regular citizens don't want to be watched and tracked Web serarch Vårdguiden.se Netdoktor.se Sick Alice 10
Regular citizens don't want to be watched and tracked Web services 8-year-old Alice 11
Regular citizens don't want to be watched and tracked Blog site Blogger Alice 12
Regular citizens don't want to be watched and tracked Web search Vårdguiden.se Employed Netdoktor.se Alice 13
Regular citizens don't want to be watched and tracked Amazon.com Cdon.se Bokus.com Consumer Prisjakt.nu Alice Pricerunner.se 14
Business need to keep trade secrets Competitor Alice Corp 15
Business need to keep trade secrets Web search Alice Corp Suppliers Customers Media 16
Law enforcement needs anonymity to get the job done Police Alice Suspected Bob 17
Law enforcement needs anonymity to get the job done Police Alice Bob, selling illegal drugs 18
Law enforcement needs anonymity to get the job done Police Alice Bob Corleone 19
Law enforcement needs anonymity to get the job done Witness Alice Police tip line 20
Law enforcement needs anonymity to get the job done Online news Internet shops Alice with Web forums protected identity 21
Governments need anonymity for their security Ambassador Foreign ministry Alice abroad at home 22
Governments need anonymity for their security Agent Alice Defence agency 23
Journalists and their sources need Tor for their personal safety Alice the Bob the source journalist 24
Journalists and their sources need Tor for their personal safety Alice the Suspicious journalisten company 25
Journalists and their sources need Tor for their personal safety Filtered Censored web site Alice 26
Journalists and their sources need Tor for their personal safety Surveiled Alice the web site dissident 27
The simpler systems use only one relay E(Bob3,“X”) Alice1 “Y” Bob1 “Z” E(Bob1, “Y”) Relay ) “X” ” Z Alice2 “ , Bob2 2 b o B ( E Alice3 Bob3 (For example relax.se, dold.se and ipredator.se) 28
The simpler systems put all the eggs in the same basket E(Bob3,“X”) Alice1 “Y” Bob1 “Z” E(Bob1, “Y”) ) “X” ” Z Alice2 “ , Bob2 2 b o B ( E Alice3 Bob3 29
A single relay is also an attractive target E(Bob3,“X”) Alice1 “Y” Bob1 “Z” E(Bob1, “Y”) Relay ) “X” ” Z Alice2 “ , Bob2 2 b o B ( E Alice3 Bob3 Trafic and timing analysis will reveal which Alice is 30 talking to which Bob.
So, add multiple relays so that no single one can betray Alice Alice Bob R1 R3 R5 R4 R2 31
A corrupt first hop can tell that Alice is talking, but not to whom Alice Bob R1 R3 R5 R4 R2 32
A corrupt final hop can tell that somebody is talking to Bob, but not who Alice Bob R1 R3 R5 R4 R2 33
The first hop is protected by three layers of encryption, then each hop peels off one layer, onion routing Bob1 Alice R1 R3 Bob2 R5 R4 R2 34
35
36
37
Recommend
More recommend
