tor
play

TOR https://media.defcon.org/DEF%20CON%2025/DEF%20CON - PowerPoint PPT Presentation

Sep 13, 2023 •620 likes •970 views

TOR https://media.defcon.org/DEF%20CON%2025/DEF%20CON %2025%20presentations/DEFCON-25-Roger-Dingledine-Next- Generation-Tor-Onion-Services-UPDATED.pdf https://metrics.torproject.org/ https://compass.torproject.org/

  1. TOR https://media.defcon.org/DEF%20CON%2025/DEF%20CON %2025%20presentations/DEFCON-25-Roger-Dingledine-Next- Generation-Tor-Onion-Services-UPDATED.pdf https://metrics.torproject.org/ https://compass.torproject.org/ https://www.torproject.org/about/overview.html.en

  2. Threat Model Alice Anonymity Network Bob

  3. Anonymity serves different interests for different users • private citizens • privacy • businesses • network security • governments • traffic-analysis resistance • human rights activists • reachability

  4. Simple design Joey Y Ross E(X,Chandler) X E(Y,Ross) Chandler Phoebe Relay E(Z,Monica) Z Monica Rachel

  5. Single Point of Failure Joey Y Ross E(X,Chandler) EVIL X E(Y,Ross) Chandler Phoebe RELAY E(Z,Monica) Z Monica Rachel

  9. Question • In the last example, let’s say Jane is a local business’ website run completely over http. • If Alice entered in her username/password into the website, which users along the circuit could read her password?

  10. Usage Statistics Directly connecting users 3 000 000 2 000 000 1 000 000 0 Jul − 2017 Oct − 2017 The Tor Project − https://metrics.torproject.org/

  11. Network Size Number of relays 6000 4000 Relays Bridges 2000 0 Jul − 2017 Oct − 2017 The Tor Project − https://metrics.torproject.org/

  12. Types of Relays Number of relays with relay flags assigned 6000 Relay flags Running 4000 Exit Fast Guard Stable 2000 0 Jul − 2017 Oct − 2017 The Tor Project − https://metrics.torproject.org/

  13. Bandwidth Total relay bandwidth Advertised bandwidth Bandwidth history 200 Bandwidth (Gbit/s) 150 100 50 0 2010 2011 2012 2013 2014 2015 2016 2017 2018 The Tor Project − https://metrics.torproject.org/

  14. Anonymity vs Security • Anonymity: safety in numbers • diversity in users • diversity in relays • Security: safety in heterogeneity

  15. Anonymity vs Security • Open source • Public design documents • Design peer reviewed

  16. Onion Services • Authenticated • End-to-end encryption • Limit surface area • No need to “exit” from TOR • No need for anybody to know where it is or who runs it

  22. 29

  23. 30

  30. Onion keys are getting bigger • From 16 characters: • the first 80 bits of the SHA-1 of the 1024 RSA key • … to 52 characters: • ED25519 public key base32 encoded

Recommend

More recommend