tor update 2012
play

Tor update 2012 Roger Dingledine The Tor Project - PowerPoint PPT Presentation

Sep 14, 2023 •442 likes •1.04k views

Tor update 2012 Roger Dingledine The Tor Project https://torproject.org/ 1 Today's plan 0) Crash course on Tor 1) History of Tor censorship attempts 2) Attacks on low-latency anonymity 3) Tor performance issues 4) Next

  1. Tor update 2012 Roger Dingledine The Tor Project https://torproject.org/ 1

  2. Today's plan ● 0) Crash course on Tor ● 1) History of Tor censorship attempts ● 2) Attacks on low-latency anonymity ● 3) Tor performance issues ● 4) Next research questions 2

  3. Alice makes a session key with R1 ...And then tunnels to R2...and to R3 Bob Alice R1 R3 Bob2 R5 R4 R2 3

  4. Today's plan ● 0) Crash course on Tor ● 1) Recent censorship ● 2) Pluggable transport work ● 3) Simulations / Performance ● 4) Anonymity questions 4

  5. China starting in 2011 ● DPI for SSL handshakes that offer the Firefox 3 ciphersuite. Follow-up with Tor handshake, create a one-hop circuit, blacklist. ● Half of probes coming from a single IP ● The rest coming from dialup China IPs 5

  6. Tricks that work now in China ● Change your cipher suite (but 0xff!) ● Lower MSS during the SSL handshake ● Split SSL strings across TCP packets ● Drop first two SYNs ● They appear to be scanning with real Tor 0.2.2.x clients ● Philipp Winter's paper at FOCI '12 6

  7. Iran filters SSL (Feb 2012) ● They cut all SSL – so no gmail, no facebook, etc ● After a few days, they cut OpenVPN by DPI, blocked SOCKS handshakes, etc ● We deployed a trial Obfsproxy bundle, which got 5000+ users. 7

  8. 8

  9. 9

  10. 10

  11. 11

  12. 12

  13. 13

  14. 14

  15. 15

  16. What else we've been up to (1) ● Tor network up to almost 3000 relays ● Pluggable transport interface now tested, bugfixed, and deployed ● New “DisableNetwork” config option ● New “v3” connection handshake that doesn't use SSL renegotiation ● Abandoned the Torbutton toggle model (continue to maintain our Firefox fork) 16

  17. What else we've been up to (2) ● We have a Farsi blog now (Arabic soon) ● IPv6 bridges working (used in China) ● Isolate streams by domain/destination/ application rather than time interval ● Hired a new core developer! (Want to hire browser hacker, QA automation person, etc) ● Security analysis on Ultrasurf 17

  18. Today's plan ● 0) Crash course on Tor ● 1) Recent censorship ● 2) Pluggable transport work ● 3) Simulations / Performance ● 4) Anonymity questions 18

  19. Obfsproxy ● Doesn't deal with packet volume/timing (so look for frequent 586 byte packets) ● Each side sends random key, then E(MAC(key), magic, padlen, padding) ● So you can test a flow to see if it has the right format when you decrypt it (or DPI inside it) – just like you can recognize and unzip flows to DPI inside them ● Need some ECDHE approach 19

  20. Flashproxy ● The next transport I want to try deploying ● Paper published at PETS 2012 ● Reimplemented with Websockets, but still a few issues ● Currently the end user needs a public IP address ● Facilitator still centralized/blockable 20

  21. Skypemorph ● Tries to match Skype traffic in packet timing/volume (but assumes they're drawn from independent distributions) ● Sends at a fixed rate that's a function of network conditions ● Sends whether the user is clicking on something or not? 21

  22. Dust ● Designed for UDP, where the first packets exchange a key ● Brandon Wiley is also working on a Google Summer of Code 2012 project to developer a Python pluggable transport library 22

  23. Stegotorus ● Space efficiency overhead? ● Where do you get the covertexts from? ● Should you draw the covertexts from a distribution, or from a library of templates? 23

  24. Recent Tor design proposals ● Proposal 190: Authentication to bridge before it will talk Tor protocol ● Proposal 191: Authentication of bridge before client will authenticate to it ● Proposal 198: be more flexible about what ciphersuites we can advertise ● Proposal 199: Bridgefinder 24

  25. Putting the pieces together ● Pluggable transport of some kind ● Some scanning-resistance property for the bridges, e.g. “address knocking” design ● Address (or credential) distribution strategies ● Reachability testing to know whether to cycle the address ● Defend against protocol-level bridge enumeration 25

  26. Measuring bridge reachability ● Passive: 1) bridges track incoming connections by country ● 2) Clients self-report blockage (e.g. via some other bridge) ● Active: 1) direct scans ● 2) Measure remotely via FTP reflectors ● 3) Bridges test for duplex blocking 26

  27. Ways to find bridges (1) ● 1) Overwhelm the public address distribution strategies ● 2) Run a non-guard non-exit relay and look for connections from non-relays. ● 3) Run a guard relay and look for protocol differences ● 4) Run a guard relay and do timing analysis ● 5) Run a relay and probe clients as they connect to you 27

  28. Ways to find bridges (2) ● 6) Scan the Internet for things that talk Tor ● 7) Break into Tor Project infrastructure (or break the developers) ● 8) Watch the bridge authority do its reachability tests ● 9) Watch your border firewall and DPI for Tor flows ● 10) Zig-zag between bridges and users 28

  29. BridgeDB needs a feedback cycle ● Measure how much use each bridge sees ● Measure bridge blocking ● Then adapt bridge distribution to favor efficient distribution channels ● Need to invent new distribution channels ● Need more and changing bridge addresses 29

  30. Tradeoffs to consider ● Blank address space, or Apache “unconfigured” page? ● Logging to detect enumeration attacks, vs not logging to protect user privacy ● BridgeDB strategies (recaptcha, etc) ● Strategies for using address pools intelligently 30

  31. Today's plan ● 0) Crash course on Tor ● 1) Recent censorship ● 2) Pluggable transport work ● 3) Simulations / Performance ● 4) Anonymity questions 31

  32. Performance issues ● Get more capacity / scale better ● Load balancing (bw measurement) ● Flow control / round-trip latency ● Throttling / scheduling 32

  33. Capacity / scaling ● Incentives papers – Gold star design – Braids – Paul/Rob/Aaron's paper ● Everybody-a-relay ● The AES implementations in OpenSSL 1.0.1 are 10x faster than before 33

  34. Load balancing / measurement ● “Bandwidth authority” scripts (Should measure latency, socket exhaustion) ● EigenTor ● Congestion-aware path selection ● Recognize poor guard performance, switch? ● Give out Guard flag more freely (Tariq's paper. Entropy? Tradeoffs?) ● Raise the min threshold for the Fast flag? 34

  35. Flow control / round-trip latency ● N23 still worth exploring – Especially for slow client connections ● “Double door” effect from independent read and write rate limits ● Comparison of Tor datagram designs ● Optimistic data in begin cells 35

  36. 36

  37. 37

  38. 38

  39. Simulation work ● Upcoming CSET paper on comparing Shadow to ExperimenTor, and on realistic simulation parameters ● George Danezis and Ryan Henry both working on privacy-preserving measurement ● Still need to down-sample both the network and the client load ● Some bugs and mysteries remain 39

  40. Throttling / scheduling ● Ian and Can's EWMA paper for circuits ● Rob's “throttle at entry nodes” work ● Micah's too ● Nadia's student's “two conns” approach ● Refill token buckets 10/s, not 1/s ● Round-robin between each circuit, or between each TLS conn? 40

  41. Today's plan ● 0) Crash course on Tor ● 1) Recent censorship ● 2) Pluggable transport work ● 3) Simulations / Performance ● 4) Anonymity questions 41

  42. Operational attacks ● You need to use https – correctly. ● Don't use Flash. ● Who runs the relays? ● What local traces does Tor leave on the system? ● ...Different talk. 42

  43. Traffic confirmation ● If you can see the flow into Tor and the flow out of Tor, simple math lets you correlate them. ● Feamster's AS-level attack (2004), Edman's followup (2009), Murdoch's sampled traffic analysis attack (2007). 43

  44. Countermeasures? ● Defensive dropping (2004)? Adaptive padding (2006)? ● Traffic morphing (2009), Johnson (2010) ● Tagging attack, traffic watermarking 44

  45. Tor gives three anonymity properties ● #1 : A local network attacker can't learn, or influence, your destination. – Clearly useful for blocking resistance. ● #2 : No single router can link you to your destination. – The attacker can't sign up relays to trace users. ● #3 : The destination, or somebody watching it, can't learn your location. – So they can't reveal you; or treat you differently. 45

  46. Tor's safety comes from diversity ● #1: Diversity of relays. The more relays we have and the more diverse they, the fewer attackers are in a position to do traffic confirmation. ● #2: Diversity of users and reasons to use it. 60000 users in Iran means almost all of them are normal citizens. 46

  47. Website fingerprinting ● If you can see an SSL-encrypted link, you can guess what web page is inside it based on size. ● Does this attack work on Tor? Open- world vs closed-world analysis. ● Considering multiple pages (e.g. via hidden Markov models) would probably make the attack even more effective. 47

  48. Low-resource routing attacks ● Bauer et al (WPES 2009) ● Clients use the bandwidth as reported by the relay ● So you can sign up tiny relays, claim huge bandwidth, and get lots of traffic ● Fix is active measurement. 48

Recommend

Lower Fields Project Lower Fields Project Update - February 2, 2012 Update - February 2, 2012

Lower Fields Project Lower Fields Project Update - February 2, 2012 Update - February 2, 2012

Lower Fields Project Lower Fields Project Update - February 2, 2012 Update - February 2, 2012 Community Preservation Committee (CPC) Presentation done January 26, 2012 Conclusion: too many financial, political and legal

204 views • 8 slides
ECONOMIC UPDATE 2012 Nashville Area Chamber of Commerce Research and Information October 2012

ECONOMIC UPDATE 2012 Nashville Area Chamber of Commerce Research and Information October 2012

ECONOMIC UPDATE 2012 Nashville Area Chamber of Commerce Research and Information October 2012 ECONOMIC UPDATE 2012 Economic Overview Local Employment Future Trends ECONOMIC RECOVERY 8 6 4 2 0 2008 2009 2010 2011 2012 -2 -4 -6

833 views • 34 slides
2012 NAPSLO A T L A NT A , G A OVERVIEW AmRisc Update Market Conditions/Forecast

2012 NAPSLO A T L A NT A , G A OVERVIEW AmRisc Update Market Conditions/Forecast

10/15/2012 Catastrophe Underwriting Specialist 2012 NAPSLO A T L A NT A , G A OVERVIEW AmRisc Update Market Conditions/Forecast Elite Producer Statistics www.amrisc.com 1 10/15/2012 Update Overall Stats Capacity Providers

304 views • 8 slides
LC's Bibliographic Framework Initiative: An Update 28 November 2012 Kevin Ford Semantic Web in

LC's Bibliographic Framework Initiative: An Update 28 November 2012 Kevin Ford Semantic Web in

BIBFRAME Update LC's Bibliographic Framework Initiative: An Update 28 November 2012 Kevin Ford Semantic Web in Bibliotheken 2012 NDMSO, Library of Congress Cologne, Germany Email: kefo@loc.gov / Twitter: @3windmills BIBFRAME Update Outline

664 views • 39 slides
Kansas City Southern First Quarter 2012 Earnings Presentation April 24, 2012 Safe Harbor

Kansas City Southern First Quarter 2012 Earnings Presentation April 24, 2012 Safe Harbor

Update: On May 18, 2012, management presented at the Bank of America Merrill Lynch Global Transportation Conference. The materials presented at that conference update some of the information contained in these slides. Please review the

656 views • 38 slides
2012 GFVGA: Herbicide Update 2012 Weed Control Update 1. Recent labels 2. New labels 3. Near

2012 GFVGA: Herbicide Update 2012 Weed Control Update 1. Recent labels 2. New labels 3. Near

2012 GFVGA: Herbicide Update 2012 Weed Control Update 1. Recent labels 2. New labels 3. Near future labels LABELED OR NOT LABELED FOR GEORGIA! GFVGA Third Party Registrations 1. Labels are held by GFVGA. 2. Label must be in hand of user. 3.

633 views • 35 slides
EXPLORATION UPDATE May 2012 1 May 2012 OVERVIEW Focusing on the next phase in the

EXPLORATION UPDATE May 2012 1 May 2012 OVERVIEW Focusing on the next phase in the

EXPLORATION UPDATE May 2012 1 May 2012 OVERVIEW Focusing on the next phase in the development of Bauba Platinum as a Junior Platinum Exploration Company Progressing drilling programme and increasing the mineral resource base Solid

619 views • 22 slides
Annual results to 31 March 2012 17 May 2012 Update Sir Adrian Montague Chairman 2 Welcome

Annual results to 31 March 2012 17 May 2012 Update Sir Adrian Montague Chairman 2 Welcome

Annual results to 31 March 2012 17 May 2012 Update Sir Adrian Montague Chairman 2 Welcome Agenda for todays meeting Boards strategic priorities Adrian Montague Appointment of new CEO Adrian Montague Update on performance

460 views • 44 slides
Ofgem update to the ECSG 12 September 2012 Update on Ofgems work since the last ECSG

Ofgem update to the ECSG 12 September 2012 Update on Ofgems work since the last ECSG

Ofgem update to the ECSG 12 September 2012 Update on Ofgems work since the last ECSG RIIO ED1 The Competition Test Open Governance DG Forum Extension of Contestability to jointing to existing mains Out of

673 views • 10 slides
Banca Generali 1Q12 Results and business update Milan, 8 May 2012 Todays Agenda 1Q 2012

Banca Generali 1Q12 Results and business update Milan, 8 May 2012 Todays Agenda 1Q 2012

Banca Generali 1Q12 Results and business update Milan, 8 May 2012 Todays Agenda 1Q 2012 Results Net I nflows, AUM and recruiting 2012 Business Update Closing Remarks 2 Banca Generali 1Q 2012 Results and business update 1Q

493 views • 25 slides
Investor presentation Visual update June 2012 Summary of 2012 Planned Deliveries Projects

Investor presentation Visual update June 2012 Summary of 2012 Planned Deliveries Projects

Investor presentation Visual update June 2012 Summary of 2012 Planned Deliveries Projects scheduled for delivery in 2012 Project NSA, ths sqm 1 Etude 22.8 2 Prestige 21.4 3 Jubilee Estate 78A (buildings 2, 5) 96.2 5 Orbit

492 views • 21 slides
Banca Generali 1H12 Results and Business Update Milan, 25 July 2012 Todays Agenda 1H 2012

Banca Generali 1H12 Results and Business Update Milan, 25 July 2012 Todays Agenda 1H 2012

Banca Generali 1H12 Results and Business Update Milan, 25 July 2012 Todays Agenda 1H 2012 Results Net I nflows, AUM and Recruiting Business Update Closing Remarks 2 Banca Generali 1H 2012 Results and Business Update 1H 2012

410 views • 29 slides
Investment Adviser Update Adviser Update October 2012 2 Products Key Markets Scott currently

Investment Adviser Update Adviser Update October 2012 2 Products Key Markets Scott currently

Innovators in Automation Investment Adviser Update Adviser Update October 2012 2 Products Key Markets Scott currently operates in five market segments: Appliance Industrial Sample Preparation High Temperature Meat Processing Systems

331 views • 9 slides
2012 FEDERAL INCOME TAX UPDATE December 5, 2012 Keith A. Wood, Attorney, CPA Carruthers &

2012 FEDERAL INCOME TAX UPDATE December 5, 2012 Keith A. Wood, Attorney, CPA Carruthers &

2012 FEDERAL INCOME TAX UPDATE December 5, 2012 Keith A. Wood, Attorney, CPA Carruthers & Roth, P.A. 235 N. Edgeworth Street Post Office Box 540 Greensboro, North Carolina 27402 phone (336) 478-1185 fax (336) 478-1184 E-mail:

680 views • 55 slides
Draft SamTrans Service Plan: Board Update August 2012 Context Board Update on the SSP -

Draft SamTrans Service Plan: Board Update August 2012 Context Board Update on the SSP -

8/8/2012 Draft SamTrans Service Plan: Board Update August 2012 Context Board Update on the SSP - Context - Draft Service Plan recommendations - Public Outreach - Next Steps 2 1 8/8/2012 Context The Transit District is facing an

433 views • 15 slides
Co-Chair Update ITRC Spring Meeting Des Moines, Iow a April 18, 2012 2012 Achieving During

Co-Chair Update ITRC Spring Meeting Des Moines, Iow a April 18, 2012 2012 Achieving During

Co-Chair Update ITRC Spring Meeting Des Moines, Iow a April 18, 2012 2012 Achieving During Lean Times Four new projects starting with overwhelming membership interest Focus on implementation continues but with more volunteer

380 views • 14 slides
Conference April 18, 2012 Agenda New leadership N-DEx update ISS-related projects

Conference April 18, 2012 Agenda New leadership N-DEx update ISS-related projects

BCA Vendor Conference April 18, 2012 Agenda New leadership N-DEx update ISS-related projects update CJRS replacement initiative CCH replacement update Statute Service upgrade eCharging ESB services Contracts

1.02k views • 76 slides
747 Community Project Update July 2012 Agenda 747 Process Update Past Years

747 Community Project Update July 2012 Agenda 747 Process Update Past Years

747 Community Project Update July 2012 Agenda 747 Process Update Past Years Overview Achievements What to expect County Presentation Proposal Status Implementation Plan Q&A Community Lead Planning Effort

115 views • 9 slides
2012 CCS HEART FAILURE UPDATE ACC Rockies 2012 Anique Ducharme, MD, MSc Justin Ezekowitz, MD

2012 CCS HEART FAILURE UPDATE ACC Rockies 2012 Anique Ducharme, MD, MSc Justin Ezekowitz, MD

2012 CCS HEART FAILURE UPDATE ACC Rockies 2012 Anique Ducharme, MD, MSc Justin Ezekowitz, MD Who are you ? 1. Internists 2. General Cardiologists 3. Interventionists 4. Surgeon 5. Nurse 6. Industry 7. An insane skier looking

1.32k views • 109 slides
Preliminary Results and Strategy Update Results for the year ended 31 March 2012 14 June 2012

Preliminary Results and Strategy Update Results for the year ended 31 March 2012 14 June 2012

Preliminary Results and Strategy Update Results for the year ended 31 March 2012 14 June 2012 Agenda Overview and outlook Charles Dunstone, Chairman CPW Europe Roger Taylor, Chief Executive Officer Virgin Mobile France Geoffroy Roux de

669 views • 53 slides
PLT Meeting 6 September 12, 2012 1 Introduction to the Meeting Public Comment Update

PLT Meeting 6 September 12, 2012 1 Introduction to the Meeting Public Comment Update

PLT Meeting 6 September 12, 2012 1 Introduction to the Meeting Public Comment Update on Request for Statement of Technology Information (RFSOTI) Update on Technology Forum Update on Land Use & Station Criteria

247 views • 13 slides
Insurance Council of Australia Regulatory Update 2012 Commissioner Peter Kell 22 February 2012

Insurance Council of Australia Regulatory Update 2012 Commissioner Peter Kell 22 February 2012

Presentation to Insurance Council of Australia Regulatory Update 2012 Commissioner Peter Kell 22 February 2012 Introductory remarks ASICs strategic priorities: confident and informed investors and financial consumers fair

178 views • 5 slides
Plans Update Leadership Update June 2012 Rationale for Restructuring Program Simplify the

Plans Update Leadership Update June 2012 Rationale for Restructuring Program Simplify the

Voluntary Retirement Plans Update Leadership Update June 2012 Rationale for Restructuring Program Simplify the program to: - Better meet the needs of faculty and staff (only 16% currently participate) - Increase participation by making

502 views • 9 slides
CHAMPS 2012 Immunization Update with Iyabode A. Beysolow, M.D., M.P.H. National Center for

CHAMPS 2012 Immunization Update with Iyabode A. Beysolow, M.D., M.P.H. National Center for

CHAMPS 2012 Immunization Update with Iyabode A. Beysolow, M.D., M.P.H. National Center for Immunization and Respiratory Diseases Teleconference (HRSA Region VIII) July 25, 2012 7/19/2012 Disclosures Dr. Beysolow has no financial

1.11k views • 93 slides

More recommend