TOR AND ATTACKS ON TOR CONT. Lecture 13a€¦ · TOR AND ATTACKS ON TOR CONT. Lecture 13a COMPSCI...
Transcript of TOR AND ATTACKS ON TOR CONT. Lecture 13a€¦ · TOR AND ATTACKS ON TOR CONT. Lecture 13a COMPSCI...
Slide title
In CAPITALS
50 pt
Slide subtitle
32 pt
Muhammad Rizwan Asghar
August 20, 2019
TOR AND ATTACKS ON TOR CONT.
Lecture 13a
COMPSCI 316
Cyber Security
Source of most slides: Northeastern University, USA
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
2
FOCUS OF THIS LECTURE
Understand TOR
Learn how TOR works
Discuss attacks on TOR
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
3
GUARD RELAYS
Guard relays help prevent attackers from becoming the
first relay
– TOR selects 3 guard relays and uses them for 3 months
– After 3 months, 3 new guards are selected
Only certain relays may become guards
– Have long and consistent uptimes
– Have high bandwidth
– Relay requirements:
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
4
EXIT RELAYS
Relays must self-elect to be exit nodes
The traffic trace leads to the exist node
– In case someone does something malicious or illegal using
TOR
Recommendation: Do not run from home
Ideal exit relay operators are affiliated with some
institution
– E.g., a university or a library
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
5
HIDDEN SERVICES
TOR is good at hiding the source of traffic
– However, the destination is often an exposed website
What if we want to run an anonymous service?
– E.g., a website, where nobody knows the IP address?
TOR supports Hidden Services
– Allows you to run a server and have people connect
– Without disclosing IP address
Many hidden services
– TOR Mail
– DuckDuckGo
– WikiLeaks
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
6
HIDDEN SERVICES IN ACTION
Hidden service sets up introduction points
A client gets introduction points from HSDIR
The client sets up a rendezvous point
Hidden
Service
Introduction
Points
Rendezvous
Point
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
7
HIDDEN SERVICES IN ACTION
The client sends rendezvous cookie to the introduction point,
which is encrypted using service public key
The hidden service connects to the rendezvous point
Hidden
Service
Introduction
Points
Rendezvous
Point
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
8
PERFECT FORWARD SECRECY
In traditional mix networks, all traffic is encrypted using
public/private key pairs
What happens if a private key is stolen?
– All future traffic can be observed and decrypted
– If past traffic has been logged, it can also be decrypted
TOR implements perfect forward secrecy
– The client negotiates a new public key pair with each relay
TOR supports DH key exchange
– To set up a session key
Ephemeral keys are not stored
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
9
TOR BRIDGES
Anyone can look up the IP addresses of TOR relays
– Public information in the consensus file
Many countries block traffic to these IPs
Solution: TOR Bridges
– Essentially, TOR proxies that are not publicly known
– Used to connect clients in censored areas to the rest of the
TOR network
TOR maintains bridges in many countries
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
10
OBFUSCATING TOR TRAFFIC
Bridges alone may be insufficient to get around all
types of censorship
– Deep Packet Inspection (DPI) can be used to locate and
drop TOR frames
TOR adopts a pluggable transport design
TOR traffic is forwarded to an obfuscation program
Obfuscator transforms the TOR traffic to look like other
protocols
– E.g., HTTP, BitTorrent, streaming audio, etc.
Deobfuscator on the receiver side extracts the TOR
data from the encoding
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
11
SAMPLE QUESTION
Which one of the following is a FALSE
statement?
a) TOR implements Perfect Forward Secrecy
b) TOR introduces cover traffic
c) TOR provides sender and receiver anonymity
d) TOR is a low-latency solution
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
12
SAMPLE QUESTION: ANSWER
Which one of the following is a FALSE
statement?
a) TOR implements Perfect Forward Secrecy
b) TOR introduces cover traffic
c) TOR provides sender and receiver anonymity
d) TOR is a low-latency solution
Answer) b
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
13
SUMMARY
TOR is a low-latency solution for offering
anonymous communication
No perfect anonymity but achievable in practice
Hidden services are used for anonymous
services
TOR implements perfect forward secrecy
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
14
RESOURCES
TOR Overview, available at:
https://2019.www.torproject.org/about/overview.html.en
TOR Documentation, available at:
https://2019.www.torproject.org/docs/documentation.ht
ml.en
Dingledine, Roger, Nick Mathewson, and Paul
Syverson. Tor: The second-generation onion router.
Naval Research Lab Washington DC, 2004, available
at: https://apps.dtic.mil/dtic/tr/fulltext/u2/a465464.pdf
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
15
Questions?
Thanks for your attention!