Aaron Johnson U.S. Naval Research Laboratory aaron.m.johnson@nrl.navy.mil - PowerPoint PPT Presentation

aaron johnson u s naval research laboratory aaron m johnson@nrl navy mil n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Aaron Johnson U.S. Naval Research Laboratory aaron.m.johnson@nrl.navy.mil PowerPoint Presentation
Download Presentation
Aaron Johnson U.S. Naval Research Laboratory aaron.m.johnson@nrl.navy.mil

play fullscreen
1 / 75
Aaron Johnson U.S. Naval Research Laboratory aaron.m.johnson@nrl.navy.mil
158 Views
Download Presentation
ashton
Download Presentation

Aaron Johnson U.S. Naval Research Laboratory aaron.m.johnson@nrl.navy.mil

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Aaron JohnsonU.S. Naval Research Laboratoryaaron.m.johnson@nrl.navy.mil CSci 6545 George Washington University 11/18/2013

  2. Overview

  3. What is Tor? Tor is a system for anonymous communication and censorship circumvention.

  4. What is Tor? Tor is based on onion routing. Users Onion Routers Destinations

  5. What is Tor? Users Onion Routers Destinations Tor is based on onion routing.

  6. What is Tor? Users Onion Routers Destinations Tor is based on onion routing.

  7. What is Tor? Users Onion Routers Destinations Tor is based on onion routing.

  8. What is Tor? Tor is based on onion routing. Unencrypted Users Onion Routers Destinations

  9. Motivation

  10. Why Tor? • Individuals avoiding censorship • Individuals avoiding surveillance • Journalists protecting themselves or sources • Law enforcement during investigations • Intelligence analysts for gathering data

  11. Why Tor? • Over 500000 daily users • Over 4000 relays in over 80 countries • 2.4GiB/s aggregate traffic

  12. Tor History 1996: “Hiding Routing Information” by David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Information Hiding: First International Workshop. 1997: "Anonymous Connections and Onion Routing," Paul F. Syverson, David M. Goldschlag, and Michael G. Reed. IEEE Security & Privacy Symposium. 1998: Distributed network of 13 nodes at NRL, NRAD, and UMD. 2000: “Towards an Analysis of Onion Routing Security” by Paul Syverson, Gene Tsudik, Michael Reed, and Carl Landweh r. Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability. 2003: Tor network is deployed (12 US nodes, 1 German), and Tor code is released by Roger Dingledine and Nick Mathewson under the free and open MIT license. 2004: “Tor: The Second-Generation Onion Router” by Roger Dingledine, Nick Mathewson, and Paul Syverson. USENIX Security Symposium. 2006: The Tor Project, Inc. incorporated as a non-profit.

  13. Tor Today • Funding levels at $1-2 million (current and former funders include DARPA, NSF, US State Dept., SIDA, BBG, Knight Foundation, Omidyar Network, EFF) • The Tor Project, Inc. employs a small team for software development, research, funding management, community outreach, and user support • Much bandwidth, research, development, and outreach still contributed by third parties

  14. Other anonymous communication designs and systems • Single-hop anonymous proxies: anonymizer.com, anonymouse.org • Dining Cryptographers network: Dissent, Herbivore • Mix networks: MixMinion, MixMaster, BitLaundry • Onion routing: Crowds, Java Anon Proxy, I2P, Aqua, PipeNet, Freedom • Others: Anonymous buses, XOR trees,

  15. Security Model

  16. Threat Model Adversary is local and active.

  17. Threat Model Adversary is local and active. Not global

  18. Threat Model Adversary is local and active. • Adversary may run relays

  19. Threat Model Adversary is local and active. • Adversary may run relays • Destination may be malicious

  20. Threat Model Adversary is local and active. • Adversary may run relays • Destination may be malicious • Adversary may observe some ISPs

  21. Security Definitions • Identity is primarily IP address but can include other identifying information • Sender anonymity: Connection initiator cannot be determined • Receiver anonymity: Connection recipient cannot be determined • Unobservability: It cannot be determined who is using the system.

  22. Design

  23. General Tor Functionality • Provides connection-oriented bidirectional communication • Only makes TCP connections • Provides standard SOCKS interface to applications • Provides application-specific software for some popular applications (e.g. HTTP)

  24. Tor Protocols • Exit circuits (anonymity wrt all but sender) • Hidden services (anonymity wrt all) • Censorship circumvention (unobservability)

  25. Tor Protocols • Exit circuits (anonymity wrt all but sender) • Hidden services (anonymity wrt all) • Censorship circumvention (unobservability)

  26. Exit Circuits

  27. Exit Circuits Client learns about relays from a directory server.

  28. Centralized, point of failure Exit Circuits Client learns about relays from a directory server.

  29. Exit Circuits • Client learns about relays from a directory server. • Clients begin all circuits with a selected guard.

  30. Exit Circuits Only guards directly observe client • Client learns about relays from a directory server. • Clients begin all circuits with a selected guard.

  31. Exit Circuits • Client learns about relays from a directory server. • Clients begin all circuits with a selected guard. • Relays define individual exit policies.

  32. Exit Circuits • Client learns about relays from a directory server. • Clients begin all circuits with a selected guard. • Relays define individual exit policies. • Clients multiplex streams over a circuit.

  33. Exit Circuits Different streams on circuit can be linked. • Client learns about relays from a directory server. • Clients begin all circuits with a selected guard. • Relays define individual exit policies. • Clients multiplex streams over a circuit.

  34. Exit Circuits • Client learns about relays from a directory server. • Clients begin all circuits with a selected guard. • Relays define individual exit policies. • Clients multiplex streams over a circuit. • New circuits replace existing ones periodically.

  35. Exit Circuits Circuits creation protects anonymity with respect to all but sender • Client learns about relays from a directory server. • Clients begin all circuits with a selected guard. • Relays define individual exit policies. • Clients multiplex streams over a circuit. • New circuits replace existing ones periodically.

  36. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi u 1 2 3 13

  37. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi [0,CREATE, gx1] u 1 2 3 • CREATE/CREATED 13

  38. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi u 1 2 3 [0,CREATED,gy1] • CREATE/CREATED 13

  39. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi u 1 2 3 • CREATE/CREATED 13

  40. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi [0,{[EXTEND,2, gx2]}s1] u 1 2 3 • CREATE/CREATED • EXTEND/EXTENDED 14

  41. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi [l1,CREATE, gx2] u 1 2 3 • CREATE/CREATED • EXTEND/EXTENDED 14

  42. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi u 1 2 3 [l1,CREATED, gy2] • CREATE/CREATED • EXTEND/EXTENDED 14

  43. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi u 1 2 3 [0,{EXTENDED}s1] • CREATE/CREATED • EXTEND/EXTENDED 14

  44. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi [0,{{[EXTEND,3,gx3]}s2}s1] u 1 2 3 • CREATE/CREATED • EXTEND/EXTENDED • [Repeat with layer of encryption] 15

  45. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi [l1,{[EXTEND,3,gx3]}s2] u 1 2 3 • CREATE/CREATED • EXTEND/EXTENDED • [Repeat with layer of encryption] 15

  46. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi [l2,CREATE,gx3] u 1 2 3 • CREATE/CREATED • EXTEND/EXTENDED • [Repeat with layer of encryption] 15

  47. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi u 1 2 3 [l2,CREATED,gy3] • CREATE/CREATED • EXTEND/EXTENDED • [Repeat with layer of encryption] 15

  48. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi u 1 2 3 [l1,{EXTENDED,gy3}s2] • CREATE/CREATED • EXTEND/EXTENDED • [Repeat with layer of encryption] 15

  49. Creating a Circuit {m}si: Encrypted using the DH session key gxiyi u 1 2 3 [0,{{EXTENDED,gy3}s2}s1] • CREATE/CREATED • EXTEND/EXTENDED • [Repeat with layer of encryption] 15

  50. Tor Protocols • Exit circuits (anonymity wrt all but sender) • Hidden services (anonymity wrt all) • Censorship circumvention (unobservability)