presenter luhua ye student id 218 47 181 mar 23 2010 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Tor: The Second-Generation Onion Router PowerPoint Presentation
Download Presentation
Tor: The Second-Generation Onion Router

Loading in 2 Seconds...

play fullscreen
1 / 48

Tor: The Second-Generation Onion Router - PowerPoint PPT Presentation


  • 1247 Views
  • Uploaded on

Presenter: Luhua Ye Student ID: 218-47-181 Mar 23, 2010 Tor: The Second-Generation Onion Router Problem Internet censorship around the world. Internet surveillance like traffic analysis reveals users privacy.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Tor: The Second-Generation Onion Router' - ostinmannual


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
problem
Problem
  • Internet censorship around the world.
  • Internet surveillance like traffic analysis reveals users privacy.
  • Encryption does not work, since packet headers still reveals a great deal about users.
    • Source IP and destination IP.
    • IP packet size, sending and receiving timing.
consequence
Consequence
  • Violation of the user’s privacy, security, and freedom on the Internet.
a solution
A solution

Tor – The Onion Router

  • Protect privacy and security on the Internet by keeping anonymity of user.
  • Allows users to bypass Internet censorship through its volunteer-based distributed infrastructure.
what is tor
What is Tor?
  • A free software implementation of second-generation onion routing.
  • A distributed anonymous communication service that allows people and groups to improve their privacy and security on the Internet.
  • A network of multi-hop proxies.
    • Communication is encrypted in multiple layers and routed via multiple hops through the Tor network to the final receiver.
tor vs one hop proxies
Tor VS. One-hop proxies
  • Commercial one-hop proxies: Hotspot Shield, Anonymizer, Anonymouse

Client

Server

Proxy provider

Client

Server

tor vs one hop proxies7
Tor VS. One-hop proxies
  • Tor

Tor Relay

Tor Relay

Tor Relay

Server

Client

Tor Relay

Tor Relay

Tor Relay

Client

Server

Tor Relay

Tor Relay

Tor Relay

background
Background
  • Originally sponsored by the US Naval Research Laboratory
  • From 2004 to 2006 was supported by EFF(Electronic Frontier Foundation)
  • Tor software is now developed by the Tor Project, which since December 2006 is a 501(c)(3) research/education non-profit organization that receives a diverse base of financial support.
  • Tor is an open source software released under BSD license.
tor on client side
Tor on Client Side

App

Privoxy/ polipo

Tor

HTTP

SOCKS

App

SOCKS

App

Linux, BSD or OSX

TCP

TCP+address

tor on client side features
Tor on Client Side - Features
  • Tor runs as a normal user-level process and does not require OS kernel patches or network stack support.
  • Tor only works for TCP streams and can be used by any application with SOCKS support.
  • Tor uses the standard SOCKS proxy which support most TCP-based programs without modification.
  • Tor now relies on the filtering features of privacy-enhancing application-level proxies such as Privoxy and Polipo, thus no need to build proxies for every application.
tor on client side tor bundle
Tor on Client Side - Tor Bundle

A typical tor installation Bundle includes:

  • Tor: command line interface.
  • Vidalia: GUI for tor. (built using Qt framwork)
  • Polipo: a web proxy.
  • Torbutton: Firefox add-on.
tor on client side vidalia13
Tor on Client Side - Vidalia

From here we can see tor supported applications:

  • Websites
  • IM
  • SSL
  • IRC
  • POP, IMAP
  • Other (TCP)
how tor works
How Tor Works?
  • Get address list from centralized directory server
  • Tor nodes are connected via TLS(ssl).

Image courtesy https://www.torproject.org

how tor works15
How Tor Works?
  • Clients build circuits through a network of decrypting relays.
  • One circuit can be used to relay multiple TCP streams.

Image courtesy https://www.torproject.org

how tor works16
How Tor Works?
  • Entry node changed every ten minutes if needed
  • Alice can run as a tor node to benefit others.

Image courtesy https://www.torproject.org

onion routing
Onion Routing
  • Onion routing is a technique for anonymous communication over a computer network.
  • Messages are repeatedly encrypted and then sent through several network nodes called onion routers. 
  • Each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. 
onion routing example onion
Onion Routing - Example “Onion"
  • Routing onions are multiply encrypted data structure used to create paths through which many messages can be transmitted
  • AES. 

Image courtesy http://en.wikipedia.org/wiki/File:Onion_diagram.svg

tor design
Tor Design
  • Onion Routers (OR) route traffic
  • Onion Proxy (OP) fetches directories and creates virtual circuits on the network on behalf of users.
  • Overlay network on the user level
  • Uses TCP with TLS
tor design cells
Tor Design - Cells
  • It’s similar to cells in ATM
  • All data is sent in fixed size (bytes) cells
    • Control cells: are interpreted by node
    • Relay cells: carry end-to-end stream data.
  • Control cell commands:
    • Padding, create, destroy

From “Tor: The Second-Generation Onion Router” by Dingledine, Mathewson, Syverson

tor design circuits and streams
Tor Design – Circuits and Streams
  • Circuits describes the Onion Routers on the path.
  • Circuit is built incrementally
    • A use’s OP negotiates a symmetric key with each OR on the circuit, one hop a time.
  • Peers communicate with relay cells after the circuit is established.
  • The initiator sends a destroy control cell to tear down a circuit.
  • Each circuit can be shared by many TCP streams.
circuits setup
Circuits - Setup

Image courtesy http://www.torproject.org/documentation.html.en

circuits setup25
Circuits - Setup

Image courtesy http://www.torproject.org/documentation.html.en

circuits setup26
Circuits - Setup

Image courtesy http://www.torproject.org/documentation.html.en

circuits usage
Circuits - Usage

Image courtesy http://www.torproject.org/documentation.html.en

some features
Some Features
  • Perfect forward secrecy
  • Many TCP streams can share one circuit
  • Congestion control
    • Circuit-level throttling
    • Stream-level throttling
some features directory servers
Some Features - Directory Servers
  • Maintain list of which onion routers are up, their locations, current keys, exit policies, etc.
  • Directory server keys ship with the code
  • Control which nodes can join network
  • These directories are cached and served by other servers, to reduce bottlenecks
  • Need to decentralize, get humans out of the loop, without letting attackers sign up too much nodes.
some features directory servers31
Some Features - Directory Servers
  • Filtering programs (may ran by government, ISP or website administrators) look for unencrypted Tor directory requests to recognize that someone is using Tor, but Tor version 0.2.0.23-rc and later use encrypted directory queries by default. This change means that most filtering programs are now unable to recognize Tor connections. 
some features bridge relays
Some Features - Bridge relays
  • Are non-public Tor relays that aren't listed in the main Tor directory
  • Since there is no complete public list of them, even if your ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges
china blocking tor
China Blocking Tor

From https://blog.torproject.org/blog/china-blocking-tor-round-two

china blocking tor35
China Blocking Tor

From https://blog.torproject.org/blog/china-blocking-tor-round-two

some features bridge relays36
Some Features - Bridge relays
  • Example:

bridge 141.201.27.48:443 4352e58420e68f5e40bf7c74faddccd9d1349413

IP address port fingerprint (optional)

some features hidden service
Some Features - Hidden Service
  • Location-hidden services allow User to offer a TCP service without revealing his IP address.
  • hidden services are accessed through Tor-specific .onion pseudo top-level domain (TLD), or pseudomain
weakness 1
Weakness 1
  • DNS leaks

DNS

Tor

“Where is aaa.com”

“1.2.3.4”

App

SOCKS

Get “1.2.3.4”

weakness 141
Weakness 1
  • New solution for DNS leaks:
    • Tor acts as a DNS server

DNS

“Where is aaa.com”

Tor

“1.2.3.4”

App

SOCKS

Get “1.2.3.4”

weakness 2
Weakness 2
  • Traffic analysis
    • Tor is vulnerable to traffic analysis from observers who can watch both ends of a user's connection
    • Observer can correlate traffic patterns and link the sender and receiver.
weakness 3
Weakness 3
  • Eavesdropping by exit nodes
    • Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server
    • Malicious exit node can observe traffic, send the wrong page, or even send embedded Java applets disguised as trusted domains.
weaknesses 4
Weaknesses 4
  • Tor is slow
    •  Traffic is bouncing through volunteers' computers in various parts of the world, and some bottlenecks and network latency will always be present. 
    • The current Tor network is quite small compared to the number of people trying to use it, and Tor can't currently handle file-sharing traffic load
relays in the tor network
Relays in the Tor network

From http://metrics.torproject.org/graphs.html

reference
Reference
  • http://en.wikipedia.org/wiki/Tor_(anonymity_network)
  • https://www.torproject.org/documentation.html.en
  • Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The Second-Generation Onion Router. May 2004. <https://svn.torproject.org/svn/projects/design-paper/tor-design.html>
  • http://en.wikipedia.org/wiki/Onion_routing
  • https://blog.torproject.org/