Upload
fgsn2932
View
219
Download
0
Embed Size (px)
Citation preview
8/3/2019 2012 01 17 FBI Presentation
1/62
FBI Tor Overview
Andrew [email protected]
January 17, 2012
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 1 / 28
http://goforward/http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
2/62
What are we talking about?
Crash course on anonymous communications
Quick overview of Tor
Quick overview of Tor Hidden Services
Future directions
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 2 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
3/62
The Tor Project, Inc.
501(c)(3) non-profit organization dedicated to the research and
development of technologies for online anonymity and privacy
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 3 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
4/62
What is anonymity?
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 4 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
5/62
Anonymity isnt cryptography
Cryptography protects the contents in transit
You still know who is talking to whom, how often, and how muchdata is sent.
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 5 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
6/62
Anonymity isnt steganography
Attacker can tell Alice is talking to someone, how often, and how muchdata is sent.
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 6 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
7/62
Anonymity isnt just wishful thinking...
You cant prove it was me!
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 7 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
8/62
Anonymity isnt just wishful thinking...
You cant prove it was me!
Promise you wont look
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 7 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
9/62
Anonymity isnt just wishful thinking...
You cant prove it was me!
Promise you wont look
Promise you wont remember
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 7 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
10/62
Anonymity isnt just wishful thinking...
You cant prove it was me!
Promise you wont look
Promise you wont remember
Promise you wont tell
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 7 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
11/62
Anonymity isnt just wishful thinking...
You cant prove it was me!
Promise you wont look
Promise you wont remember
Promise you wont tell
I didnt write my name on it!
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 7 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
12/62
Anonymity isnt just wishful thinking...
You cant prove it was me!
Promise you wont look
Promise you wont remember
Promise you wont tell
I didnt write my name on it!
Isnt the Internet already anonymous?
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 7 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
13/62
..since weak isnt anonymity.
You cant prove it was me! Proof is a very strong word. Statisticalanalysis allows suspicion to become certainty.
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 8 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
14/62
..since weak isnt anonymity.
You cant prove it was me! Proof is a very strong word. Statisticalanalysis allows suspicion to become certainty.
Promise you wont look/remember/tell Will other parties have theabilities and incentives to keep these promises?
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 8 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
15/62
..since weak isnt anonymity.
You cant prove it was me! Proof is a very strong word. Statisticalanalysis allows suspicion to become certainty.
Promise you wont look/remember/tell Will other parties have theabilities and incentives to keep these promises?
I didnt write my name on it! Not what were talking about.
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 8 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
16/62
..since weak isnt anonymity.
You cant prove it was me! Proof is a very strong word. Statisticalanalysis allows suspicion to become certainty.
Promise you wont look/remember/tell Will other parties have theabilities and incentives to keep these promises?
I didnt write my name on it! Not what were talking about.
Isnt the Internet already anonymous? Nope!
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 8 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
17/62
Anonymous communication
People have to hide in a crowd of other people (anonymity lovescompany)
The goal of the system is to make all users look as similar as possible,
to give a bigger crowdHide who is communicating with whom
Layered encryption and random delays hide correlation between inputtraffic and output traffic
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 9 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
18/62
Low versus High-latency anonymous communication
systems
Tor is not the first system; ZKS, mixmaster, single-hop proxies,Crowds, Java Anon Proxy.
Low-latency systems are vulnerable to end-to-end correlation attacks.
High-latency systems are more resistant to end-to-end correlationattacks, but by definition, less interactive.
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 10 / 28
L l ll i
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
19/62
Low-latency systems are generally more attractive to
todays user
Interactive apps: web, instant messaging, VOIP, ssh, X11, cifs/nfs,video streaming (millions of users)
Multi-hour delays: email, nntp, blog posting? (tens of thousands ofusers?)
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 11 / 28
L l ll i
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
20/62
Low-latency systems are generally more attractive to
todays user
Interactive apps: web, instant messaging, VOIP, ssh, X11, cifs/nfs,video streaming (millions of users)
Multi-hour delays: email, nntp, blog posting? (tens of thousands ofusers?)
And if anonymity loves company...
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 11 / 28
Wh t i T ?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
21/62
What is Tor?
online anonymity software and network
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 12 / 28
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
22/62
Wh t is T ?
8/3/2019 2012 01 17 FBI Presentation
23/62
What is Tor?
online anonymity software and networkopen source, freely available (3-clause BSD license)
active research environment:Drexel, Univ of Waterloo, Georgia Tech, Princeton, Boston University,
University College London, Univ of Minnesota, National ScienceFoundation, Naval Research Labs, Cambridge UK, Bamberg Germany,MIT...
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 12 / 28
What is Tor?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
24/62
What is Tor?
online anonymity software and networkopen source, freely available (3-clause BSD license)
active research environment:Drexel, Univ of Waterloo, Georgia Tech, Princeton, Boston University,
University College London, Univ of Minnesota, National ScienceFoundation, Naval Research Labs, Cambridge UK, Bamberg Germany,MIT...
increasingly diverse toolset:Tor, Tor Browser Bundle, Tails LiveCD, Tor Weather, Tor
auto-responder, Secure Updater, Orbot, Torora, Tor Check, Arm,Nymble, Tor Control, and so on.
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 12 / 28
Other Systems
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
25/62
Other Systems
VPN - Virtual Private Network, 1 to 1 connection, can redirect alltraffic, generally encrypted
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 13 / 28
Other Systems
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
26/62
Other Systems
VPN - Virtual Private Network, 1 to 1 connection, can redirect alltraffic, generally encrypted
Proxy - 1 to 1 connection, per application traffic redirection,sometimes encrypted
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 13 / 28
Other Systems
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
27/62
Other Systems
VPN - Virtual Private Network, 1 to 1 connection, can redirect alltraffic, generally encrypted
Proxy - 1 to 1 connection, per application traffic redirection,sometimes encrypted
I2P - Garlic routing, closed network, anonymity and reputation
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 13 / 28
Other Systems
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
28/62
Other Systems
VPN - Virtual Private Network, 1 to 1 connection, can redirect alltraffic, generally encrypted
Proxy - 1 to 1 connection, per application traffic redirection,sometimes encrypted
I2P - Garlic routing, closed network, anonymity and reputation
Freenet - closed network, anonymity, distributed file storage andsharing
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 13 / 28
Other Systems
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
29/62
Other Systems
VPN - Virtual Private Network, 1 to 1 connection, can redirect alltraffic, generally encrypted
Proxy - 1 to 1 connection, per application traffic redirection,sometimes encrypted
I2P - Garlic routing, closed network, anonymity and reputation
Freenet - closed network, anonymity, distributed file storage andsharing
GNUnet - closed network, anonymity, distributed file storage and
sharing
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 13 / 28
How is Tor different from other systems?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
30/62
How is Tor different from other systems?
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 14 / 28
How is Tor different from other systems?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
31/62
How is Tor different from other systems?
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 14 / 28
How is Tor different from other systems?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
32/62
How is Tor different from other systems?
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 14 / 28
Who uses Tor?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
33/62
Normal people
LawEnforcement
Human RightsActivists
Business Execs
Militaries
Abuse Victims
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 15 / 28
Who uses Tor?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
34/62
Normal userslinking sensitive information to their current identities, onlineadvertising networks, search engines, censorship circumvention
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 16 / 28
Who uses Tor?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
35/62
Law enforcementaccidental disclosure to targets, family and friend concerns, separatingwork from home life
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 16 / 28
Who uses Tor?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
36/62
Rights Activists
Personal safety, family safety, narrowly-defined publicity, censorshipcircumvention
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 16 / 28
Who uses Tor?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
37/62
Business Execsseparating work from home life, competitor research, censorshipcircumvention
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 16 / 28
Who uses Tor?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
38/62
Abuse Victims and Survivorscomplete separation of past abuse and current life, finding help andsafety, need to help others anonymously
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 16 / 28
Who uses Tor?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
39/62
Militariesintelligence gathering, separating work from home life, other activities
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 16 / 28
You missed a use case
http://goback/http://find/http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
40/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 17 / 28
estimated 400k to 800k daily users
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
41/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 18 / 28
Tor hides communication patterns by relaying data through
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
42/62
volunteer servers
Tor Node
Tor Node
Tor Node
Tor Node
Tor NodeTor Node
Tor Node
Tor Node
Tor Network
Web server
Tor user
Diagram: Robert Watson
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 19 / 28
Tor hides communication patterns by relaying data through
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
43/62
volunteer servers
Tor Node
Tor Node
Tor Node
Tor Node
Tor NodeTor Node
Tor Node
Tor Node
Tor Network
Web server
Tor user
Tor Node
Tor Node
Tor Node
Exit node
Entry node
Middle node
Diagram: Robert Watson
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 19 / 28
Tor hides communication patterns by relaying data through
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
44/62
volunteer servers
Tor Node
Tor Node
Tor Node
Tor Node
Tor NodeTor Node
Tor Node
Tor Node
Tor Network
Web server
Tor user
Encrypted tunnel
Unencrypted TCP
Tor Node
Tor Node
Tor Node
Exit nodeEntry node Middle node
Diagram: Robert Watson
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 19 / 28
Tor hides communication patterns by relaying data through
l
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
45/62
volunteer servers
Diagram: Robert Watson
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 19 / 28
Vidalia Network Map
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
46/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 20 / 28
Metrics
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
47/62
Measuring metrics anonymously
NSF grant to find out
Archive of hourly consensus, ExoneraTor, VisiTorMetrics portal:https://metrics.torproject.org/
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 21 / 28
Tor hidden services allow privacy enhanced hosting of
i
https://metrics.torproject.org/https://metrics.torproject.org/http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
48/62
services
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 22 / 28
dot onion you say?
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
49/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 23 / 28
Hidden Services, in graphics
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
50/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 24 / 28
Hidden Services, in graphics
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
51/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 24 / 28
Hidden Services, in graphics
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
52/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 24 / 28
Hidden Services, in graphics
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
53/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 24 / 28
Hidden Services, in graphics
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
54/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 24 / 28
Hidden Services, in graphics
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
55/62
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 24 / 28
Operating Systems leak info like a sieve
http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
56/62
Applications, networkstacks, plugins, oh my....
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 25 / 28
http://www.decloak.net/http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
57/62
Operating Systems leak info like a sieve
8/3/2019 2012 01 17 FBI Presentation
58/62
Applications, networkstacks, plugins, oh my....some call this sharing
Did you know MicrosoftWord and OpenOfficeWriter are browsers?
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 25 / 28
Operating Systems leak info like a sieve
http://www.decloak.net/http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
59/62
Applications, networkstacks, plugins, oh my....some call this sharing
Did you know MicrosoftWord and OpenOfficeWriter are browsers?
www.decloak.net is afine test
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 25 / 28
http://www.decloak.net/http://www.decloak.net/http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
60/62
Next steps
8/3/2019 2012 01 17 FBI Presentation
61/62
Visit https://www.torproject.org/ for more information, links, andideas.
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 27 / 28
Credits & Thanks
https://www.torproject.org/https://www.torproject.org/http://find/http://goback/8/3/2019 2012 01 17 FBI Presentation
62/62
who uses tor?http://www.flickr.com/photos/mattw/2336507468/siz, MattWestervelt, CC-BY-SA.
danger!, http://flickr.com/photos/hmvh/58185411/sizes/o/,
hmvh, CC-BY-SA.
500k, http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/,Luka Skracic, used with permission.
Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 28 / 28
http://www.flickr.com/photos/mattw/2336507468/sizhttp://www.flickr.com/photos/mattw/2336507468/sizhttp://flickr.com/photos/hmvh/58185411/sizes/o/http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/http://flickr.com/photos/hmvh/58185411/sizes/o/http://www.flickr.com/photos/mattw/2336507468/sizhttp://find/http://goback/