Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
inside your onion
Jose-Paul Dominguez – timideconcat [first :: String, “.”, last :: String, “@e.ujf-grenoble.fr”]
securimag
March 10, 2016
1 / 19
Briefly
“The Second-Generation Onion Router”paper by Roger Dingledine, Nick Mathewson, Paul Syverson
Usenix Security 2004awarded at Usenix Security 2014
2 / 19
Key actors
Figure: Roger DingledineImage: Wikipedia / Tobias Klenze / CC-BY-SA 3.0
3 / 19
Key actors
Figure: Jacob AppelbaumImage: Wikipedia / Tobias Klenze / CC-BY-SA 3.0
3 / 19
Key actors
Many others:
I Nick Mathewson
I Paul Syverson
I https://www.torproject.org/about/corepeople.html
3 / 19
Basically
I anonymity system
I decentralized
I free in code, free to use
4 / 19
“Features”
I user anonymization
I hidden services
5 / 19
Anonymous? You don’t say.
At least improve you privacy and security on the Internet:
I hide you behind a node which will execute requests for you
I hide you from this very node
I without being in control of these
Using one node:
Client Proxy Server
Client message Proxy Server
Client 3 3 3 3
Proxy 3 3 3 3
Server 7 3 3 3
6 / 19
Anonymous? You don’t say.
At least improve you privacy and security on the Internet:
I hide you behind a node which will execute requests for you
I hide you from this very node
I without being in control of these
Using one node:
Client Proxy Server
Client message Proxy Server
Client 3 3 3 3
Proxy 3 3 3 3
Server 7 3 3 3
6 / 19
Anonymous? You don’t say.
At least improve you privacy and security on the Internet:
I hide you behind a node which will execute requests for you
I hide you from this very node
I without being in control of these
Using one node:
Client Proxy Server
Client message Proxy Server
Client 3 3 3 3
Proxy 3 3 3 3
Server 7 3 3 3
6 / 19
Let’s see with 2 nodes
Client R1 R2 Server
Client message R1 R2 Server
Client – 3 3 3 3
R1 3 7 – 3 7
R2 7 3 3 – 3
Server 7 3 7 3 –
This pattern becomes interesting but what if an entity is in controlof R1 and/or R2?
7 / 19
Let’s see with 2 nodes
Client R1 R2 Server
Client message R1 R2 Server
Client – 3 3 3 3
R1 3 7 – 3 7
R2 7 3 3 – 3
Server 7 3 7 3 –
This pattern becomes interesting but what if an entity is in controlof R1 and/or R2?
7 / 19
Let’s see with 2 nodes
Client R1 R2 Server
Client message R1 R2 Server
Client – 3 3 3 3
R1 3 7 – 3 7
R2 7 3 3 – 3
Server 7 3 7 3 –
This pattern becomes interesting but what if an entity is in controlof R1 and/or R2?
7 / 19
Key exchange and layered encryptionClient R1 R2 R3 Server
key exchange: K1
key exchange: K2
key exchange: K3
EK1( EK2
( EK3( request ) ) )
EK2( EK3
( request ) )
EK3( request )
request
response
EK3( response )
EK2( EK3
( response ) )
EK1( EK2
( EK3( response ) ) )
8 / 19
Key exchange and layered encryptionClient R1 R2 R3 Server
key exchange: K1
key exchange: K2
key exchange: K3
EK1( EK2
( EK3( request ) ) )
EK2( EK3
( request ) )
EK3( request )
request
response
EK3( response )
EK2( EK3
( response ) )
EK1( EK2
( EK3( response ) ) )
8 / 19
Key exchange and layered encryptionClient R1 R2 R3 Server
key exchange: K1
key exchange: K2
key exchange: K3
EK1( EK2
( EK3( request ) ) )
EK2( EK3
( request ) )
EK3( request )
request
response
EK3( response )
EK2( EK3
( response ) )
EK1( EK2
( EK3( response ) ) )
8 / 19
Network overview
9 / 19
Network overview
9 / 19
Terminology
I R1: entry relay / guard node
I R2: relay
I R3: exit relay
I (R1, R2, R3): path
I family: common organization, group
10 / 19
How the hell find a path?
Directory Authorities:
I hardcoded
I maintain a list of running relays
I publish a consensus once per hour containing Tor relays
I assign flags to relays
I client path: entry guard, relay and exit node of differentfamilies
11 / 19
How the hell find a path?
Directory Authorities:
I hardcodedI currently 10 DA hardcodedI defined in src/or/config.c1:
static const char ∗ default authorities []
I maintain a list of running relays
I publish a consensus once per hour containing Tor relays
I assign flags to relays
I client path: entry guard, relay and exit node of differentfamilies
1https://gitweb.torproject.org/tor.git/tree/src/or/config.c11 / 19
How the hell find a path?
Directory Authorities:
I hardcoded
I maintain a list of running relays
I publish a consensus once per hour containing Tor relaysI assign flags to relays1
I RunningI position: {Guard, Exit, BadExit}I etc.
I client path: entry guard, relay and exit node of differentfamilies
1https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt11 / 19
How the hell find a path?
Directory Authorities:
I hardcoded
I maintain a list of running relays
I publish a consensus once per hour containing Tor relays
I assign flags to relaysI client path: entry guard, relay and exit node of different
familiesI kept while TCP stream is up: avoid profilingI reuse path for new TCP streams for 10 minutesI build another one in case of circuit failure
11 / 19
How the hell find a path?
Directory Authorities:
I hardcoded
I maintain a list of running relays
I publish a consensus once per hour containing Tor relays
I assign flags to relaysI client path: entry guard, relay and exit node of different
familiesI Guard flag given by DAsI election based on different properties: bandwidth, uptime,
total time etc.I no longer a middle relay
11 / 19
Tor bridges and pluggable transports
I can be used in case of relays or DAs censorship
I basically encapsulate Tor protocol between client and first hop
I FTE(-IPv6), SSH, meek etc.
I publically distributed bridges
I secret bridges
I very easy to set up
12 / 19
DNS leaks
I applications try to resolve hostnames
I client IP and requested service leakage
I SOCKS4, SOCKS5 use IP adresses
I SOCKS4a uses hostnames
Solutions:
I resolve manually using tor-resolve
I “use remote DNS”
I use a wrapper
I use a Transparent Proxy
I use an Isolating Proxy
13 / 19
DNS leaks
I applications try to resolve hostnames
I client IP and requested service leakage
I SOCKS4, SOCKS5 use IP adresses
I SOCKS4a uses hostnames
Solutions:
I resolve manually using tor-resolve
I “use remote DNS”
I use a wrapper
I use a Transparent Proxy
I use an Isolating Proxy
13 / 19
DNS leaks
I applications try to resolve hostnames
I client IP and requested service leakage
I SOCKS4, SOCKS5 use IP adresses
I SOCKS4a uses hostnames
Solutions:
I resolve manually using tor-resolve
I “use remote DNS”
I use a wrapper
I use a Transparent Proxy
I use an Isolating Proxy
13 / 19
Hidden services
I services accessibles via a .onion URL
I Let’s Encrypt is trying to provide VALID certsfor .onions
I Facebook now have a hidden service
I .onion hostname = hash of hidden service public key
14 / 19
Rendezvous points
15 / 19
Rendezvous points
15 / 19
Rendezvous points
15 / 19
Rendezvous points
15 / 19
Rendezvous points
15 / 19
Rendezvous points
15 / 19
Tools
I torify
I Tor Browser Bundle
I Tor Messenger
I Ricochet
I Orbot
16 / 19
Security concerns
I Tor does not protect against traffic analysis
I correlations may be found
I “Using BGP to Compromise Tor” paper
17 / 19
’kthx
References
I Tor 2004 paper: https://svn.torproject.org/svn/
projects/design-paper/tor-design.pdf
I Tor’s protocol specifications:https://gitweb.torproject.org/torspec.git/tree/
19 / 19