Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Ces Summer 2006 Tor Paper 28redacted 29

Ces Summer 2006 Tor Paper 28redacted 29

Ratings: (0)|Views: 164 |Likes:
Published by Andrew Blake
Ces Summer 2006 Tor Paper 28redacted 29
Ces Summer 2006 Tor Paper 28redacted 29

More info:

Published by: Andrew Blake on Oct 04, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/04/2013

pdf

text

original

 
TOP SECRET//COMINT//20291123(U//FOUO) Tor
2006 CES Summer Program
Abstract
(U) Tor is an open-source anonymization program created by Roger Dingledine,Nick Mathewson, and Paul Syverson. Originally sponsored by the US Naval ResearchLaboratory, and now backed by the Electronic Frontier Foundation, it routes a user’straffic through several servers in a way that hides the user’s location.(TS//SI) We have seen several targets using Tor. Our goal was to analyze Torsource code and determine any vulnerabilities in the system. We set up an internalTor network to analyze Tor traffic, in the hopes of discovering ways to passivelyidentify it. We also worked to create a custom Tor client which allows the user finercontrol.
Contents
1 (U) Tor overview 32 (U//FOUO) Objectives 43 (U//FOUO) Objectives 1 and 2 44 (U//FOUO) MJOLNIR 4
4.1 (U//FOUO) Building circuits . . . . . . . . . . . . . . . . . . . . . . . . . 54.2 (U//FOUO) Sending and receiving data . . . . . . . . . . . . . . . . . . . 64.3 (U//FOUO) MJOLNIR GUI for Windows . . . . . . . . . . . . . . . . . . 7
5 (S//SI) Tors X.509 certicates 8
5.1 (S//SI) MJOLNIRs X.509 certicates . . . . . . . . . . . . . . . . . . . . 8
6 (U) Tors hidden services 107 (U//FOUO) Possible attacks 10
7.1 (TS//SI) Denial-of-service-style attacks with MJOLNIR . . . . . . . . . . 117.1.1 (TS//SI) Coil attack . . . . . . . . . . . . . . . . . . . . . . . . . . 117.1.2 (TS//SI) Flower attack . . . . . . . . . . . . . . . . . . . . . . . . . 127.2 (U//FOUO) Trac analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 127.2.1 (U) A basic Tor circuit . . . . . . . . . . . . . . . . . . . . . . . . . 127.2.2 (S//SI) Locating known hidden services . . . . . . . . . . . . . . . 157.3 (S//SI) Discovering unknown hidden services . . . . . . . . . . . . . . . . . 167.4 (U//FOUO) Man-in-the-middle attack . . . . . . . . . . . . . . . . . . . . 171
TOP SECRET//COMINT//20291123
 
TOP SECRET//COMINT//20291123
8 (U) Future areas of study 17
8.1 (U//FOUO) Expanding MJOLNIR’s functionality . . . . . . . . . . . . . . 188.2 (U) Privoxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188.3 (U) Tor remote control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188.4 (TS//SI) Directory server exploitation . . . . . . . . . . . . . . . . . . . . 19
9 (U) Acknowledgments 1910 (U) References 19A (U//FOUO) Tor glossary 21B (U) Programming details 21
B.1 (U) Building circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21B.1.1 (U) Choosing a server . . . . . . . . . . . . . . . . . . . . . . . . . 23B.2 (U) Connecting the circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . 24B.3 (U) Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26B.3.1 (U)TLS encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 26B.3.2 (U) Onion skins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
C (U) Hidden services 29
C.1 (U) Oering a hidden service . . . . . . . . . . . . . . . . . . . . . . . . . . 29C.2 (U) Accessing a hidden service . . . . . . . . . . . . . . . . . . . . . . . . . 29
D (U) Information at the nodes 30
D.1 (U) First node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31D.2 (U) Second node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32D.3 (U) Third node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32D.4 (U) Hidden service nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33D.4.1 (U) Introduction points . . . . . . . . . . . . . . . . . . . . . . . . . 33D.4.2 (U) Rendezvous points . . . . . . . . . . . . . . . . . . . . . . . . . 34
E (U//FOUO) MJOLNIR API 35
E.1 (U) Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35E.2 (S//SI) Circuit building . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37E.3 (U//FOUO) Sending and receiving data . . . . . . . . . . . . . . . . . . . 39E.4 (S//SI) Smartlists and certicate masking . . . . . . . . . . . . . . . . . . 42E.5 (TS//SI) DoS-style attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
F (U//FOUO) MJOLNIR for Windows 46
F.1 (U) Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46F.2 (S//SI) Creating new circuits . . . . . . . . . . . . . . . . . . . . . . . . . 46F.3 (TS//SI) DoS-style attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 47F.4 (TS//SI) Sending arbitrary packets . . . . . . . . . . . . . . . . . . . . . . 472
TOP SECRET//COMINT//20291123
 
TOP SECRET//COMINT//20291123
F.5 (U) Future features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49F.5.1 (U) Minor changes/bug xes . . . . . . . . . . . . . . . . . . . . . . 49
1 (U) Tor overview
(U) Tor is an implementation of an onion routing system. Its creators use a special jargonto describe its workings; please consult appendix A,
Tor glossary
, for definitions. Tor’sanonymization works by having a Tor client send its traffic through a circuit of threeservers, each running Tor, under several layers of encryption. This accomplishes severalthings. Most basically, the Tor servers, many of which are listed on publicly advertiseddirectory servers, are chosen to act as a series of proxies. This may seem to be excessivelycomplex, as a single proxy server can be used to hide one’s location, but a single-hop proxyis vulnerable in two ways. First, by analyzing the pattern of the traffic going to and fromthe proxy server, it is possible to deduce which clients are making which requests. Second,if an attacker owns the proxy server, then it certainly knows who is asking for what, andanonymization is ruined. By using multiple hops, Tor is much more resistant to both of these attacks. Traffic analysis becomes extraordinarily difficult, as it must be coordinatedacross several machines, and an attacker must own all the hops along the circuit in orderto trace requests back to the originating client.(U) If Tor’s only feature was the use multiple proxies, it would not necessarily meanthat it could not be attacked some way, such as knowing which circuit a client will choose toroute traffic through, or simply reading requests sent in the clear and looking for identifyinginformation. However, Tor leverages the OpenSSL cryptographic libraries to encrypt thedata it sends and to choose random circuits in order to prevent an attacker from gaininguseful information.(U) The series of Tor servers used to relay a client’s TCP traffic is referred to as acircuit. Circuits are set up one server at a time in a way that keeps any single server fromknowing the entire layout of the circuit. The client connects to the first server. It thenasks the first server to connect to the second server. Finally, it sends a request throughthe first server that asks the second server connect to the third server. Each server onlyknows who connected to it and to whom it connected, which is just one server each wayin the circuit. A more detailed explanation can be found in appendix B.1.(U) The phrase “onion routing” refers to the way that encryption is layered to hideinformation sent down the circuit. When setting up the circuit, the client negotiates keyswith each of the servers it will be routing through. Most circuits in Tor contain threeservers, so the client negotiates three secret keys, one with each server. When the clientwants to send some data, for example an HTTP GET request, it first encrypts the dataonce using each key. It sends the packet to the first server, which removes one layer of encryption and passes along the packet to the second server. The second server removesanother layer of encryption and sends the packet to the third server. When the third serverremoves a layer of encryption, then the packet is now in the clear, and the server will sendthe HTTP GET to the appropriate destination. In this way, only the third server can see3
TOP SECRET//COMINT//20291123

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->