Professional Documents
Culture Documents
A Presentation by Nishanth Samuel Fenn Roll No. 57 S7, CS-B. Under The Guidance of Mr. Pramod Pavithran
A Presentation by Nishanth Samuel Fenn Roll No. 57 S7, CS-B. Under The Guidance of Mr. Pramod Pavithran
A Presentation by
Nishanth Samuel Fenn
Roll No. 57
S7, CS-B.
Under the Guidance of
Mr. Pramod Pavithran
2
Contents
• Tor aims to conceal its users' identities and their online activity from surveillance
and traffic analysis by separating identification and routing.
• This is done by passing the data through a circuit of at least three different routers.
• The data that passes through the network is encrypted, but at the beginning and
end node, there is no encryption.
R3
R1 R5
srvr1
R4
R2 R6
srvr2
one minute later
How Tor Works? --- Onion Routing
Alice Bob
M
√
M OR2
M C2 C3
M
OR1 OR3
C1 C2 C3 Port
• A circuit is built incrementally one hop by one hop
• Onion-like encryption
• ‘Alice’ negotiates an AES key with each router
• Messages are divided into equal sized cells
• Each router knows only its predecessor and successor
• Only the Exit router (OR3) can see the message, however it does
not know where the message is from
Cells
• All data is sent in fixed size (bytes) cells
• Control cell commands:
• Padding, create, destroy
• Relay cell commands:
• Begin, data, connected, teardown, ...
How Tor Works? --- Node to Node Connection
If an Autonomous System (AS) exists on both path segments from a client to entry
relay and from exit relay to destination, such an AS can statistically correlate traffic on
the entry and exit segments of the path and potentially infer the destination with
which the client communicated. In 2012, LASTor proposed a method to predict a set
of potential ASes on these two segments and then avoid choosing this path during
path selection algorithm on client side. In this paper, they also improve latency by
choosing shorter geographical paths between client and destination.
Exit node eavesdropping
As Tor does not, and by design cannot, encrypt the traffic between an exit node and
the target server, any exit node is in a position to capture any traffic passing through
it that does not use end-to-end encryption such as SSL or TLS. While this may not
inherently breach the anonymity of the source, traffic intercepted in this way by self-
selected third parties can expose information about the source in either or both of
payload and protocol data
Exit node eavesdropping (Contd.)
• In October 2011, a research team from ESIEA claimed to have discovered a way to
compromise the Tor network by decrypting communication passing over it. The
technique they describe requires creating a map of Tor network nodes, controlling
one third of them, and then acquiring their encryption keys and algorithm seeds.
Then, using these known keys and seeds, they claim the ability to decrypt two
encryption layers out of three. They claim to break the third key by a statistical-
based attack. In order to redirect Tor traffic to the nodes they controlled, they used
a denial-of-service attack.
Bad Apple attack
• This attack against Tor consists of two parts: (a) exploiting an insecure
application to reveal the source IP address of, or trace, a Tor user and (b)
exploiting Tor to associate the use of a secure application with the IP address of
a user (revealed by the insecure application). As it is not a goal of Tor to protect
against application-level attacks, Tor cannot be held responsible for the first
part of this attack. However, because Tor's design makes it possible to
associate streams originating from secure application with traced users, the
second part of this attack is indeed an attack against Tor. The second part of
this attack is called the bad apple attack. (The name of this attack refers to the
saying 'one bad apple spoils the bunch.' This wording is used to illustrate that
one insecure application on Tor may allow to trace other applications.)
Heartbleed bug
• Tor is increasingly in common use by victims of domestic violence and the social
workers and agencies which assist them
• A growing list of news organizations are using the SecureDrop software platform
to accept material for publication in a manner intended to protect the anonymity
of sources.
• It is endorsed by civil liberties groups as a method for whistleblowers and human
rights workers to communicate with journalists
Licit and illicit uses (Contd.)
• Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain
access to censored information, to organize political activities, or to circumvent
laws against criticism of heads of state.
• Tor can be used for anonymous defamation, unauthorized leaks of sensitive
information and copyright infringement, distribution of illegal sexual
content, selling controlled substances, money laundering, credit card fraud,
and identity theft.
• Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law
enforcement agencies at cross purposes, sometimes simultaneously
Dangers of using Tor Network
• "The more you hide the more somebody wants to know why.“
• While the inter-relay communications might be secure, the entry and exit nodes
are vulnerable to packet sniffing and
• The exit node decrypts the packet it received from its sibling on the chain of nodes
and receives your full plaintext request. This can be easily seen by the operator of
the exit node.
• Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced
to your IP
• Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
References
• https://www.torproject.org/
• https://en.wikipedia.org/wiki/Tor_(anonymity_network)
• McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in
Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy
Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany:
Springer-Verlag. pp. 63–76.
• "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014.
• "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014.
• "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014.
• Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info-stealing
attack". InfoWorld.
• Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project.
• Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout,
Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to
Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET
'11). National Institute for Research in Computer Science and Control.
Q&A
ThankYou