TOR NETWORK

A Presentation by
Nishanth Samuel Fenn
Roll No. 57
S7, CS-B.
Under the Guidance of
Mr. Pramod Pavithran
2
 Contents

• Why do we need anonymity?

• Introducing the Tor Network
• How does the Tor Network work?
• Hidden Services
• Weaknesses
 Why do we need anonymity?

• To hide user identity from target web site

• To hide browsing pattern from employer or ISP
• To conceal our internet usage from hackers
• To circumvent censorship
 Introducing the Tor Network

• Tor aims to conceal its users' identities and their online activity from surveillance
and traffic analysis by separating identification and routing.
• This is done by passing the data through a circuit of at least three different routers.
• The data that passes through the network is encrypted, but at the beginning and
end node, there is no encryption.
 R3
R1 R5
srvr1

R4
R2 R6

srvr2
one minute later
 How Tor Works? --- Onion Routing
Alice Bob

M
√
M OR2
M C2 C3
M

OR1 OR3
C1 C2 C3 Port
• A circuit is built incrementally one hop by one hop
• Onion-like encryption
• ‘Alice’ negotiates an AES key with each router
• Messages are divided into equal sized cells
• Each router knows only its predecessor and successor
• Only the Exit router (OR3) can see the message, however it does
not know where the message is from
 Cells
• All data is sent in fixed size (bytes) cells
• Control cell commands:
• Padding, create, destroy
• Relay cell commands:
• Begin, data, connected, teardown, ...
 How Tor Works? --- Node to Node Connection

• Tor implements Perfect Forward Secrecy (PFC) by using AES encryption

• In AES (Advanced Encryption Standard), a private key is generated and shared
between the two users, and from this key, session keys are generated
• Original keypairs are only used for signatures (i.e. to verify the authenticity of
messages)
 How Tor Works? --- Integrity Checking

• Only done at the edges of a stream

• SHA-1 digest of data sent and received
• First 4 bytes of digest are sent with each message for verification
Commands in Use
 Hidden Services
• Location-hidden services allow a server to offer a TCP service without revealing its IP
address.
• Tor accommodates receiver anonymity by allowing location hidden services
• Design goals for location hidden services
• Access Control: filtering incoming requests
• Robustness: maintain a long-term pseudonymous identity
• Smear-resistance: against socially disapproved acts
• Application transparency
• Location hidden service leverage rendezvous points
 Weaknesses
• Autonomous System (AS) eavesdropping
• Exit node eavesdropping
• Traffic-analysis attack
• Tor exit node block
• Bad Apple attack
• Sniper attack
• Heartbleed bug
 Autonomous System (AS) eavesdropping

If an Autonomous System (AS) exists on both path segments from a client to entry
relay and from exit relay to destination, such an AS can statistically correlate traffic on
the entry and exit segments of the path and potentially infer the destination with
which the client communicated. In 2012, LASTor proposed a method to predict a set
of potential ASes on these two segments and then avoid choosing this path during
path selection algorithm on client side. In this paper, they also improve latency by
choosing shorter geographical paths between client and destination.
 Exit node eavesdropping

As Tor does not, and by design cannot, encrypt the traffic between an exit node and
the target server, any exit node is in a position to capture any traffic passing through
it that does not use end-to-end encryption such as SSL or TLS. While this may not
inherently breach the anonymity of the source, traffic intercepted in this way by self-
selected third parties can expose information about the source in either or both of
payload and protocol data
 Exit node eavesdropping (Contd.)

• In October 2011, a research team from ESIEA claimed to have discovered a way to
compromise the Tor network by decrypting communication passing over it. The
technique they describe requires creating a map of Tor network nodes, controlling
one third of them, and then acquiring their encryption keys and algorithm seeds.
Then, using these known keys and seeds, they claim the ability to decrypt two
encryption layers out of three. They claim to break the third key by a statistical-
based attack. In order to redirect Tor traffic to the nodes they controlled, they used
a denial-of-service attack.
 Bad Apple attack
• This attack against Tor consists of two parts: (a) exploiting an insecure
application to reveal the source IP address of, or trace, a Tor user and (b)
exploiting Tor to associate the use of a secure application with the IP address of
a user (revealed by the insecure application). As it is not a goal of Tor to protect
against application-level attacks, Tor cannot be held responsible for the first
part of this attack. However, because Tor's design makes it possible to
associate streams originating from secure application with traced users, the
second part of this attack is indeed an attack against Tor. The second part of
this attack is called the bad apple attack. (The name of this attack refers to the
saying 'one bad apple spoils the bunch.' This wording is used to illustrate that
one insecure application on Tor may allow to trace other applications.)
 Heartbleed bug

• Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely

used implementation of the Transport Layer Security(TLS) protocol. The
vulnerability is classified as a buffer over-read, a situation where software allows
more data to be read than should be allowed.
• The Tor Project recommended that Tor relay operators and hidden service
operators revoke and generate fresh keys after patching OpenSSL, but noted that
Tor relays use two sets of keys and that Tor's multi-hop design minimizes the
impact of exploiting a single relay.
 Licit and illicit uses

• Tor is increasingly in common use by victims of domestic violence and the social
workers and agencies which assist them
• A growing list of news organizations are using the SecureDrop software platform
to accept material for publication in a manner intended to protect the anonymity
of sources.
• It is endorsed by civil liberties groups as a method for whistleblowers and human
rights workers to communicate with journalists
 Licit and illicit uses (Contd.)

• Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain
access to censored information, to organize political activities, or to circumvent
laws against criticism of heads of state.
• Tor can be used for anonymous defamation, unauthorized leaks of sensitive
information and copyright infringement, distribution of illegal sexual
content, selling controlled substances, money laundering, credit card fraud,
and identity theft.
• Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law
enforcement agencies at cross purposes, sometimes simultaneously
 Dangers of using Tor Network
• "The more you hide the more somebody wants to know why.“
• While the inter-relay communications might be secure, the entry and exit nodes
are vulnerable to packet sniffing and
• The exit node decrypts the packet it received from its sibling on the chain of nodes
and receives your full plaintext request. This can be easily seen by the operator of
the exit node.
• Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced
to your IP
• Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
 References
• https://www.torproject.org/
• https://en.wikipedia.org/wiki/Tor_(anonymity_network)
• McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in
Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy
Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany:
Springer-Verlag. pp. 63–76.
• "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014.
• "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014.
• "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014.
• Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info-stealing
attack". InfoWorld.
• Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project.
• Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout,
Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to
Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET
'11). National Institute for Research in Computer Science and Control.
Q&A
ThankYou