Dark Web

Cryptography-1 (Group-2)
Presented By:
Rozeena Saleha(19075)
Shawana Khan(19135)
Maira Sultan (19172)
Saira Yousaf(19524)
 What it Covers?
• Dark Web [1]
• What is Dark Web? How it work?

• What is Onion link?[3]

• Which Currency is currently using in Dark Web?

• How cryptography helps to create/develop the Dark web currency?

• Privacy issues in Dark Web.

 What is Dark Web? How it work?
• The term "Deep Web" refers to the unindexed web -
databases and other content that search engines can't crawl.
Your question most likely refers to what's sometimes called
the "Dark Web", or more technically, Tor's[The Onion
Router] hidden services.
• This software maintains the privacy of both the source and
the destination of data and the people who access it[5].
 What is Onion link?
 The Anonymous links accessed through TOR called onion links. [.onion is a top level
domain].

 All sites in the dark web are onion domains (which basically means both the provider
and user are anonymous and difficult to trace.)

 The most infamous of these onion sites was the now-defunct Silk Road, an online
marketplace where users could buy drugs, guns and all sorts of other illegal items[10].

 The FBI eventually captured Ross Ulbricht, who operated Silk Road, but copycat sites
like Black Market Reloaded are still readily available.
 Following are the biggest deep web links.
 https://darkwebnews.com/deep-web-links/
Which Currency is currently using
in Dark Web?
• Most DarkNet vendors deal exclusively in Bitcoin (BTC) because no competitor has more liquidity, price
stability, or widespread adoption. In terms of DarkNet adoption, the next closest currency is Litecoin
(LTC), which historically averages about 5% of Bitcoin’s market capitalization.
• Bitcoin allows you to create a wallet without revealing your identity, but it is not entirely anonymous.
The easiest way to go about this is to buy some coins from a peer-to-peer exchange like LocalBitcoins, or
a wallet service with built in exchange like Coinbase.
• Instead of sending your coins directly to the deposit address for your marketplace account, you just give
the deposit address to the mixing service and they provide you with an new address to make the payment
to – they then do their magic before passing on new ‘clean’ coins that can’t be traced back to you. They
will usually charge you a couple of percent on each transaction for providing this service. Here is a link
to a popular coin mixer coinmixer.se. [2]
• Anoncoin (ANC), ZeroCash project, Monero (XMR) and Bytecoin/Crypto note (BCN), StealthCoin
(XST).
 How cryptography helps to
create/develop the Dark web currency?
• PGP stands for ‘pretty good privacy’.

• Escrow involves a trusted third party (almost always the site admin)
arbitrating between the buyer and seller when there is a disagreement.[8]

• The cryptocurrency’s role in facilitating online criminal behavior, money

laundering, tax evasion and fraud. Long-term, bitcoin’s success will depend
largely on its ability to address concerns related to scalability, platform
development and automated transactions.[9]
 Privacy issues in Dark Web.
• The government is unlikely to ever fully suppress the dark Web because of the high demand for the
products and information offered on these Websites. Also, there will invariably be individuals willing to
accept the risks associated with meeting that market. Reasons that the government limits involvement with
privacy concerns include:
• Protection of whistleblowers and dissidents[4]
• Potential of producing significant innovations in the payments business
• People will find others ways to use the Internet for illicit purposes
• Access to unlinked database queries and odd file formats[6]
• Access to current news without censorship
• The right to speak openly without fear of persecution
• A robust and sturdy statistical analysis tool of bridges and relays
• Greater user base, increased capital, and higher black market competition
• Hosted blogs from countries without the ability for candid thought exchanges
• Secure file sharing tools.[7]
ANONIMITY
 Tor Network and its working [11]
• TOR  network to defend against traffic analysis
• Has a search engine but typically designed for Firefox
• A privacy network, not the SECURITY
• Owner  independent organization, funded by various U.S
Arms
• Publically launched in 2002
 TOR Network [11]
• Entry nodes
• Relay nodes
• Exit nodes

Each user in TOR network can provide his machine to be used as a Node in
relays.
 Onion Routing Protocol Work? [12]

• The user creates a “Relay” leading to their destination.

• At each hop, the node “unwraps” a layer from the packet via symmetric

keys, revealing the next destination.

• Each node only knows about next and last node

 How it Works…?? [12]
• Entry node

• Relay node

• Exit node

each layer of
Data packet
encryption Exit point have
encrypted as Packet reached
removed as no encryption
number of to destination
moving left
nodes
through nodes
 Encryption in TOR
• Node – Node  TLS keys
o Both parties decide which algorithms will be used for key and encryption.

o Public key for authentication

o MAC for integrity check

o Also send session key

• Session keys  deffie-Hellman

o Every node linked with originator

o So cannot decide either previous node is originator or just a node

How federal agencies break TOR network..??

• DNS Leaks

• Traffic Analysis

• Malicious Exit Nodes

A useful thing from Dark Web [14]

• http://xfmro77i3lixucja.onion/
o Some Library with books,
o over 85000 books for various topics
 Is Dark Web Safe..????
• NO .. But why..???
o Everyone is anonymous  means untrustworthy

o Hackers trying to catch relays by capturing exit nodes

• Until you played the right cards  some tips..

o Use TOR-browser bundle

o Don’t use real name or email

o Never pay with a credit card

o Try to prevent any downloading until necessary

Other Anonymities except TOR
and RIFFLE [13]

• I2P
• FREENET

• Freepto

• Hornet
 Tor security concerns
• Tor is not alien but a simple technology

• Can be compromised like others

• To keep privacy , we should use not only Tor but multiple layers of security with
that

• Anti-virus, firewalls, Anti- spywares malwares are are used for this purpose
 Proxy Server Issues
• Internet speed of other nodes is a headache

• Download and upload speed is different for every proxy or node

• People relied on Tor for privacy its ok!

• but laws of country will be valid even if we are on dark web

• Web browser cashes pictures and that’s it prison and dark life starts here
 Limited Encryption
• Our data is encrypted while inside the network

• Last node from where our data goes out to the requested site ,it will be in plain text

• Important info can be captured from this point

• Vpn is the little solution for this

 Computer vulnerability
• Does Security mean that using vpn ,ssl for end to end encryption and that’s it?

• Ok! They will help but what if your own computer is just compromised ?

• Basically your info will be collected immediately as we type anything even before
sending it to the network
 What can we do?

• While using Tor just use Tor browser

• Why because plug-in which are very seamless can grab our info and compromisation
occur

• Tor browser is a new version of Firefox customized to maintain anonymity

 Prohibited usage software
• While using Toe browser ,don’t use piece of networking softwares

• for e.g Server may send request to the chrome and try to trick network softwares on
your computer
 Downloading Issues
• Downloading should be from trusted source

• Don’t forget “HACKERS love hacking”

• Don’t download anti-virus, anti-malware,anti-spyware from TOR because may be at

their backend there are hackers
 I- FRAMES
• I-FRAMES are little snippets of HTML code that can go out and grab info from
servers when ever these I- frames are called

• Sometimes these are embedded in documents

• So even we are just open document ,our computer will be compromised

• Plug- out is the solution

 SOCKS CONFIGURATION

• Don’t use networking piece of software

• Sometime we use “socks”

• Configure it “ perfectly”

• Check box should be check properly other wise will cost high pain

• With Tor ,any socks complaint can use for routing network info
 ISP’S Nodes
• Traffic goes from isp nodes as well

• They can grab your info

• Or government can track it easily through key logging

• By data mining info will be carried out for special purposes

 Government Issues

• As or traffic is not encrypted from last node

• It will be captured by any one in the middle of last node or requested site

• May be government can own last nodes

• We really don’t know about ownership of these nodes???????????????????

 Warnings while using Tor
• Use the Tor browser
• Don’t enable or install browsers plug in
• Use HTTPS versions of websites
• Don’t open documents downloaded through Tor while online
 Tips to be Anonymous
• Don’t use same password and user id which you are using on regular internet
• Don’t keep its record any where
• Don’t download malware ,it will infect Tor browser
• Don’t keep digital evidence
• Don’t leave physical evidence on the product
Crypto currency
 BITCOIN
• Satoshi Nakamoto

• Decentralized digital currency

What is Bitcoin?
• Bitcoins can be used for online transactions between
individuals“

• not backed by any country's central bank or government.

• can be traded for goods or services with vendors who

accept Bitcoins as payment.
 Wallets
• DESKTOP
Multibit and Bitcoin QT

• WEB
How difficult is to make
Blockchain.info
a bitcoin payment?
Bitcoin adress + private key = wallet

Note:can provide anonymity.

 Bitcoin address
• Generate private key of 256 bit of random numbers and represent it in 64 bit
hexadecimal.
• Public key is generated by private key by EC function.[25]

BASE58
Public key SHA 256 RIPEMD BASE56
encoding
Payments [23]
 Block chain
• A blockchain is a type of distributed ledger, comprised of
unchangable, digitally recorded data in packages called
blocks. [22]

• It solved the issue of double spending by using

How it works?
1.
2.
hash solving
backracking previous transaction(Merkle tree)

• .
 Minning
• New bitcoins are generated by a
competitive and decentralized process
called "mining".
• This process involves that individuals are
rewarded How are bitcoins
by the network created?
for their services.
Bitcoin miners are processing transactions
and securing the network using specialized
hardware and are collecting new bitcoins in
exchange.
 Block reward
Each time a miner successfully solves
Bitcoin’s proof of work algorithm that miner
mined a “block”. The miner or mining pool that
mines a block is rewarded through the block
reward, a set amount of bitcoins agreed upon by
the network. The bitcoins included in the block
reward are all new bitcoins. This is the only way
that new bitcoins are created[24].
 Competetion for bitcoin
• Miners take the information in the block, and apply a mathematical
formula to it, turning it into hash.

How minning works?

 Attacks
• 51% attack

Attacks on Bitcoins miner

software, servers?
 Conclusion
• Although with increase in cryptographic techniques, where there are a lot
of benefits its now possible to trade without showing your identity which
is somehow motivating criminals to work under the umbrella of dark
web.

• So its time to be more vigilant when exposing to digitization.

 References
ROZEENA
1. http://computer.howstuffworks.com/internet/basics/how-the-deep-web-works8.htm
2. https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-
on-a-collision-course
3. https://topvpnsoftware.com/?data1=dwnac01b
4. https://www.quora.com/Is-it-safe-to-browse-the-dark-web
5. https://www.torproject.org/download/download-easy.html.en
6. https://darkwebnews.com/help-advice/access-dark-web/#comment-12540
7. https://darkwebnews.com/dark-web-market-list/
8. https://www.deepdotweb.com/2014/09/18/can-anoncoin-be-the-currency-of-the-deep-web/
9. http://cryptorials.io/dark-markets-how-to-buy-things-from-the-deep-webs-black-markets/
10. https://webhostinggeeks.com/blog/how-the-dark-web-and-tor-contribute-to-current-privacy-
concerns/
 Cont..
MAIRA
11. http://www.tomsguide.com/us/what-is-tor-faq,news-17754.html
12. http://www.tomsguide.com/us/what-is-tor-faq,news-17754.html
13. https://geti2p.net/en/about/intro
14. https://darkwebnews.com/deep-web-links/
SAIRA
15. https://www.youtube.com/watch?v=IvaBc0Q49Ys
16. https://www.youtube.com/watch?v=pyq4vwxqvSI
17. https://www.youtube.com/watch?v=UyMEzhL_kn0
18. https://www.torproject.org/about/overview
19. https://www.eff.org/torchallenge/what-is-tor.html
 Cont..
20. https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt
21. https://www.torproject.org/about/overview
SHAWANA
22. -https://www.weusecoins.com/.
23. https://bitcoin.org/en/faq#how-difficult-is-it-to-make-a-bitcoin-payment
24. https://www.bitcoinmining.com/how-are-new-bitcoins-created
25. https://chrispacia.wordpress.com/2013/09/07/bitcoin-cryptography-digital-signatures-
explained
26. http://www.coindesk.com/information/how-bitcoin-mining-works/
27. http://silkroaddrugs.org/silk-road-attacked-by-hackers/http://www.coinfox.info/news/4890-
linux-mint-attack-threatens-bitcoin-users-and-miners