Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router

Tor: The SecondGeneration Onion Router Authors: Roger Dingledine, Nick Mathewson, Paul Syverson Presented by: Alexander Truong Anonymous Communication Systems Relay based (Chaums Mix-Net) High-latency Babel, Mix-master, Mixminion Resistant to global adversary E-mail Low-latency

Tor, Anonymizer, Java Anon Proxy, PipeNet, Freedom Vulnerable to timing attacks and volume analysis E-mail, chat, SSH, web browsing Onion Routing Onion routing dates back to 1996 Anonymizes TCP applications Volunteer-based Onion Routers (OR) Security Objective: Relationship Unlinkability, Message Unlinkability w.r.t. subject PKA(PKB(PKC(M) + C) + AB) PKB(PKC(M) + AC) PKC(M) Message M

S A B C Tor design improvements Security Perfect forward secrecy; Removed mixing, padding, traffic shaping; Hidden services via rendezvous points; End-to-end integrity checking;

Leaky-pipe circuit topology Efficiency TCP stream multiplexing; Congestion control; Directory servers Usability SOCKS proxy interface; Exit policies Design Goals of Tor Practical to deploy: low bandwidth, smear-resistant, easy to implement Easy to use: Minimal application modification, configuration, delay Security requirement: Difficult to use Less users Less anonymity

Well-understood, simple design to facilitate implementation and security analysis Flexible for future testing and research Threat Model Tor does not protect against a strong global adversary Focus on traffic analysis attacks We assume the adversary can observe a fraction of network traffic generate, modify, delete, delay traffic operate onion routers compromise onion routers Tor

Overlay network: operates in user space without elevated privileges Operators deploy Onion Routers (OR) maintains a TLS connection to every other OR Users run Onion Proxies (OP) fetch directories, create circuits across network, multiplexes TCP streams to circuits Directory servers Cells (packets) Circuits and streams Directory Servers Trusted servers called directory servers maintain a directory of ORs and their

identity key. Clients fetch a trusted directory if it is signed by threshold of directory servers In previous onion routing designs, ORs flooded the network to update network status Adversary can exploit differences in network views caused by delays Onion Router Long-term identity key Sign TLS certs, router descriptor, sign directories Short-term onion key Decrypt user circuit requests Negotiate short-term keys

Rotated periodically Cells 512 bytes of header + payload Control Cells padding, create[d], destroy Relay Cells data, begin/connected, end, teardown, extend[ed], truncate[d], sendme, drop 128-bit AES counter mode, stream cipher

Relay Cells Sending a relay cell to OR3 1. OP assigns a digest, then encrypts the relay cell K1(K2(K3(Relay Cell))) 2. OR1 and OR2 decrypts, checks the digest, finds an invalid digest, and passes the cell onto the next OR 3. OR3 decrypts and finds a valid digest and processes the cell OP can send to any OR on the circuit, enabling a leaky pipe topology Circuits Efficient circuit usage: circuits are shared by multiple TCP streams Low delay: circuits are constructed

preemptively Minimal user impact: circuits are created in the background Reduce linkability periodically create new circuits expire unused or old circuits TCP streams Circuits HTTP1

C1 HTTP2 C2 SSH1 IRC1 XYZ1 Circuit Construction Negotiate symmetric key using Diffie-Hellman with each OR in the circuit OP uses create, created, relay extend, relay extended cells to create a

circuit. OP OR1 OR2 (create, ) (created, ) (relay extend, ) (create, ) (created, ) (relay extended, )

TCP connections An application requests the OPs SOCKS interface to create a TCP connection OP uses relay commands to open TCP streams and exit nodes Some applications resolve a hostname before connecting to Tor Privoxy filters HTTP requests and skips DNS resolution Application TCP traffic

SOCKS proxy interface Onion Proxy Relay cells Circuit Location-hidden service Service can be offered without revealing IP address Filter incoming requests Protect against DDoS Maintain pseudonymity HS able to migrate IPs

Smear-resistance for rendezvous points Users are not required to modify applications Introduction points A hidden service (HS) advertises introduction points (IP) on a lookup service, signed with the owners public key. HS Many IPs must be created to resist DoS attacks

IP IP Tor network IP Rendezvous Point Set Up 1. OP sets up a circuit with Rendezvous Point (RP) with a rendezvous cookie OP

(2) IP HS (1) 2. OP contacts IP with RP, rendezvous cookie, and DH handshake half

RP 3. IP sends to HS 4. HS creates circuit to RP with cookie and completed DH handshake (3) OP RP

(4) HS Integrity checking TLS protects against external adversary OP creates a SHA-1 digest with each node in the circuit to protect against internal adversary Initial digest of shared key Incrementally add to digest Contents of all relay cells each node created First 4 bytes of the current digest

To modify a cell, adversary must deduce digest from all traffic and shared key Limiting bandwidth Tor limits incoming bytes over a long-term average Uses the token bucket algorithm Circuit-level throttling Uses a packaging window and delivery window Packaging or delivering a cell decrements the corresponding window Relay sendme increments a window When packaging window is 0, OR stops reading until receiving a relay sendme Stream-level throttling

Similar to circuit-level throttling, has a packaging window and delivery window Sends relay sendme only when bytes are flushed to TCP stream Exit policies Potential abuse of the Tor network deters deployment Onion Router operators may be mistaken for users abusing the network Exit policies allow operators to restrict/filter traffic to prevent abuse Attacks Passive Observe network edges for entering and exiting traffic to analyze timing, volume, userselected options

Active attacks Attack trustworthy routers; Perform illegal activities (smear) on reliable routers Deny service to users, then observe effect on network Directory attacks Subvert directory servers; Trick servers to list a compromised OR Rendezvous attacks Attack/flood introduction points Future Research More scalable design, more anonymity and supports more users Effectiveness of padding links

Incremental updates from directory servers Questions?

Recently Viewed Presentations

  • Components of CET Components of CET Sole purpose

    Components of CET Components of CET Sole purpose

    Observers are non-participants IEP Challenges & Solutions Expect more input on PLAAFP & Goals: Remember---PURPOSE of the IEP: Determine impact of ASD on access and progress in general education Behavioral Health Treatment Plan / IPOS may focus on developing discrete...
  • Treating Alcohol Abuse A Collaborative Approach to Care

    Treating Alcohol Abuse A Collaborative Approach to Care

    Understanding Provider Role in Treating Alcohol Abuse. Registered Dietitian's focus is on the nutrition diagnosis rather than medical or psychiatric diagnosis. Nutrition diagnoses are written as a "PES" statement which identifies the nutrition
  • Sewed Up His Heart

    Sewed Up His Heart

    Sewed Up His Heart 3-2 fatal noun causing death suture verb stitch together colleagues noun people in the same profession condemnation noun strong disapproval anesthesia noun something that causes loss of feeling or consciousness incision noun cut meticulously adverb extremely...
  • Deadlocks System Model  There are non-shared computer resources

    Deadlocks System Model There are non-shared computer resources

    Deadlocks System Model There are non-shared computer resources Maybe more than one instance Printers, Semaphores, Tape drives, CPU Processes need access to these resources Acquire resource If resource is available, access is granted If not available, the process is blocked...
  • Campaign Posters How to do it Create your

    Campaign Posters How to do it Create your

    Colors and Slogans Symbolism and Emotion Symbolism and Emotion Symbolism and Emotion Symbolism and Emotion Symbolism and Emotion Symbolism and Emotion Symbolism and Emotion Symbolism and Emotion Make 'em think Campaign Ad Resources EASE History Living Room Candidate Creating with...
  • The tax-smart strategies of successful women in retirement

    The tax-smart strategies of successful women in retirement

    Let's start with some basic strategies. Insurance: Review your existing home and auto policies to determine if the appropriate amount of coverage is in place. Does it make sense to increase the underlying liability coverage within these policies?
  • Chapter 21.1 Plant evolution and Adaptations Plant Characteristics

    Chapter 21.1 Plant evolution and Adaptations Plant Characteristics

    Chapter 21.1 Plant evolution and Adaptations Angiosperms 2 kinds of angiosperms Monocots One seed leaf Parallel veins in leaves Flowers in multiples of 3s Monocot examples: grasses, orchids, lilies, and palms Dicots/Eudicots Two seed leaves Netted veins in leaves Flowers...
  • S3690 The Biology of Cancer - MIT ESP - Home

    S3690 The Biology of Cancer - MIT ESP - Home

    DNA Mutation "If the DNA were copied badly, we would have diseases such as cancer at a much higher frequency, and we would not get a faithful copy of our parental inheritance.Our species would not be preserved, and we would...