supplemental information on tor (the onion router) ceh ed 8, rev 4 cs3695 – network vulnerability...
DESCRIPTION
What was its Primary Purpose? Share information over public networks without compromising privacy. Effective censorship circumvention tool Keep websites from tracking individuals Publish web sites and other services without needing to reveal the location of the site Journalists use Tor to communicate more safely with whistleblowers and dissidents. Ref: https://www.torproject.org/about/overview.html.enTRANSCRIPT
Supplemental Information on TOR(The Onion Router)
CEH ed 8, Rev 4
CS3695– Network Vulnerability Assessment
& Risk Mitigation–
What is Onion Routing?• Originating in the mid 1990’s • From the Center for High Assurance
Computing Systems, Naval Research Laboratory
• Is a general purpose infrastructure for private communications– Similar to the way ssl protects communication
but taking it further by obfuscating the end-points in the communication.
Ref: http://www.onion-router.net/Publications/CACM-1999.pdf
What was its Primary Purpose?• Share information over public networks
without compromising privacy. • Effective censorship circumvention tool• Keep websites from tracking individuals• Publish web sites and other services without
needing to reveal the location of the site• Journalists use Tor to communicate more safely
with whistleblowers and dissidents. Ref: https://www.torproject.org/about/overview.html.en
Primary Purposes Continued• A branch of the U.S. Navy uses Tor for
– open source intelligence gathering– while deployed in the sensitive areas
• Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
Ref: https://www.torproject.org/about/overview.html.en
More on Purpose
• Using Tor protects you against a common form of Internet surveillance known as "traffic analysis." – Traffic analysis can be used to infer who is
talking to whom over a public network. – Knowing the source and destination of your
Internet traffic allows others to track your behavior and interests.
Ref: https://www.torproject.org/about/overview.html.en
What is Tor?
• Tor is the latest incarnation to use onion routing
• Sponsored by the Tor Project– a non-profit (charity) organization that
maintains and develops the Tor software– Continuing the development of the protocol
• For the latest specifications of the protocol, see:
Ref: https://www.torproject.org/docs/faq#WhyCalledTor
https://gitweb.torproject.org/torspec.git/plain/tor-spec.txt
How’s it Work?
• Through the use of both symmetric and asymmetric encryption, it creates a series of encapsulated “circuits” (communication sessions), where each node only knows of the next hop in a chain of proxies, not knowing the entire path or the nodes on it.– Protects the initiating end host’s IP address
from being seen by the receiving end host server.
Quick (10 Min)Video Introduction
Ref: https://media.torproject.org/video/2012-10-excivity-how-tor-works-mobile.mp4
More Detail on Building the CircuitsMore Detail on Building the Circuits
Ref: Tor: The Second-Generation Onion Router
More on How it Works
• See Scott’s Additional Video on Sakai
What’s it Used for?
• Two main purposes:– Surfing the Internet Anonymously
• Here you traverse the .onion network leading to exiting it, in order to surf anonymously
– Surfing the Dark Web (AKA Deep web)• Staying within the .onion network looking at sites
not available unless you are using the tor software.
Readings– Tor project’s web site
• https://www.torproject.org/about/overview.html.en– Unofficial User’s Guide to Tor
• Good starting place for understanding Tor– http://www.makeuseof.com/tag/really-private-browsing-an-unofficial-
users-guide-to-tor/
– TOR DOWN FOR WHAT (Part 1): How Tor works• Good Intro to the Encryption of Tor
– http://lozstokes.co.uk/tor-down-for-what-part-1/
– TOR DOWN FOR WHAT (Part 2): Using Tor• Good descriptions of the attacks against Tor (i.e. NSA)
– http://lozstokes.co.uk/tor-down-for-what-part-2/
Deeper Reading– EFF's TOR vs HTTPS Online INTERACTIVE graphic
• Good multimedia showing Tor and https– https://www.eff.org/pages/tor-and-https
– Onion Routing for Anonymous and Private Internet Connections (1999) - Original paper/version
– http://www.onion-router.net/Publications/CACM-1999.pdf
– TOR: The Second-Generation Onion Router• Deeper into the encryption and the protocol
– http://www.onion-router.net/Publications/tor-design.pdf
– TOR Spec (Like a TOR RFC)• EVERYTHING you need to know about the protocol
– https://gitweb.torproject.org/torspec.git/plain/tor-spec.txt