the tor project - princeton university tor project our mission is to be the global resource for...
TRANSCRIPT
1
The Tor Project
Our mission is to be the global resource for technology, advocacy, research and
education in the ongoing pursuit of freedom of speech, privacy rights online, and
censorship circumvention.
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
2
● Online Anonymity– Open Source– Open Network
● Community ofresearchers,developers, users andrelay operators.
● U.S. 501(c)(3) non-profit organization
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
3
Estimated 2,000,000+ daily Tor users
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
4
Threat model:what can the attacker do?
AliceAnonymity network Bob
watch (or be!) Bob!
watch Alice!
Control part of the network!
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
5
Anonymity isn't encryption: Encryption just protects contents.
Alice
Bob
“Hi, Bob!”“Hi, Bob!” <gibberish>
attacker
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
6
Anonymity serves different interests for different user groups.
Anonymity
Private citizens“It's privacy!”Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
7
Anonymity serves different interests for different user groups.
Anonymity
Private citizens
Businesses
“It's network security!”
“It's privacy!”Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
8
Anonymity serves different interests for different user groups.
Anonymity
Private citizens
Governments Businesses
“It's traffic-analysisresistance!”
“It's network security!”
“It's privacy!”Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
9
Anonymity serves different interests for different user groups.
Anonymity
Private citizens
Governments Businesses
“It's traffic-analysisresistance!”
“It's network security!”
“It's privacy!”
Human rightsactivists
“It's reachability!”
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
10
The simplest designs use a single relay to hide connections.
Bob2
Bob1
Bob3
Alice2
Alice1
Alice3
Relay
E(Bob3,“X”)
E(Bob1, “Y”)
E(Bob2, “Z”)
“Y”
“Z”
“X”
(example: some commercial proxy providers)
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
11
But a central relay isa single point of failure.
Bob2
Bob1
Bob3
Alice2
Alice1
Alice3
EvilRelay
E(Bob3,“X”)
E(Bob1, “Y”)
E(Bob2, “Z”)
“Y”
“Z”
“X”
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
12
... or a single point of bypass.
Bob2
Bob1
Bob3
Alice2
Alice1
Alice3
IrrelevantRelay
E(Bob3,“X”)
E(Bob1, “Y”)
E(Bob2, “Z”)
“Y”
“Z”
“X”
Timing analysis bridges all connections through relay ⇒ An attractive fat target
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
13
So, add multiple relays so thatno single one can betray Alice.
BobAlice
R1
R2
R3
R4 R5
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
14
Alice makes a session key with R1...And then tunnels to R2...and to R3
BobAlice
R1
R2
R3
R4 R5
Bob2
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
15Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
16Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
17
Tor's safety comes from diversity
● #1: Diversity of relays. The more relayswe have and the more diverse they are,the fewer attackers are in a position to dotraffic confirmation. (Research problem:measuring diversity over time)
● #2: Diversity of users and reasons to useit. 50000 users in Iran means almost all ofthem are normal citizens.
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
18
Transparency for Tor is key
● Open source / free software● Public design documents and
specifications● Publicly identified developers● Not a contradiction:
privacy is about choice!
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
19
But what about bad people?
● Remember the millions of daily users.● Still a two-edged sword?● Good people need Tor much more
than bad guys need it.
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
20Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
21Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
22Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
300000 -
200000 -
100000 -
o-
'
Mar-2015
Directly connecting users from Russia
I
Jun-2015 I
Sep-2015 I
Dec-2015
The Tor Project - https://metrics.torproject.org/
I
Mar-2016
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
24
R4
R2
R1
R3
Bob
Alice
Alice
Alice
Alice
Alice
BlockedUser
BlockedUser
BlockedUser
BlockedUser
BlockedUser
Alice
AliceAlice
Alice
Alice
Alice
Alice
Alice
AliceAlice
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
Directly connecting users from the Islamic Republic of Iran
12000-
10000-
8000-
6000-
4000-
2000-
0-
1
Dec-2010 I
Jan-2011 I
Feb-2011 I
Mar-2011
The Tor Project - https://metrics.torproject.org/
I
Apr-2011
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
26
Pluggable transports
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
27
Pluggable transports
● Flashproxy (Stanford), websocket● FTEProxy (Portland St), http via regex● Stegotorus (SRI/CMU), http● Skypemorph (Waterloo), Skype video● uProxy (Google), webrtc● ScrambleSuit (Karlstad), obfs-based● Telex (Michigan/Waterloo), traffic divert
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
28Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
29Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
30Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
31Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
32Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
33Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
34Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
35Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
36Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
37Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
38
“Still the King of high secure,low latency Internet Anonymity”
Contenders for the throne:● None
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
39
R4
R2
R1
R3
Bob
Alice
Alice
Alice
Alice
Alice
BlockedUser
BlockedUser
BlockedUser
BlockedUser
BlockedUser
Alice
AliceAlice
Alice
Alice
Alice
Alice
Alice
AliceAlice
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
40Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
41Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
42
Arms races● Censorship arms race is bad● Surveillance arms race is worse
– And centralization of the Internetmakes it worse still
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
43Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
44
Onion Service
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or reposting of these slides is expressly prohibited.
45Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
46Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
47Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
48Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
49Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
50
SecureDrop
https://securedrop.org/directory
Today, 30+ organizations use SecureDrop
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
51
Ricochet
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
52
Tor isn't foolproof
● Opsec mistakes● Browser metadata fingerprints● Browser exploits● Traffic analysis
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
53
ooni.torproject.org
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.
54
explorer.ooni.torproject.org
● I
Note: All slides are made public by the authors who created the slides. The slides may be downloaded for informational purposes only. The reproduction, reuse or
reposting of these slides is expressly prohibited.