Анонимность tor: миф и реальность
TRANSCRIPT
12th CENTRAL & EASTERN EUROPEAN SOFTWARE ENGINEERING CONFERENCE IN RUSSIA
October 28 - 29, Moscow
Aleksandr Lazarenko
Anonymity of Tor: myth and reality
NRU HSE
2
What is
Tor?
The Onion Router
Anonymous network
Volunteer servers
Free software
Browser &
Messenger 3
4
Features
5
Tor is distributed
6
Every server is VOLUNTEER
7
So what
8
The larger the network
9
The greaterthe anonymity
10
Bio
11
1998
The Onion Routing
DARPA*
Free Haven Project
MIT
* Defense Advanced Research Projects Agency
12
2002DECLASSIFIED
Launched
Open-source
13
2009Mozilla Firefox
Out-of-the box
Browser
Tor inside
14
Tor Messenger
2015Private chats
Anonymity
Messenger
Tor inside
15
16
2 000 000Users per day
17
NetherlandsJapanBrazil
ItalySpain
UKRussiaFrance
GermanyUSA
0 50000 100000 150000 200000 250000 300000 350000 400000 450000
Number of users per day
18
60K UniqueHidden Services
19
7K Tor Relays
20
Who are users?
21
Justpeople
22
Journalists &
Bloggers
Police&
friends23
Business
24
Military
25
IT pros
26
Crime
27
WHYDEEP WEB?
28
29
BecauseHIDDEN
Services!
30
Anonymousserver
2004
Only for Tor
.onion
Anonymity for Servers
31
InaccessibleOn theInternet
32
WikiLeaks:
http://suw74isz7wqzpmgu.onion
33
How does it work?
34
Tor Client
User
Connects with Tor
Has installed soft
Any PC
35
Entry guard
Relay
Speaks with Client
Encrypts data
Retranslates data
Entry
36
Middle
Relay
Speaks with Entry
Encrypts data
Speaks with Exit
Entry
Middle
Exit
37
Exit
Relay
Speaks with Middle
Encrypts data
Speaks with Endpoint
Exit
Middle
Endpoint
Default circuit
middle
exit
Endpoint
entry
Encrypted connection
Just connection
38
Tor Client
Client receives the list of all Tor nodes from directory server
Tor Client
Directory server
Endpoint #1
Endpoint #2
Encrypted connection
Just connection
39
Step #1
Client initializes the random path through the network
Endpoint 1
Endpoint 2
entry
middle
exit
40ы
Encrypted connection
Just connectionStep #2
Tor Client
Directory server
Client initializes another random path
Endpoint 1
Endpoint 2
entry
middle
exit
41
Tor Client
Directory server
Encrypted connection
Just connectionStep #3
42
MYTH #1
43
ONLYCRIMINALS
USETOR
Porn Drugs Politics Forgery Anonymity0
2
4
6
8
10
12
14
16
18
44
The most popular content
45
MYTH #2
46
TOR IS
ANONYMOUSCOMPLETELY
Gov.VSTor
47
48
Silk Road
Used to be the biggest Drug Store
Revenue: 9.5 mln BTC
Closed by FBI
Founder is life sentenced
Attacking
49
Tor
Attacker only observes traffic, without
modifying it
Attacks
Attacker observes and modifies traffic
Passive Active
50
51
Classification# Resources Attacks
1 Corrupted entry guard Website fingerprinting attack2 Corrupted entry and exit nodes Traffic analysis
Timing attack Circuit fingerprinting attack Tagging attack
3 Corrupted exit node Sniffing of intercepted traffic4 Corrupted entry and exit nodes,
external server Browser based timing attack with
JavaScript injection Browser based traffic analysis attack
with JavaScript injection
5 Autonomous system BGP hijacking BGP interception RAPTOR attack
6 Big number of various corrupted nodes
Packet spinning attack CellFlood DoS attack Other DoS and DDoS attacks
Website fingerprinting attack
52
The Idea:
Data mining Machine learning
53
Attackers strategy
Tor Client
Entry
Exit
DB
website
Data mining Classifier training
Website recognition
54
Feature extraction levels
55
Cell 1 Cell 2 Cell 3 Cell 4 Cell 5
Record 1 Record 2
Packet 1 Packet 2 Packet 3
Cells
TLS
TCP
Attack as a classification problem
Classes
Tracked websites Other
56
57
The Oracle problem!
Problem?
59
7Websites
5Men
1Relay
80Traffic
Instances
5Uploads
per website
0.71Accuracy
5Seconds
split
Aleksandr [email protected]
60