3rd edition: chapter 2
DESCRIPTION
TRANSCRIPT
Privacy and anonymity continued
Chapter 7.3 (traffic flow security) Anonymous email (chapter 10.6)
TOR http://www.torproject.org/
"Anonymity loves company [...] it is not possible to be anonymous alone“ – Roger Dingledine
Hundreds > 700 of volunteers run their machines as TOR nodes around the world
> 200,000 active users per week Typically 3 nodes used for each
route Bandwidth < 100MB/s TOR nodes are TOR onion routers
The Onion Router (TOR)
Roger Dingledine – many presentations on youtube
Alice wants to communicate with Bob
http://www.iusmentis.com/society/privacy/remailers/onionrouting/
Alice gets a directory listing from a central server of TOR nodes
Directory server keys ship with the code
Alice randomly chooses 3 nodes and uses public-key cryptography to set up the channelThe process is similar to Mix net
entry node
Once the communication channel is established, the data is moved with symmetric keys
exit node
TOR supports real-time communication
TOR changes the route periodically (e.g., every 10 minutes) to avoid traffic analysis
Some security analysis
Each TOR node routes messages for many hosts
It is difficult to keep track of how messages are routed within TOR network Assuming majority of TOR nodes are not
corrupted or collude
However, there are some issues in a stronger adversary model:
All TOR nodes are semi-honest, so entry/exit nodes know something about Alice and Bob
However, attacker may know who initiates or receives the traffic
AttackerKnows Alice startsSome communication
Entry nodeKnows Alice startsSome communication
Exit nodeKnows Bob is the receiver
Solution: for Alice and Bob to become TOR nodes as well
Resources regarding TOR and onion routing
http://www.onion-router.net/ Download TOR at
https://www.torproject.org/ http://www.freehaven.net/~arma/cv-
pres.html
How TOR helps whistleblowers? --Hidden service E.g., wikileaks
http://gaddbiwdftapglkq.onion/
Paul Syverson NRL, onion routing inventor
TOR location hidden service
Alice can connect to Bob's server without knowing where it is or possibly who he is
Server needs to Be accessible from anywhere Resist censorship Require minimal redundancy for resilience in
denial of service (DoS) attack Can survive to provide selected service even
during full blown distributed DoS attack Resistant to physical attack (you can't find
them) How is this possible?
Basic ideas of hidden services
Use an intermediary to marry client and server Similar ideas used in Skype as well
For users behind NAT (network address translator)
http://www.freehaven.net/~arma/cv-pres.html
2’. Alice obtains Service Descriptor (including Intro Pt. address) at Lookup Server
4. Alice sends RP addr. and any authorization through IP to Bob