the onion router - 57north hacklab » aberdeen's first ... · the onion router. 2 ... tor...
TRANSCRIPT
2
Hello World
● I'm Tony● I am interested in the concept of “security”● I work for a local ISP / MSP● I like skills sharing / access to knowledge● Hackspaces are awesome
3
You are the internet● DEMO 1: Plaintext
Everyone can read everything! No privacy, no anonymity
● DEMO 2: HTTPS / SSL / TLS
Server knows who made request / location / content served etc. Some privacy, no anonymity from server etc.
What does this tell us?● Encryption gives us (some) privacy of content, but not annonomity● Destination knows who we are, where we are & what we've asked for
What are the risks?● In some countries / states / conditions, “guilty by association” is enough to lead to dire
consequences
What can we do?● We need annonimity by design
4
Why not use a Proxy?
● Proxies are based on trust● People are the weakest link● Proxies are vunerable to attack● Implementations - known / unknown
weaknesses● Single points of failure● Best Practice / Standardisation
5
Birth of Tor
Generation 1 – Onion Routing - 1995● U.S. Naval Research Laboratory ● Defense Advanced Research Projects Agency (DARPA) - 1997
Traffic Analysis – need for widespread use
Generation 2 - The Tor Project - 2002● Electronic Frontier Foundation – 2004-05● 2006 - 501(c)(3) research-education nonprofit (tax exempt)● 2012 - 80% of Tor Project's $2M annual budget from the US gov,
remainder Swedish gov, other org's providing the rest - WSJ
6
What can Tor do?
● Provide Annonimity – the destination / endpoint does not know where communication is coming from.
● Provide “Hidden Services” - access to services / websites who's location cannot be determined, only available via Tor.
7
How does Tor do this?"a riddle, wrapped in a mystery, inside an enigma" - Winston Churchill
Tor relies on layers of encryption – layers, like an Onion
8
DEMO 3: Tor (plaintext)
● SOURCE: Tony● ENTRY NODES: Blue 2● RELAY NODE: Green 1 ● EXIT NODE: Red 1 ● DESTINATION: Server
● RESULT: Exit node can read traffic to/from destination
9
DEMO 4: Tor (HTTPS/SSL/TLS)
● SOURCE: Tony● ENTRY NODES: Blue 1● RELAY NODE: Green 2 ● EXIT NODE: Red 2 ● DESTINATION: Server
● RESULT: Exit node cannot read traffic to/from destination
11
Tor Hidden Services
● Provides annonimity to web services● .onion address not a recognised DNS domain, usually
only accessible via a Tor, or via a “trusted” proxy● 6 hops, as opposed to usual 3● Hidden services found via directory lists or search
engines e.g. hidden wiki, Tor Search, DuckDuckGo● Silk Road – “Marketplace”● Tor Mail – compromised by FBI due to:● “Special interest groups” - Freedom Hosting (more later)
12
How Can I Use Tor
● Can configure to run as a local proxy service● Tor Browser Bundle - preferred method● Initiates connection with Tor network● confirms if using current version of Tor (warns if
not) ● launches own build of firefox ● NoScript – not enabled by default...● DEMO: Tor Browser Bundle
13
How can I get caught?
● Forget to use Tor● LulzSec – 2011● Fine Gael, HBGary, and Fox Broadcasting Company,
Sony (repeatedly), The Times, The Sun, SOCA etc.● Sabu
Hector Montsegur
Arrested June 2011
Worked for FBI for 7 months● Forgot to log into Tor. Once.
14
How can I get caught?● Be the only Tor user● Eldo Kim 20 yro Harvard Student● Using Tor and annonomous email account (Guerrilla Mail)
sent shrapnel bomb threat, claiming to have placed multiple devices on campus to disrupt final exams
● Arrested 2 days later ● Faces up to 5 years in prison & $250,000 fine
● Email header shows email originated from Tor network● Only user on campus WiFi connected to Tor...
was Eldo using his Harvard ID
15
How can I get caught?
● Browser based vunerabilites – Firefox
e.g. FBI - EgotisticalGiraffe● Targeted against “Freedom Hosting”● Code gathered some information about the
user and sent it to a server in Virginia and then crashed
● http://cryptome.org/2013/10/nsa-egotisticalgiraffe.pdf
● Tor Mail – FBI seised copy of all mail
16
How can I get caught?● QUANTUM / FOXACID● NSA run systems, revealed by Snowden
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html
● Quantum systems at “key places on the internet backbone” can respond faster as a result - “race condition”
● Redirects users to FoxAcid server, impersonating other websites – e.g LinkedIn / Google etc. to deliver a malicious payload infecting users machine
17
How can I get caught?● De-anonomysiation● Logging in to something that identifies you – e.g.
Facebook● Anything that connects direct, outside of Tor:● Javascript – NoScript plus browser config
https://www.torproject.org/docs/faq#TBBJavaScriptEnabled
● Flash – video / ads● Torrents● Opening PDF / DOC / media files while online –
connect direct, outside of Tor
19
Does Tor work?● Snowden links show Tor works & NSA doesn't
like it - “Tor Stinks” http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
20
Summary
● Use up to date Tor Browser Bundle● HTTPS over TOR is Good, but SSL based
attacks still a concern● Configure Tor Browser Bundle to lock it down /
NoScript / Flash etc. Mindful of fingerprinting● Don't give away your anonymity● Support the TOR project