the onion router (tor): onion encryption served three ways€¦ · tor seeks to frustrate attackers...

The Onion Router (Tor):Onion Encryption Served Three Ways

Martijn Stam

COINS Winterschool in Finse, May 2019

2

Tor: The Second-Generation Onion RouterDingledine, Mathewson, Syverson (Usenix’04)

What is TorTor is a tool to advance anonymity on the Internet.

Designers’ Aim of Tor

Tor seeks to frustrate attackers from linking communication part-ners, or from linking multiple communications to or from a singleuser.

Tor has since grown into a project incl. a browser etc.

OutlineFirst half

1 Aspects of Anonymity

2 How Tor worksHigh LevelLow Level

3 Threats to TorTra�ic AnalysisTagging Attacks

OutlineSecond half

4 Why Model Tor

5 PETS ModelRogaway and Zhang, 2018

6 Eurocrypt ModelDegabriele and Stam, 2018

7 ConclusionComparison and Future Challenges

Aspects of Anonymity 5

Aims of AnonymityUser-Centric

A

B

C

X

Y

Z

User’s Perspective

Prevent websites from tracking meAccess web services that are otherwise blockedHide which websites I’m visitingPublish a websites without revealing my location etc.


Tracking UsersPrevent websites from tracking me

Fingerprinting Websites

Adversary is the website being visitedGoals could be identifying or linking usersThis talk: Out of scopeTOR-browser can help protect you


CensoringAccess web services that are otherwise blocked

Fingerprinting Websites

Adversary might be your ISPGoals is to filter out “bad” tra�icThis talk: Out of scopeFormat Transforming Encryption can help


DeanonymizationHide which websites I’m visiting

Different GoalsDeanonymize as much tra�ic as possibleDetermine users of a specific websiteDetermine which websites a specific user visitsLink users across time and space



Adversarial Capabilities

Seeing incoming and outgoing tra�icObserving part of the networkControlling part of the networkPlus possible some endpoints



User Expectations (Hypothetical)

Noone can see who I amNoone can see what I am doingNoone can profile me

How Tor works High Level 9

Tor: The Second-Generation Onion RouterDingledine, Mathewson, Syverson (Usenix’04)

What is TorTor is a tool to advance anonymity on the Internet.

Designers’ Aim of Tor

Tor seeks to frustrate attackers from linking communication part-ners, or from linking multiple communications to or from a singleuser.

Themain principle behind Tor is that of routing internet tra�ic throughmul-tiple hops


Onion RoutingProxies, Routers, Circuits, and Streams

Involved PartiesYellow these are the onion routers comprising the Tor networkPurple the onion proxy, run by the client to connect to the networkGreen my favourite destination or website, which doesn’t run Tor



Circuits and Streams1 The purple proxy knows the yellow routers comprising the Tor network2 It selects some routers for its blue circuit3 It runs a TCP stream over the circuit to the destination



Principle Idea

Each hop, or onion router, mixes all the tra�ic that goes through itIdeally, you are hiding amongst the masses:if there are enough users and honest routers, you are “safe”


Tor: The Second-Generation Onion RouterOriginal design decisions

Efficiency

1 Directory serversDescribing known routers and their current state

2 Congestion controlDetect and deal with tra�ic bottlenecks

3 Variable exit policiesRouters advertise which destinations and ports it supports



Functional1 Separation of “protocol cleaning” from anonymityYou can use e.g. Privoxy for the “cleaning” instead

2 Rendezvous points and hidden servicesEnables anonymously hosted .onionwebsites

3 Many TCP streams can share one circuitImproves both e�iciency and security



Security Related

1 Nomixing, padding, or tra�ic shaping (yet)Tra�ic shaping or low-latency mixing that work are hard to come by

2 Perfect forward secrecyCompromising a router does not reveal anything related to pastcommunication

3 Leaky-pipe circuit topologyThe exit node need not be the last one in a circuit

4 End-to-end integrity checkingPrevents “external” tagging attacks


Tor: The Second-Generation Onion RouterProtocol Design

Cryptographic components

Tor has four core protocols1 Link protocol2 Circuit Extend protocol3 Relay protocol4 Stream protocol

Ignored non-cryptographic components

How information about the network is distributedHow onion proxies decide which circuits to build.

How Tor works Low Level 13

Core Tor SpecificationLink Protocol (TLS)

Link protocol

Agree on Tor version/configurationUse TLS to establish secure OR-to-OR channelsEstablish a link from proxy to entry router


Core Tor SpecificationCircuit Extend Protocol

Circuit extend protocol

Used by the onion proxy to create a circuitUses a telescopic conceptResults in the proxy sharing a key with each of its routers


Core Tor SpecificationCircuit Extend Protocol

Circuit identifiersFor any given circuit, a router only knows:

1 the key it shares with the anonymous proxy2 the router preceding and following it on the circuit3 an incoming and an outgoing circuit identifier


Core Tor SpecificationRelay Protocol

Cells are 514 bytes (v4+)

Route

CircID Circuit IdentifierCMD Cell type (3 or 9)

RELAY (3) orRELAY_EARLY



Payloads are 509 bytes (v4+)

Encode

CircID Circuit IdentifierCMD Cell typeRec Recognised

field (0x0000)Digest seeded running

hash (truncatedSHA-1)

Used for e2e authentication



Encrypt

Repeated CTRmode in AES

Should provideconfidentialityunlinkability



Cell Decryption

Performed by Onion Routers1 Use CircID to identifycircuit

2 Undo one AES-CTR layer3 Check integrity:

forwardoutput messagereject



Summary

The core cryptographiccomponent is authenticatedencryption implemented by

1 encode (Rec and Digest)2 encrypt (AES-CTR,repeated)

Dodgy mode-of-operation forordinary AE, but maybe okhere?


Core Tor SpecificationStream Protocol

Stream ProtocolUsed to serve a TCP connection to host xyz.com

Ideally uses https-connection between proxy and host

Threats to Tor Tra�ic Analysis 17

Traffic AnalysisJust a flavour

Source: Chakravarty et al. / PAM 2014

Threats to Tor Tagging Attacks 18

Tagging AttacksHigh Level Concept

Aim of Tagging Attack

Assume the adversary controls some onion routers.Goal is for OR1 and OR3 to link their circuitsSimilar to tra�ic correlation attacks, where linking is achieved bymatching tra�ic patterns between input and output edges


Tagging AttacksHigh Level Concept

How to Tag

1 OR1 receives a legitimate cell from the proxy2 OR1 processes thenmodifies the cell before forwarding to OR23 OR2 behaves honestly4 OR3 detects and undoes OR1’s modification


Tagging AttacksLow Level Details

How to tag

1 OR1 receives a legitimatecell from the proxy

2 OR1 processes thenmodifies the cell beforeforwarding to OR2

3 OR2 behaves honestly4 OR3 detects and undoesOR1’s modification

The adversary can confirm whether two edges belong to the same circuit.


Tagging AttacksLow Level Details

How to tag

1 OR1 receives a legitimatecell from the proxy

2 OR1 flips a bit in a celland forwards it over.

3 OR2 behaves honestly4 OR3 flips that bit backand tests if decryptionsucceeds.

Attack works as CTRmode is malleable


Tagging AttacksPerceptions

2004 Tagging attacks were known to the Tor designers, but protectingagainst themwas deemed pointless since tra�ic correlation attackswould be possible anyway.

“our design is vulnerable to end-to-end timing attacks; so taggingattacks performed within the circuit provide no additional informa-tion to the attacker”


Tagging AttacksPerceptions

2004 Tagging attacks were known to the Tor designers, but protectingagainst themwas deemed pointless since tra�ic correlation attackswould be possible anyway.

2008 The23rd Raccoon: How I Learned to Stop Ph34ring NSA and Love theBase Rate Fallacy.

2009 Tagging attacks rediscovered by Fu and Ling and presented at BlackHat 2009 - Tor project’s response: Nothing new here!

2012 The23rd Raccoon: Analysis of the Relative Severity of Tagging Attacks.Tor project decides to protect the relay protocol against taggingattacks, leading to Tor proposal 261.


Tagging AttacksImplications

The23rd Raccoon’s ObservationsConsider a network with 10,000 concurrent circuits, and a TCadversary controlling 30% of the entry/exit nodes.Due to noise, correlation detectors inevitably exhibit false positives.Let us assume a false positive rate of 0.5%.The probability that a pair of edges truly belong to the same circuitwhen amatch is detected is∼2% (base rate fallacy).This e�ect becomes more pronounced as the number of circuitsincreases, but tagging attacks are immune to this.The 2012 post describes an amplification e�ect and argues thattagging attacks require less resources.


Tagging AttacksThwarting

Recap

Tagging attacks are enabled bythe malleability of counter mode encryptionthe integrity checking being end-to-end only



Recap


Intermediate Integrity Checking

A naive fix would be to append a MAC tag at each layer of encryption,but this leaks information!This leakage can be prevented with appropriate padding to ensure thecell size is constant throughout.



Recap


Improved Modes-of-Operation

An alternative approach, resulting in a higher throughput, is to depart fromcounter mode

Proposal 261 (Mathewson)Proposal 295 (Ashur, Dunkelman, Luykx)


Thwarting Tagging AttacksProposal 261 by Mathewson

1 Digest set to 0x000000002 AES-CTR replaced by TWBC

Separate tweak per layer,updated with each cell.Tweak includes CMD(RELAY or RELAY_EARLY).

3 Verification checks a total 55 bits4 End-to-end integrity viaencode-then-encipher.


Thwarting Tagging Attacks IIProposal 295 by Ashur, Dunkelman, Luykx

OP

+

‖

EK ,DK

DigestK

EncryptK

DecryptK

?= X

T ′i

M

Ci

Ni

Duplicate value

Bitwise XOR

Concatenation

Update value

Block cipher

Universal hash

Encryption algorithm

Decryption algorithm

Equality check with X

Running digest

Message

Ciphertext

Nonce

M

C4 (= M)

EncryptKf3

C3

EncryptKf2

C2

EncryptKf1

C1

T ′1 ‖ ·

T ′2 ‖ ·

T ′3 ‖ ·

T ′4 ‖ ·DigestKhf3

DigestKhf1

DigestKhf2

DigestKhf3

T ′1

T ′2

T ′3

T ′4

0128

N1

N2

N3

N4

EKtf3

EKtf1

EKtf2

EKtf3

+

+

+

+

+

+

+

+

C1N1

+

DKtf1

+

T ′1

DigestKhf1 T ′1 ‖ ·

DecryptKf1

C2N2

+

DKtf2

+

T ′2


DecryptKf2

C3N3

+

DKtf3

+

T ′3


DecryptKf3

OR1

OR2

M

T ′4 ‖ ·DigestKhf3

T ′4

DKtf3

+

+

?= 0128

OR3


Questions so Far?(Plus a microbreak)

?

26

Outline of Part II

4 Why Model Tor

5 PETS ModelRogaway and Zhang, 2018

6 Eurocrypt ModelDegabriele and Stam, 2018

7 ConclusionComparison and Future Challenges

Why Model Tor General Musings 27

Real World Crypto SandwichKeywords

Why Model Tor Specific to Tor 28

Modeling TorHow cryptology can help protect you!

State of play

Countermode TOR is susceptible to tagging attacks.TOR-261 and TOR-295 are designed to prevent tagging attacks.

But do they?

1 What security is breached by tagging attacks?2 Can we formally define the relevant security?3 Can we prove TOR-261 and TOR-295 are secure?



Ideal of provable security

Given a secure TWBC, TOR-261 is a secure onion encryption scheme

Reality of provable security

Why provably secure constructions may get broken in practiceProof The security claim is incorrect

Solutions: automated proof checking, modularity of proofsBound The security claim is quantitively too weak

Solution: derive concrete multi-user boundsModel The security claim is qualitatively too weak

Solution: carefully refine the model



Abstraction LevelsTor exists in di�erent levels of granularity:

1 Tor aims to implement an anonymous channel2 Using the principles of onion routing3 Based on the Tor standard4 As implemented in Tor so�ware

A security model needs to decide which details are pertinent

Choice 1: Abstraction levelDi�erent levels of abstractions lead to models with varying scope andrelevance to practice



Tor Use CasesTor aims to improve privacy and security on the Internet in a variety ofways. People use Tor to

Keep websites from tracking themAccess web services that are otherwise blockedHide which websites are visitedPublish websites without revealing their location

Choice 2: Security goal

Di�erent aimsmight call for di�erent orthogonal security models



Adversarial capabilities

Imagine an adversary:Controlling part of the networkCorrelating tra�icInjecting/modifying tra�ic

Choice 3: Adversarial powers

Di�erent threat models lead to more or less potent security models



Modeling Choices

Abstraction Which aspects of the protocol are modelledAim What is an adversary trying to achieve

Capability What powers does an adversary have

Two models capturing tagging attacks

PETS More abstract, less powerful adversaries, cleanerEurocrypt More detailed, more powerful adversaries, messier

How do results in your model relate to real world deployment?

PETS Model Rogaway and Zhang, 2018 29

PETS ModelRogaway and Zhang (2018)

Modeling authenticated onion encryption

Goal distinguish an onion encryption scheme from an idealizedprimitive

Powers querying the keyed component algorithms

Assumptions

keys are magically pre-distributed (extend protocol)cell routing is out of scope (relay protocol)ignore streams (stream protocol)


PETS modelSyntax

Source: Phil Rogaway, PETS 2018


PETS modelSecurity

Source: Phil Rogaway, PETS 2018

Eurocrypt Model Degabriele and Stam, 2018 32

Eurocrypt ModelDegabriele and Stam (2018)

Modeling the relay protocol

Goal learn information about the circuits’ topology beyond what isinevitably leaked through node corruptions

Powers choose the messages that get encrypted; reorder, inject, andmanipulate cells on the network; selectively corrupt routers

Assumptions

keys are magically pre-distributed (extend protocol)node-to-node links are secured (link protocol)ignore streams (stream protocol)


Eurocrypt ModelSyntax

Setting

Consider a circuit withan onion proxy: n6(here) three onion routers: n3, n5 and n4



Party’s State

A party’s state is circuit-based:for each circuit it keeps some stateFor onion routers, this state is split in two: a routing component and aprocessing component



Four algorithms

1 G for key generation2 E for encryption3 D for routing4 D̄ for decryption



G for key generation

1 Initiated by proxy on input the path of the circuit2 The proxy and the router obtain state information for the new circuit3 The new information is added to their respective states so far



E for encryption

Run by the proxyAs input the state of the relevant circuitAnd somemessagemResults in a cell C for first router on circuit



D for routing

Run by router when receiving a cell CTo identify which circuit the cell belongs toUse the first part τ of all circuit statesLeave the states τ untouched



D̄ for decryption

Run by router when processing a cell CUsing the τ̄ part of the relevant circuit stateResults deterministically in⊥,M or C′

May update the circuit state τ̄



Why the vector of split states?

Wewant to include circuit routing in our modelWe want to model the problem, not Tor’s solutionWe do not want too much interference between circuits


Secure ChannelConfidentiality and Integrity

Left-or-Right End-to-End Indistinguishability

An adversary with all-but-one decryption keys of a circuit cannotdistinguish whetherm0 orm1 was encrypted by an onion proxy

Plaintext Integrity

An adversary cannot trick a router into outputting anmessage out of order


Circuit HidingLeft-or-Right Topology Indistinguishability

Let’s consider a network of onion routers



The adversary gets to corrupt some of the routers



The adversary selects two sets of potential circuitsthe game implements either the le�-or-right configuration



Both configurations need to “coincide on” the corrupted routers



The adversary gets to interact with the honest nodes in a restricted fashionIs it in the le� or right configuration?



IntricaciesMany controls to ensure interface is the sameSo length of circuit and node’s relative position remain hiddenProtects against reordering and replay of cellsCells need to be re-injected simultaneously, one for each circuitAdversary may corrupt at most two segments of a circuit

The adversary gets to interact with the honest nodes in a restricted fashionIs it in the le� or right configuration?


Circuit HidingProposal 261

P261 is not circuit hiding

Use the cell header’s CMD field totag cells, by switching its value fromRELAY to RELAY_EARLYAuthentication of CMD in the tweakis ine�ectiveSimilarities to the 2014 CMU incidenton Tor’s Onion Services which tookdown Silk Road.


Circuit HidingProposal 261

P261 almost circuit hiding

Practical exploitability and e�icacyof this attack is limitedRELAY_EARLY cell type limits thecircuit size and its use is restrictedFixing CMD to RELAY providesprovable circuit hiding

Conclusion Comparison and Future Challenges 37

ComparisonEurocrypt versus PETS models

CommonalitiesTarget the core relay protocolTo prevent tagging attacksConsider only unidirectional tra�icIgnore leaky pipesAbstract away key generetionUse game-based formalization


ComparisonEurocrypt versus PETS models

DifferencesEurocrypt v. PETSProtocol-centric Primitive-centricIncludes routing Excludes routingMulti-user Single-userIncludes Corruptions No CorruptionsAspirational Best-possibleEnd-to-end security Cell securityExplicit suppression Silencing


Challenges

Quantify the power of tagging attacks more rigourously

Find middle-ground between the PETS and the Eurocrypt models

Prove the security of Proposal 295

Improve upon existing proposals

Expand the provable security treatment to includethe other protocols and bidirectionalityother security objectives (e.g. forward security)


Conclusion

Modeling Tor

Onion encryption can bemodelled in various waysThe Eurocrypt model identified circuit hiding as its anonymity goalThe PETSmodel gave an authenticated encryption treatment instead

The Eurocrypt model shows that the routing mechanism a�ects anonymity

Abstraction is a double-edged sword

the next step in an ongoing evolution of most appropriate and im-portant onion routing adversaries, away fromabstracting reality tillit matches models and towards better matchingmodels to reality

—Syverson

the onion router (tor): onion encryption served three ways€¦ · tor seeks to frustrate attackers...

Documents