4. Freenet
Storage network p2p based
Shares files on your system to other nodes
Plausabile Deniability
5. I2P
Opposing design of Tor
UDP based
Darknet design
Java, Python, and C API’s
Mixed routing based on packets
Splits tunneling between upstream and
downstream
“Garlic Routing” – mix streams together to
prevent traffic analysis
Variable latency design
6. Tor
Tor(not TOR) – previously stood for The
Onion Router
Provides a method of anonymity by
passing data between proxies
8. Terminology
Cell – your message
Circuit – tunnel made up of relays
Entry Node: first hop into the Tor network
Exit Node: last hop before destination
Relay Node: middle hop
Bridge Node: nodes not listed in the Tor
directory to evade filtering
9. Who’s Using Tor?
Whistleblowers
Wikileaks – runs hidden service
Militaries
field ops
command and control using hidden
services
Chinese journalists and dissidents
12. Current Project Sponsors
Federal Grant:
International Program to Support Democracy Human
Rights and Labor
$632,189
International Broadcasting Bureau
Voice of America, Radio Free Europe/Radio
Liberty, Radio and TV Martí, Radio Free Asia, Radio
Sawa/Alhurra TV
$270,000
Stichting.Net
Association of NFP’s in the Netherlands
$38,279
Google: $29,083
ITT: $27,000
Other: $9,997
https://www.torproject.org/about/sponsors.html.en
17. Tor Tools
Torbutton
Tor Browser Bundle
Vidalia
TorCheck
Arm
Tor-ramdisk
Anthony G. Basile from Buffalo
18.
19. Tor Control Port
Telnet to the control port authenticate "“
Create custom circuits (long or short) extendcircuit 0 a,b,c,…
extendcircuit 0 a,b
Show live circuit information setevents circ
Change configuration on the fly setconf confitem
Map a site to an exit node Mapaddress google.com=a.b
Reload a configuration Getconf confitem
21. Tor Passive Attack Vectors
Traffic
profiling – entry and exit analysis
Cleartext exit node transmission
Fingerprinting -
OS, browser, configuration, activity
Timing correlation
Network partitioning
End to end Size correlation
22. Tor Active Attack Vectors
Compromised keys
Malicious web servers
Malicious Exit/Relay nodes
DoS non-controlled nodes
Timestamping and tagging
Injecting or replacing unencrypted info
Malicious Tor client
23. Tor Client Side Attacks
DNS rebinding
Disbanding attack – javascript, java, flash
History disclosure
Timezone information (partitioning)
24. Social Engineering Attacks
Getting more traffic
“Use my relay. I have huge tubes!”
“Nick’s relay sucks”
“I’ve added a feature to my node.”
Replacement
687474703a2f2f7777772e726f63686573746572323
630302e636f6d2f6861782f
Partitioning
“Don’t use servers from this country”
“These servers are amazing!”