2. Contents
• Why do we need anonymity?
• Introducing theTor Network
• How does theTor Network work?
• Hidden Services
• Tor limitation
• Application of anonymous system (tor)
• Licit and illicit uses
• Danger of using tor
• Future direction
• Conclusion
3. Why do we need anonymity?
• To hide user personal information
• To hide user identity from target web site
• To hide browsing pattern from employer or ISP
• To conceal our internet usage from hackers
• Freedom ofThought and Speech
• Freedom of Social and Political Activities
4. Introducing theTor Network
• Tor is free software for enabling anonymous communication .
• Tor aims to conceal its users' identities and their online activity from surveillance
and traffic analysis by separating identification and routing.
• This is done by passing the data through a circuit of at least three different routers.
• The data that passes through the network is encrypted, but at the beginning and
end node, there is no encryption.
6. HowTorWorks? --- Onion Routing
• A circuit is built incrementally one hop by one hop
• Onion-like encryption
• ‘Alice’ negotiates an AES key with each router
• Messages are divided into equal sized cells
• Each router knows only its predecessor and successor
• Only the Exit router (OR3) can see the message, however it does
not know where the message is from
Alice Bob
OR2
OR1
M
√M
M
OR3
M
C1 C2
C2 C3
C3 Port
7. Cells
• Onion routers communicate with one another, and with users’ OPs, via
TLS connections with ephemeral keys.Traffic passes along these
connections in fixed-size cells
• All data is sent in fixed size (bytes) cells
• Control cell commands:
• Padding, create, destroy
• Relay cell commands:
• Begin, data, connected, teardown, ...
8. HowTor Works? --- Node to Node Connection
• Tor implements Perfect Forward Secrecy (PFC) by using AES encryption
• In AES (Advanced Encryption Standard), a private key is generated and shared
between the two users, and from this key, session keys are generated
• Original keypairs are only used for signatures (i.e. to verify the authenticity of
messages)
10. Hidden Services
• Location-hidden services allow a server to offer aTCP service without revealing its IP address.
• Tor accommodates receiver anonymity by allowing location hidden services
• Design goals for location hidden services
• Access Control: filtering incoming requests
• Robustness: maintain a long-term pseudonymous identity
• Smear-resistance: against socially disapproved acts
• Application transparency
• Allows to access onion websites and deep web.
11. TOR: Limitations
• DNS Leakage : the client reveals the destination to the DNS server during
DNS resolution.
• End-to-end timing correlation:An attacker watching patterns of traffic at
the initiator and the responder will be able to confirm the correspondence
with high probability.
• Eavesdropping by exit nodes:Tor does not encrypt the traffic between an
exit node and the target server.Therefore a malicious exit node can observe
traffic , identify user request and can send the wrong response.
• Tor is slow: Traffic is bouncing through ORs and even on volunteers'
computers in various parts of the world.This may cause some bottleneck
and network latency.
12. APPLICATIONS OF ANONYMOUS SYSTEMS (TOR)
• Privacy and security for Ordinary Internet Users: it allows people to
communicate with each other without necessarily revealing their personal network
identification and without being tracked by others.
• Censorship resistance: Tor provide a strong foundation for censorship resistance
for people living under oppressive regimes that try to limit what their citizens can
say and do on the Internet.
• Corporate /Business : Corporate or business organizations may want to keep their
data and transactions secure and secret from opponents who are regularly
monitoring their activaties . Anonymous systems can then be used to achieve
untracebility .
13. Licit and illicit uses
• Tor is increasingly in common use by victims of domestic violence and
the social workers and agencies which assist them
• A growing list of news organizations are using the SecureDrop software
platform to accept material for publication in a manner intended to protect
the anonymity of sources.
• It is endorsed by civil liberties groups as a method for whistleblowers and
human rights workers to communicate with journalists
14. Licit and illicit uses (Contd.)
• Tor is used for matters that are, or may be, illegal in some countries, e.g., to
gain access to censored information, to organize political activities, or to
circumvent laws against criticism of heads of state.
• Tor can be used for anonymous defamation, unauthorized leaks of sensitive
information and copyright infringement, distribution of illegal sexual
content, selling controlled substances, money laundering, credit card fraud,
and identity theft.
• Ironically,Tor has been used by criminal enterprises, hacktivism groups, and
law enforcement agencies at cross purposes, sometimes simultaneously
15. Dangers of usingTor Network
• "The more you hide the more somebody wants to know why.“
• While the inter-relay communications might be secure, the entry and exit nodes are
vulnerable to packet sniffing and
• The exit node decrypts the packet it received from its sibling on the chain of nodes
and receives your full plaintext request.This can be easily seen by the operator of
the exit node.
• Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced to
your IP
• Anyone usingTOR network is on the NSA watch list under the Xkeyscore program.
17. CONCLUSION
• Researches in the last 30 years has made significant progress towards
enabling private and anonymous communication on the Internet. With an
increasing level of public awareness about threats to personal privacy, such
as identity theft or online advertisers tracking user behavior, academic and
public interest in anonymous communication systems is likely to continue to
increase in the near future.As a result public and academic interest in
improving existing systems for anonymity is also increasing.This may
enable and encourage future global network design to include privacy and
anonymity as fundamental property.
18. References
• https://www.torproject.org/
• https://en.wikipedia.org/wiki/Tor_(anonymity_network)
• McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno,Tadayoshi; Sicker, Douglas
(2008)."Shining Light in Dark Places: Understanding theTor Network". Proceedings of the 8th
International Symposium on Privacy EnhancingTechnologies. 8th International Symposium on
Privacy EnhancingTechnologies. Berlin, Germany: Springer-Verlag. pp. 63–76.
• "Tor Project Form 990 2008". Tor Project.Tor Project. 2009. Retrieved 30August 2014.
• "Tor Project Form 990 2007". Tor Project.Tor Project. 2008. Retrieved 30 August 2014.
• "Tor Project Form 990 2009". Tor Project.Tor Project. 2010. Retrieved 30 August 2014.
• Samson,Ted (5 August 2013). "Tor Browser Bundle forWindows users susceptible to info-
stealing attack". InfoWorld.
• Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project.
• Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia,
Claude; Legout, Arnaud; Dabbous,Walid (March 2011). "One Bad Apple Spoils the Bunch:
Exploiting P2P Applications toTrace and ProfileTor Users". 4th USENIX Workshop on Large-
Scale Exploits and EmergentThreats (LEET '11). National Institute for Research in Computer
Science and Control.